• About us
  • Disclaimer
  • Privacy Policy
Saturday, August 20, 2022
  • Login
  • Register
W-SE (Web - SEcurity)
  • Tech today
  • Security
    • Malware
    • Top list
  • Vulnerabilities
  • How To?
    • All
    • gaming
    • Smart phone
    • smart tv
    • software
    Tips for Buying the Perfect Travel Sim Card

    Tips for Buying the Perfect Travel Sim Card

    How to Write Farewell and Appreciate Messages

    How to Write Farewell and Appreciate Messages?

    Software help business

    Reasons to Buy the Right Business Hardware

    How to Invest in NFT Art?

    Ideal Internet Speed for Online Gaming

    Ideal Internet Speed for Online Gaming

    AceThinker Online Video Editor and Pro

    AceThinker Online Video Editor and Pro

    Trending Tags

    • Web Security
    • Data Security
    • Network Security
    • Cybersecurity
  • About us
  • Disclaimer
  • Privacy Policy
  • Contact
No Result
View All Result
  • Tech today
  • Security
    • Malware
    • Top list
  • Vulnerabilities
  • How To?
    • All
    • gaming
    • Smart phone
    • smart tv
    • software
    Tips for Buying the Perfect Travel Sim Card

    Tips for Buying the Perfect Travel Sim Card

    How to Write Farewell and Appreciate Messages

    How to Write Farewell and Appreciate Messages?

    Software help business

    Reasons to Buy the Right Business Hardware

    How to Invest in NFT Art?

    Ideal Internet Speed for Online Gaming

    Ideal Internet Speed for Online Gaming

    AceThinker Online Video Editor and Pro

    AceThinker Online Video Editor and Pro

    Trending Tags

    • Web Security
    • Data Security
    • Network Security
    • Cybersecurity
  • About us
  • Disclaimer
  • Privacy Policy
  • Contact
No Result
View All Result
W-SE (Web - SEcurity)
No Result
View All Result
Home Malware

New Exim vulnerability Exhibits DoS servers, RCE risks

Melina Richardson by Melina Richardson
in Malware, Security, Vulnerabilities
A A

A fresh critical vulnerability was patched to avoid denial of service (DoS) or potentially remote code implementation assaults in the Exim mail transfer agent (MTA) software.

The CVE-2019-16928 safety bug that was reported by QAX-A-TEAM has also been corrected today in Exim version 4.92.3, and affects all versions from 4.92 up to (and including) 4.92.2.

“There is a heap-based buffer overflow in string_vformat (string.c). The currently known exploit uses a extraordinary long EHLO string to crash the Exim process that is receiving the message,” says the security advisory.

“While at this mode of operation Exim already dropped its privileges, other paths to reach the vulnerable code may exist” and “remote code execution seems to be possible,” adds Exim’s security team.

There is no other known mitigation according to the safety advisory for this safety error apart from updating all susceptible Exim servers.

This is the second critical Exim bug patched this month from another bug — tracked as CVE-2019-15846—affecting versions 4.80 to and including 4.92.1 enabled possible local or non-authenticated remote attackers to run programs that accept TLS contacts with their root privileges.

Servers that are vulnerable to assaults

According to an E-Soft Inc mail server study, Exim is now the most used MX server installed on more than 57 percent of the 1.740.809 mail servers accessible via the internet which represents just over 507.000 Exim servers.

The Shodan report estimates that the server count is approximately 5 million; over 3,300,000 servers use Exim 4.92, 46,000 servers are 4,92.1, and approximately 166,000 servers are 4.92.2.

What is crucial is that, if not patched urgently against CVE-2019-16928 and CVE-2019-15846, hundreds of thousands— if not millions of servers— are presently subjected to service denial (possibility of remote code implementation) and remote command implementation attacks.

Exim servers(1)

Previous assaults by Exim

A fault tracked as CVE-2019-13917 was patched in July with 4.92.1, which would allow local or remote attackers to run root privileged programs on uncommon servers.

Another safety problem identified in early June as CVE-2019-10149 enables hackers to remotely access MX servers operating from Exim 4.87 to 4.91 in some non-default settings, while local attackers could operate all the servers.

One week later, attackers began to scan and attack vulnerable Exim servers, which gain continuous root access via SSH, immediately after about 70% of all Exim servers were patched in the CVE-2019-10149 defect, as found by RiskIQ Threat Researcher Yonathan Klijnsma.

Exim update timeline

CVE-2019-10149 patch timeline (RiskIQ)

Microsoft also released a malware alert on Linux worm on 17 June, which is actively targeted at sensitive Exim variants of Azure Linux VMs.

