Newly discovered RCE vulnerability in Exim impacts nearly half of the email servers

Cyware Labs
Jun 6 · 2 min read
  • The dangerous vulnerability exists in email servers that run Exim versions from 4.87 to 4.91.
  • The vulnerability has been identified as CVE-2019–10149.

A critical remote command execution vulnerability has been found impacting nearly half of the email’s servers. The vulnerability resides in Exim, a mail transfer agent that helps email servers to relay emails from senders to recipients.

What’s the matter?

According to security researchers from Qualys, it has been found the dangerous vulnerability exists in email servers that run Exim versions from 4.87 to 4.91.

The vulnerability has been identified as CVE-2019–10149 and can let an attacker run malicious commands on the Exim server as root. Researchers note that the vulnerability can be instantly exploited a local attacker even with low-privileged access to the email server.

“To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes),” said researchers, ZDNet reported.

“However, because of the extreme complexity of Exim’s code, we cannot guarantee that this exploitation method is unique; faster methods may exist,” researchers added.

How to stay safe?

Users are advised to deploy Exim 4.92 to address the vulnerability. The version can help users to avoid their servers being taken over by attackers.

The bottom line

The researchers have referred the vulnerability as the ‘Return of the WIZard’ as it resembles the ancient WIZ and DEBUG vulnerabilities that impacted the Sendmail email server back in the 90s.


Originally published at cyware.com on June 6, 2019.

Cyware Labs

Cyware Labs is a product-based cybersecurity provider from New York, USA. Our products enable organizations to develop proactive cyber defense capabilities, effectively leverage cyber threat intelligence, and quickly respond to threats with security orchestration and automation.

Cyware Labs

Written by

We are a product-based #cybersecurity provider with leading solutions to strengthen #SituationalAwareness, #ThreatIntelligence, #CyberFusion and #ThreatResponse

Cyware Labs

Cyware Labs is a product-based cybersecurity provider from New York, USA. Our products enable organizations to develop proactive cyber defense capabilities, effectively leverage cyber threat intelligence, and quickly respond to threats with security orchestration and automation.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade