This flaw in EXIM email servers leaves millions of users at risk of being hacked by allowing attackers to execute critical commands.
If you are not familiar with the term then you might be wondering what EXIM is? Allow me to explain, EXIM is an open source MTA or mail transfer agent that is responsible for receiving, routing and delivering email messages. This unique source was developed at the University of Cambridge for the use of UNIX systems; is said to feature more straightforward configuration and task management. EXIM includes user options for defense against mail bombs and unsolicited junk mail: users can set options to refuse messages from particular senders, hosts, or networks. EXIM can be run on any TCP/IP network, in conjunction with any combination of host and user software, and is the default MTA included on some LINUX systems. In the last few days millions of EXIM servers have been exposed to Cyber-threats; it is said that all servers running 4.92.1 version may be affected. This security breach tracked as CVE-2019-15846 allows intruders to gain root-level access to the system; this is the second time in three month that EXIM has experience flaws. Basically, when the Exim server is configured to accept TLS connections, hackers can send a backslash-null sequence attached to the end of an SNI package during the initial TLS handshake. This can enable hackers to run malicious codes and obtain root-level access to the system. Experts explained that in order to remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days. It is necessary to transmit one byte every few minutes; however, the experts cannot guarantee that this exploitation method is unique. EXIM team learned about this breach in July and quickly release an update version 4.92.2 with the security patch.