An Interest In:
Web News this Week
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
- April 19, 2024
- April 18, 2024
- April 17, 2024
Some of Our Sources
- Technology Review
- The Logo Smith
- Smashing Magazine
- Six Revisions
- TutsPlus - Design
- Fuel Your Creativity
- CSS Globe
- Specky Boy
- Android Headlines
- Hashedout
Help Webnuz
Referal links:
June 6, 2019 01:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/MZSxdRpMu6w/new-rce-vulnerability-impacts-nearly-half-of-the-internets-email-servers
New RCE Vulnerability Impacts Nearly Half of the Internet's Email Servers
An anonymous reader quotes a report from ZDNet: A critical remote command execution (RCE) security flaw impacts over half of the Internet's email servers, security researchers from Qualys have revealed today. The vulnerability affects Exim, a mail transfer agent (MTA), which is software that runs on email servers to relay emails from senders to recipients. According to a June 2019 survey of all mail servers visible on the Internet, 57% (507,389) of all email servers run Exim -- although different reports would put the number of Exim installations at ten times that number, at 5.4 million. In a security alert shared with ZDNet earlier today, Qualys, a cyber-security firm specialized in cloud security and compliance, said it found a very dangerous vulnerability in Exim installations running versions 4.87 to 4.91. The vulnerability is described as a remote command execution -- different, but just as dangerous as a remote code execution flaw -- that lets a local or remote attacker run commands on the Exim server as root. Qualys said the vulnerability can be exploited instantly by a local attacker that has a presence on an email server, even with a low-privileged account. lBut the real danger comes from remote hackers exploiting the vulnerability, who can scan the internet for vulnerable servers, and take over systems. The vulnerability was patched with Exim 4.92, on February 10, 2019, "but at the time the Exim team released v4.92, they didn't know they fixed a major security hole," reports ZDNet. "This was only recently discovered by the Qualys team while auditing older Exim versions. Now, Qualys researchers are warning Exim users to update to the 4.92 version to avoid having their servers taken over by attackers."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/MZSxdRpMu6w/new-rce-vulnerability-impacts-nearly-half-of-the-internets-email-servers
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot