Yesterday details about a new locally and remotely exploitable vulnerability in Exim (CVE-2019-10149) was published by Qualys. The vulnerability is critical: it allows a local user to easily run commands as root due to an issue in the deliver message code – a local user apparently can just send an e-mail to the address ${run{…}@localhost (where localhost is one of Exim’s local domains) and get the command executed as root. According to Qualys, it is possible to exploit the vulnerability remotely as well – but there is a caveat (which I really like): “To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes).” While the details about exploitation have been removed from the initial advisory, the full advisory should be published soon. If we see any exploitation attempts, we’ll update the diary – so far it looks quiet, so use that time to patch your systems! I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Cyber Security East: March 2021 |
Bojan 393 Posts ISC Handler Jun 6th 2019 |
Thread locked Subscribe |
Jun 6th 2019 1 year ago |
Sign Up for Free or Log In to start participating in the conversation!