A code audit of Exim, a widely used mail transfer agent, has revealed 21 previously unknown vulnerabilities, some of which can be chained together to achieve unauthenticated remote code execution on the Exim Server.
They have all been fixed in Exim v4.94.2, and the software maintainers advise users to update their instances as soon as possible, as all versions of Exim previous to version 4.94.2 are now obsolete.
“Several distros will provide updated packages: Just do the update,” Exim developer Heiko Schlittermann recommended.
The discovered vulnerabilities
In fall 2020, Qualys researcher did a thorough code audit of Exim and discovered 21 exploitable vulnerabilities (collectively dubbed “21Nails”), most of which affect all versions of the software.
Ten of these can be exploited remotely and some of them can allow attacker ..
Support the originator by clicking the read the rest link below.
