June 14, 2021

Debian and Red Hat close Exim hole

Four days after a security hole was discovered in the free Exim mail server, the developers of Debian and Red Hat have released corrected versions for their Linux distributions. While the Exim version provided by Red Hat blocks root access, Debian’s new Exim contains fixes for a memory flaw that allows code to be executed with Exim user rights.

Read the full story here.


Possible Remote Root Vulnerability in Exim Internet Mailer

According to a post by Sergey Kononenko at Exim developer mailing list, there is a possibility of remote root attack against Exim Internet Mailer in Debian package.

The possible vulnerability was in Exim from Debian Lenny (exim4-daemon-light 4.69-9) but other versions might be vulnerable. An attacker could exploit this vulnerability to gain control of a mail server.

More information is available here.