Multiple critical vulnerabilities have been discovered in the Exim email server software by the Qualys Research Team. Some of these flaws can be chained together to achieve full remote unauthenticated code execution and root privileges.
Exim is a widely used mail transfer agent (MTA) that even comes pre-installed on some Linux distributions. It is estimated that roughly 60% of Internet mail servers run Exim.
The wide availability of Mail Transfer Agents over the Internet makes them an attractive target for hackers. Once an MTA is accessed, sensitive settings on the mail servers can be altered and hence, permit the creation of new accounts on the target servers.
The bugs, dubbed ’21Nails,’ include 11 vulnerabilities that require local access to the server and ten others that can be exploited remotely. Qualys discovered the problems and le…