Collaborate Disseminate
Six zero-days in Exim, the most widely used mail transfer agent (MTA), have been revealed by Trend Micro’s Zero Day Initiative (ZDI) last Wednesday. Due to what seems to be insufficient information and poor communication, fixes for only three of … Continue reading Critical zero-days in Exim revealed, only 3 have been fixed
Patches are being developed for serious Exim vulnerabilities that could expose many mail servers to attacks.
The post Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks appeared first on SecurityWeek.
Continue reading Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
I learned a new acronym while reading about a set of flaws in the Dell BIOS update system. Because Dell has patched their driver, but hasn’t yet revoked the signing …read more Continue reading This Week in Security: BYOVD, Spectre Vx, More Octal Headaches, and ExifTool
A code audit of Exim, a widely used mail transfer agent, has revealed 21 previously unknown vulnerabilities, some of which can be chained together to achieve unauthenticated remote code execution on the Exim Server. They have all been fixed in Exim v4…. Continue reading 21 vulnerabilities found in Exim, update your instances ASAP!
Researchers have found 21 unique vulnerabilities in Exim, a popular mail transfer agent, some of which would allow hackers to run full remote unauthenticated code execution against targets, the Qualys Research Team announced Tuesday. If used properly, attackers could execute commands to install programs, manipulate data, create new accounts or change settings on the mail servers, according to the research. CVE-2020-28017, one of the vulnerabilities, dates as far back as 2004, according to the findings. Qualys and Exim recommend users apply the patches immediately. The Exim Mail Transfer Agent (MTA) vulnerabilities, which Qualys is referring to collectively as 21Nails, affect all versions before Exim-4.94.1. Ten of the flaws can be executed to gain root privileges, while 11 of them can be used to exploit victim systems locally. Hackers could link several of the vulnerabilities together in an attack to run full remote unauthenticated code execution against vulnerable mail servers, Qualys […]
The post Qualys researchers uncover 21 bugs in Exim mail servers appeared first on CyberScoop.
Continue reading Qualys researchers uncover 21 bugs in Exim mail servers
So first off, remember the Unc0ver vulnerability/jailbreak from last week? In the 13.5.1 iOS release, the underlying flaw was fixed, closing the jailbreak. If you intend to jailbreak your iOS device, make sure not to install this update. That said, the normal warning applies: Be very careful about running out-of-date …read more
Continue reading This Week in Security: Exim, Apple Sign-in, Cursed Wallpaper, and Nuclear Secrets
The Russian state is breaking into companies, exploiting a vulnerability in an open-source email server.
The post NSA: Russia Hacking U.S. Firms, via Old Exim Flaw appeared first on Security Boulevard.
Continue reading NSA: Russia Hacking U.S. Firms, via Old Exim Flaw
The Russian spy group, a.k.a. BlackEnergy, is actively compromising Exim mail servers via a critical security vulnerability. Continue reading NSA Warns of Sandworm Backdoor Attacks on Mail Servers
The Russian APT group Sandworm has been exploiting a critical Exim flaw (CVE-2019-10149) to compromise mail servers since August 2019, the NSA has warned in a security advisory published on Thursday. “When CVE-2019-10149 is successfully exploited… Continue reading NSA warns about Sandworm APT exploiting Exim flaw
The 2019 CWE Top 25 Most Dangerous Software Errors lists improper restriction of operations within the bounds of a memory buffer as the most critical weakness that leads to a dangerous vulnerability. According to CWE by MITRE: “These weaknesses are of… Continue reading 5 Buffer Overflow Vulnerabilities in Popular Apps