The Exim mail transfer agent (MTA) is impacted by a critical vulnerability that may allow local or unauthenticated remote attackers to execute programs with root privileges on the underlying system.
About Exim
Exim is the most widely used MTA today and is deployed on over half of all Internet-facing mail servers.
It’s efficient, highly configurable, bundled with most Unix-like systems – and free.
About the vulnerability
CVE-2019-15846 affects Exim versions 4.80 to (and including) 4.92.1. A server will be vulnerable only if it accepts TLS connection.
Exim installations do not come with TLS support enabled by default, but those that are bundled with the various Linux distributions do.
CVE-2019-15846 is exploitable by sending a SNI ending in a backslash-null sequence duri ..
Support the originator by clicking the read the rest link below.
