EXIM has some issues

Forum for things that doesn't really have anything to do with hMailServer. Such as php.ini, beer, etc etc.
Post Reply
User avatar
mattg
Moderator
Moderator
Posts: 22390
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

EXIM has some issues

Post by mattg » 2023-10-03 00:46

A number of Zero day exploits that have not been addressed in over a year have been made public.

https://www.zerodayinitiative.com/advis ... I-23-1469/

Reported to vendor in June 2022 apparently.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
Top
palinka
Senior user
Senior user
Posts: 4359
Joined: 2017-09-12 17:57

Re: EXIM has some issues

Post by palinka » 2023-10-03 07:30

I'll play it safe and stick with hmailserver.
Top
User avatar
Dravion
Senior user
Senior user
Posts: 2060
Joined: 2015-09-26 11:50
Location: Germany
Contact:
Contact Dravion

Re: EXIM has some issues

Post by Dravion » 2023-10-03 09:48

mattg wrote:
2023-10-03 00:46
 A number of Zero day exploits that have not been addressed in over a year have been made public.

https://www.zerodayinitiative.com/advis ... I-23-1469/

Reported to vendor in June 2022 apparently.
This is really Dangerous, it's a RCE Bug (Remote Code Execution). A Attacker can use a peace of Assembly code (a so called exploit) and target this bug by simply using a script (for example a python script) to connect to Exim.on port 25 and execute the exploit within the Exim process (which runs under root/ Super user permissions).

This can be used to takeover the entire Machine with Operating System Superuser permissions. A Attacker can do anything, delete files, modify anything, install new software or install a crypto miner to generate bitcoins or use the box as zombie bot for DDOS Attacks, can modify or delete legit user accounts, steal all the Emails plus Attachements etc. it''s a real Sysadmin Nightmare.
Top
User avatar
SorenR
Senior user
Senior user
Posts: 6126
Joined: 2006-08-21 15:38
Location: Denmark

Re: EXIM has some issues

Post by SorenR » 2023-10-03 12:38

Dravion wrote:
2023-10-03 09:48
mattg wrote:
2023-10-03 00:46
 A number of Zero day exploits that have not been addressed in over a year have been made public.

https://www.zerodayinitiative.com/advis ... I-23-1469/

Reported to vendor in June 2022 apparently.
This is really Dangerous, it's a RCE Bug (Remote Code Execution). A Attacker can use a peace of Assembly code (a so called exploit) and target this bug by simply using a script (for example a python script) to connect to Exim.on port 25 and execute the exploit within the Exim process (which runs under root/ Super user permissions).

This can be used to takeover the entire Machine with Operating System Superuser permissions. A Attacker can do anything, delete files, modify anything, install new software or install a crypto miner to generate bitcoins or use the box as zombie bot for DDOS Attacks, can modify or delete legit user accounts, steal all the Emails plus Attachements etc. it''s a real Sysadmin Nightmare.
So the moral of the story is; Run hMailServer under a low-privilege account.
SørenR.

To understand recursion, you must first understand recursion.
Top
User avatar
Bob.Dig
Normal user
Normal user
Posts: 142
Joined: 2020-06-29 09:18
Location: Germany

Re: EXIM has some issues

Post by Bob.Dig » 2023-10-06 21:46

SorenR wrote:
2023-10-03 12:38
 So the moral of the story is; Run hMailServer under a low-privilege account.
Doesn't it run as system or something like that? I don't care anymore because for me it is not facing the internet, it is only in the back-end.
Top
Post Reply

Return to “Off-topic discussions”