This blog post was co-authored by Kwan Lin and Greg Wiseman.
What is Exim?
Exim is a widely used mail transfer agent (MTA) that was initially implemented for Unix-like systems, but has since been ported to other platforms like Microsoft Windows. It often functions as the backbone to email delivery systems and is responsible for keeping as much as 60% of email servers happily processing ~spam~ email.
Background on the Exim vulnerabilities
On Sept. 27, 2019, CVE-2019-16928 was promulgated, indicating that all versions from 4.92.0 through 4.92.2 were vulnerable to a heap-based buffer overflow that could potentially allow for denial of service or arbitrary code execution on Exim mail servers. Exim version 4.92.3 was promptly released to remedy the identified vulnerability, and all versions prior to the latest release were deemed obsolete by the Exim project maintainers (although some operating system distributions support backporting fixes independently).
As we have observed in the past, despite urgent communications by software vendors and package maintainers, system administrators for any number of reasons tend to dawdle when implementing recommended remedies, even in the presence of viable threats.
Exim vulnerability exposure across the world
When we used Sonar to scan the internet and then applied Recog to fingerprint for Exim, we found approximately 4.75 million Exim assets, of which 72.5% were some variant of Exim 4.92.*.
Status
Version
Percentage
Count
Not
4.92*
27.5%
1,307,078
Is
4.92.*
72.5%
3,449,662
As a preliminary analysis, we took a stab at getting a sense of how many Exim 4.92.* systems were identifiable on the internet on a state-level basis to gain a sense of the ..
Support the originator by clicking the read the rest link below.
: Global Exposure Details and Remediation Advice){kind=link}