A critical vulnerability affects hundreds of thousands of email servers. A fix has been released but this flaw affects more than half of the Internet's email servers, and patching the issue will take weeks if not months.
The bug is a vulnerability in
Exim, a mail transfer agent (MTA) —software that runs on email servers and which relays emails from senders to recipients.
According to a survey conducted in March 2017,
56% of all of the Internet's email servers run Exim, with over 560,000 available online at the time.
Another more recent report puts that number in the millions.
The bug allows for remote code execution
A Taiwanese security researcher named Meh Chang discovered the bug, which he reported to the Exim crew on February 2. The Exim team released Exim distribution 4.90.1 on February 10 that fixes the RCE issue.
The bug —tracked as CVE-2018-6789— is categorized as a "pre-auth remote code execution," meaning an attacker could trick the Exim email server into running malicious commands before the attacker would need to authenticate on the server.
The actual bug is a one-byte buffer overflow in the base64 decode function of Exim and affects all Exim versions ever released.
Chang described the bug in a
blog post released earlier today, detailing basic steps for exploiting Exim's SMTP daemon.
.....................
.....................
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
