SoylentNews is people
SoylentNews
Submitted via IRC for AnonymousLuser
New RCE vulnerability impacts nearly half of the internet's email servers
A critical remote command execution (RCE) security flaw impacts over half of the Internet's email servers, security researchers from Qualys have revealed today.
The vulnerability affects Exim, a mail transfer agent (MTA), which is software that runs on email servers to relay emails from senders to recipients.
According to a June 2019 survey of all mail servers visible on the Internet, 57% (507,389) of all email servers run Exim -- although different reports would put the number of Exim installations at ten times that number, at 5.4 million.
In a security alert shared with ZDNet earlier today, Qualys, a cyber-security firm specialized in cloud security and compliance, said it found a very dangerous vulnerability in Exim installations running versions 4.87 to 4.91.
The vulnerability is described as a remote command execution -- different, but just as dangerous as a remote code execution flaw -- that lets a local or remote attacker run commands on the Exim server as root.
Qualys said the vulnerability can be exploited instantly by a local attacker that has a presence on an email server, even with a low-privileged account.
But the real danger comes from remote hackers exploiting the vulnerability, who can scan the internet for vulnerable servers, and take over systems.
"To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes)," researchers said.
"However, because of the extreme complexity of Exim's code, we cannot guarantee that this exploitation method is unique; faster methods may exist."
Furthermore, the Qualys team says that when Exim is in certain non-default configurations, instant exploitation is also possible in remote scenarios.
(Score: 3, Interesting) by TheRaven on Monday June 10 2019, @05:28PM (3 children)
sudo mod me up
(Score: 1) by maggotbrain on Monday June 10 2019, @06:04PM
You might want to take a look at the apt-listbugs package https://packages.debian.org/sid/apt-listbugs [debian.org].
"apt-listbugs is a tool which retrieves bug reports from the Debian Bug Tracking System and lists them. Especially, it is intended to be invoked before each installation/upgrade by APT in order to check whether the installation/upgrade is safe."
I see it being used on my Debian buster system; but, it does not appear available in my Mint 19.1 repos.
(Score: 1, Informative) by Anonymous Coward on Monday June 10 2019, @08:46PM
The official Debian tool is the DEBian SECurity ANalyzer, with the somewhat poorly named package "debsecan" in the repos. It does depend on Python (2 or 3 depending on your release) and recommends Exim (so if you don't want Exim, then "--no-install-recommends" is highly recommended).
(Score: 0) by Anonymous Coward on Tuesday June 11 2019, @12:43AM
Yes, debsecan does this.