Researchers at security company Qualys discovered 21 vulnerabilities in Exim, a popular mail server, which can be chained to obtain “a full remote unauthenticated code execution and gain root privileges on the Exim Server.”.
Exim is a mail transfer agent (MTA), responsible for receiving and forwarding email messages. It runs primarily on Unix or Linux and is also the main MTA used on cPanel.
According to one recent survey nearly 60 per cent of mail servers visible on the internet use Exim.
The Qualys researchers have now reported on 21 critical vulnerabilities discovered via a code audit, 10 of which can be exploited remotely.
Successful exploitation of these vulnerabilities would allow a remote attacker to gain full root privileges on the target server and execute commands to install programs, modify data, and create new accounts.
All versions before Exim-4.94.2 are vulnerable, and security updates were released for the vulnerabilities on 04/05/2021.
We would strongly advise all clients running exim to apply the updates for this as soon as possible.
For customers running cPanel, as long as you have applied all updates available, this should then be using the latest version of Exim that is not vulnerable.