The Qualys Research Team has discovered multiple critical vulnerabilities in the popular Exim mail server, which they have named 21Nails. Some of these flaws can be chained together to obtain full remote unauthenticated code execution and gain root privileges. With 60 percent of the world’s public email servers worldwide running on Exim, this set of flaws represents a serious threat to many organizations.

Qualys submitted this information to our team yesterday to share with the LinuxSecurity community and offer advice on how to secure Linux systems against this dangerous set of bugs. Patches are now available for the 21Nails vulnerabilities, and security teams should apply these updates as soon as possible prevent dangerous remote code exectuion (RCE) and privilege escalation exploits. Bharat Jogi, Senior manager of Vulnerability and Threat Research at Qualys, explained to LinuxSecurity researchers, "Exim Mail Servers are used so widely and handle such a large volume of the internet's traffic that they are often a key target for hackers. The 21 vulnerabilities we found are critical as attackers can remotely exploit them to gain complete root privileges on an Exim system - allowing compromises such as a remote attacker gaining full root privileges on the target server and executing commands to install programs, modify data, create new accounts, and change sensitive settings on the mail servers. It's imperative that users apply patches immediately." 

Jogi also offered a broader perspective on the state of Exim mail server security, "This is not the first time Qualys Researchers have identified serious vulnerabilities in Exim Server. Qualys Researchers identified a vulnerability in the Exim server named "RETURN OF THE WIZARD - CVE-2019-10149" in June 2019. This was later exploited by threat actors and NSA had released advisories to warn users of it being exploited by Russian advanced persistent threat (APT) group Sandworm."

Have additional questions about 21Nails and how you can secure your Exim mail server against this set of dangerous vulnerabilities and other similar threats? Our experts would be happy to help you out!

Connect with us on social media:

Twitter | Facebook | LinkedIn