Linux Exim Critical Flaw

A set of dangerous vulnerabilities have been discovered in the Exim mail server. Remote code execution, privilege escalation to root and lateral movement through a victim’s environment are all on offer for the unpatched or unaware.

A veritable cornucopia of security vulnerabilities in the Exim mail server have been uncovered, some of which could be chained together for unauthenticated remote code execution (RCE), gaining root privileges and worm-style lateral movement, according to researchers.

The Qualys Research Team has discovered a whopping 21 bugs in the popular mail transfer agent (MTA), which was built to send and receive email on major Unix-like operating systems. It comes pre-installed on Linux distributions such as Debian, for instance.