Attackers are already exploiting a bug in the Exim mailer to remotely execute code on compromised Linux machines, according to a pair of Linux security advisories. Posted on US-Cert as Vulnerability Note VU #682457, the bug exists in Exim mail server software prior to version 4.70. Affected systems include Debian Linux, Novell's SUSE Linux, and Canonical's Ubuntu Linux.
Exim is a mail transfer agent popularly used on Unix-based machines.

"The internal string handling functions of the Exim software contain a function called string_format(). The version of this function included with Exim versions prior to 4.70 contains a flaw that can result in a buffer overflow. An attacker can exploit this vulnerability by crafting message headers that are subsequently supplied to Exim logging functions," wrote Chad Dougherty on the US-CERT list.

When a rootkit is installed on a machine running the older version of Exim, the malware creates a number of temporary files, including a small C program. An attacker can remotely compile the program. When executed, it runs using Exim server's privileges.

While bad, it's not as bad as running as root, except for the fact there is yet another Exim bug.

The link for this article located at eWeek SecurityWatch is no longer available.