“If you cannot install the above versions, ask your backported fix package maintainer for a variant,” tells the Security Team of Exim in today’s advisory.

“We will assist you with backporting the fix on request and depending on our resources (note that the Exim project formally does not support the versions prior to the present stable version).”

Tags: Microsoft
ShareTweetShare
Previous Post

How to enable Cloudflare’s vBulletin CVE-2019-16759 protection

Next Post

Over 170,000 Users Data up for Grabs After Comodo Forums Breached

Melina Richardson

Melina Richardson

Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards & w-se. Previously, he worked as a security news reporter.

Next Post
Passwordless Authentication

Over 170,000 Users Data up for Grabs After Comodo Forums Breached

Please login to join discussion

Free Online Tools

Article Rewriter Pro
Grammar Checker Pro
Plagiarism Checker
Online Ping Website Tool
Website Screenshot Generator
Website Source Code Finder

Free A To Z IT Tools Online

Free IT Tools Online
  • Trending
  • Comments
  • Latest
inurl technology

Latest Carding Dorks List for Sql Injection 2022

March 16, 2022
connect monitor to laptop two screens

How To Connect A Monitor To A Laptop And Use Both Screens?

February 10, 2021
how to connect two monitors to my laptop

How Do I Connect 2 Monitors To My Lenovo Laptop?

January 22, 2021
Gb Whatsapp An Unexpected Error

Gb Whatsapp An Unexpected Error

November 7, 2021
Windows Flaw

If Older Battleye software is used, Windows 10 1903 Blocked

0
Mac Os

New unpatched macOS bypass gatekeeper published online

0
Siemens Medical Products

Wormable Windows Flaw Affected Siemens Medical Products

0
Cloud Computing

5 Tips of the Personal Data Protection in the Cloud

0
Tips for Buying the Perfect Travel Sim Card

Tips for Buying the Perfect Travel Sim Card

August 5, 2022
How to Write Farewell and Appreciate Messages

How to Write Farewell and Appreciate Messages?

August 5, 2022
Cyber Security Degree In Pennsylvania

Ways Block Chain Affect Web Security in 2022

August 5, 2022

10 Tips on How to Improve your Software Development Skills

July 19, 2022

Quick Links

Learnopedia
Tech Write For US
Technology Write For US
Casino Write For Us
Mr.Perfect Reviews
Cyber Security Career

Recent News

Tips for Buying the Perfect Travel Sim Card

Tips for Buying the Perfect Travel Sim Card

August 5, 2022
How to Write Farewell and Appreciate Messages

How to Write Farewell and Appreciate Messages?

August 5, 2022
Cyber Security Degree In Pennsylvania

Ways Block Chain Affect Web Security in 2022

August 5, 2022

10 Tips on How to Improve your Software Development Skills

July 19, 2022
W-SE (Web – SEcurity)

W-SE regularly updates cyber attacks, hacking and events that provide IT security professionals with information throughout the world. Also offering news in W-SE. We spent two years living and sharing guidance and insights with IT experts, detailed analyzes and news.

We also train people with product reviews in different form of content.

Browse by Category

  • computer
  • Fraud & Identity
  • gaming
  • How To?
  • laptop
  • Malware
  • Microsoft
  • Mobile
  • photography
  • Privacy
  • Reviews
  • Security
  • Security Degree
  • Smart phone
  • smart tv
  • Social
  • software
  • Tech
  • Tech today
  • Top list
  • Uncategorized
  • Virus & Threats
  • Vulnerabilities
  • Website
  • What is?

Recent News

Tips for Buying the Perfect Travel Sim Card

Tips for Buying the Perfect Travel Sim Card

August 5, 2022
How to Write Farewell and Appreciate Messages

How to Write Farewell and Appreciate Messages?

August 5, 2022
  • About us
  • Contact
  • Disclaimer
  • Home
  • Privacy Policy
  • Resources
  • Support Forum
  • Tech Blog
  • Technology Write For Us
  • W-SE (Web Security)

© 2020 w-se.com - Powered by Fix Hacked Website, Cyber Special , SSL Authority Reviews Powered by Mr.Perfect Reviews.

No Result
View All Result
  • Tech today
  • Security
    • Malware
    • Top list
  • Vulnerabilities
  • How To?
  • About us
  • Disclaimer
  • Privacy Policy
  • Contact

© 2020 w-se.com - Powered by Fix Hacked Website, Cyber Special , SSL Authority Reviews Powered by Mr.Perfect Reviews.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In