Update released for critical vulnerabilities in Exim

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates to be notified as soon as we publish an advisory.

2:15pm, 5 May 2021

TLP Rating: Clear

Update released for critical vulnerabilities in Exim

Qualys has discovered and released a detailed security advisory about 21 vulnerabilities in Exim. These are a combination of Remote Code Execution (RCE), both authenticated and unauthenticated, and privilege escalation. An attacker could exploit a combination of these to gain root access on vulnerable Exim servers.

CERT NZ recommends all Exim users upgrade to 4.94.2, or the fixed version from your upstream package repository.

What's happening

Systems affected

Exim versions before 4.94.2

For a full list of vulnerabilities and affected versions, you can read the Qualys Security Advisory. External Link

What this means

An attacker could gain root access on vulnerable mail servers by exploiting unauthenticated RCE, and a privilege escalation vulnerability. This level of access can lead to data exfiltration and further network compromise.

What to look for

How to tell if you're at risk

You are at risk if you are running Exim mail servers older than 4.94.2. Some Linux distributions will backport security fixes to older versions, check the release notes relevant to your systems.

What to do

Prevention

Upgrade to 4.94.2, or apply patches from your distribution that fix this issue.

More information

Qualys Security Advisory about these vulnerabilities.  External Link

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ

For media enquiries, email our media desk at certmedia@cert.govt.nz or call on 021 854 384