Hackers have been recently targeting at least two vulnerabilities on unpatched Exim email systems. Exim has already released two updates in September that fixes each of the flaws.
Back in June, attackers were able to exploit an Exim vulnerability CVE-2019-10149 and execute arbitrary commands and also exploit the flaw remotely in certain “non-default configurations.”
At that time, researchers from Tenable warned that nearly 4.1 million Exim servers were vulnerable to local or remote exploits. Exim is installed on over half of the public-facing mail servers on the internet.
In September, researchers discovered two additional vulnerabilities CVE-2019-15846 and CVE-2019-16928 that could allow hackers to execute remote code and compromise Exim systems. Each of these flaws are rated Critical and have a CVSS base score of 9.8.
Exim patched CVE-2019-15846 and CVE-2019-16928 on September 2nd and 27th, respectively.
Researchers from Tenable issued new research that describe how hackers could exploit CVE-2019-16928. More specifically, they describe how hackers could exploit a heap-based buffer overflow issue via EHLO strings and take control of the impacted system.
Administrators should make sure their Exim systems are updated to latest version 4.92.3 or later. Also, check out the Exim security advisory for more details.