Web and cloud operations are vulnerable due to 21 flaws in the Exim mail server.
Researchers Tuesday released a study that found 21 unique vulnerabilities in the Exim mail server, some of which can be chained together to obtain full remote unauthenticated code execution and gain root privileges.
In a blog post, the Qualys Research Team said that these vulnerabilities affect numerous organizations because an estimated 60% of internet servers run on Exim. A Shodan search executed by the research found that nearly 4 million Exim servers are exposed to the internet.
Security pros should also take note that Exim servers hosted in the cloud can be exploited, said Parag Bajaria, vice president of cloud and container security solutions at Qualys.
“There are many exploits that an attacker can run in the cloud once they have gained root privileges on the VM hosting Exim server,” Bajaria said. “Depending on where the Exim server is located there’s a further possibility of lateral movement. And if the virtual machine that hosts an Exim server has IAM permissions attached to it, then those permissions can be further exploited for data exfiltration and IAM privilege escalation.”
Exim Internet Mailer has become a popular mail transfer agent (MTA) that’s available for major Unix-like operating systems and comes pre-installed on Linux distributions such as Debian.
