Exim mail server software officials released updates today to fix a collection of 21 vulnerabilities that can allow threat actors to take control of servers using both local and remote attack vectors. The Record reports: Known as 21Nails, the vulnerabilities were discovered by security firm Qualys. The impact of bugs Exim, a type of mail server known as a mail transfer agent (MTA) that helps email traffic travel the Internet and reach its intended destinations. Although there are different MTA clients available, a April 2021 survey shows that Exim holds a market share of almost 60% among all MTA solutions, being widely adopted on the Internet. The vulnerabilities in 21Nails, if left unchecked, could allow threat actors to take control of these systems and then intercept or tamper with email communications passing through the Exim server.
As Qualys explains in its security advisory, the vulnerabilities in 21Nails are as bad as it gets. All versions of the Exim server released in the past 17 years, since 2004, the start of the project’s Git history, are affected by bugs in 21Nails. This includes 11 vulnerabilities that require local access to the server to be exploited, but also 10 bugs that can be exploited remotely on the Internet. Security experts recommend that owners of Exim servers update to Exim version 4.94 to protect their systems from attacks.
21Nails vulnerabilities impact 60% of Internet mail servers
Source link 21Nails vulnerabilities impact 60% of Internet mail servers