Newly discovered RCE vulnerability in Exim impacts nearly half of the email servers

• The dangerous vulnerability exists in email servers that run Exim versions from 4.87 to 4.91.
• The vulnerability has been identified as CVE-2019-10149.

A critical remote command execution vulnerability has been found impacting nearly half of the email’s servers. The vulnerability resides in Exim, a mail transfer agent that helps email servers to relay emails from senders to recipients.

What’s the matter?

According to security researchers from Qualys, it has been found the dangerous vulnerability exists in email servers that run Exim versions from 4.87 to 4.91.

The vulnerability has been identified as CVE-2019-10149 and can let an attacker run malicious commands on the Exim server as root. Researchers note that the vulnerability can be instantly exploited a local attacker even with low-privileged access to the email server.

"To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes),” said researchers, ZDNet reported.

"However, because of the extreme complexity of Exim's code, we cannot guarantee that this exploitation method is unique; faster methods may exist,” researchers added.

How to stay safe?

Users are advised to deploy Exim 4.92 to address the vulnerability. The version can help users to avoid their servers being taken over by attackers.

The bottom line

The researchers have referred the vulnerability as the ‘Return of the WIZard’ as it resembles the ancient WIZ and DEBUG vulnerabilities that impacted the Sendmail email server back in the 90s.