A new RCE vulnerability has been discovered by security research company Qualys and it is said to impact over half of the Internet's email servers. While RCE is usually understood as Remote Code Execution, here, it stands for Remote Command Execution and as its nature implies, the new vulnerability enables a local or remote attacker to run commands on the Exim server as admin. Exim is a Mail Transfer Agent (MTA) software, which runs on email servers to pass on emails from senders to recipients. As noted by ZDNet, a survey conducted in June 2019 reports that Exim is used by about 57 percent of all email servers and the security report by Qualys mentions that the flaw affects Exim installations running versions 4.87 to 4.91.
As per the report, the RCE exploit can be abused instantly by a local attacker and also a remote attacker in some non-default configurations. “To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes),” states Qualys’ Security Advisory to Linux distro maintainers. The flaw was recently discovered by the research team while conducting a code review of the latest changes in the Exim mail server and the firm is advising companies that rely on Exim to update to it to the latest 4.92 version, which is not affected by the RCE vulnerability.
Currently tracked under the identifier CVE-2019-10149, the new RCE flaw is called "Return of the WIZard" since it resembles the ancient WIZ and DEBUG vulnerabilities that impacted the Sendmail email server back in the 90s.
New flaws and vulnerabilities keep popping up but thanks to security researchers who responsibly notify companies, users are mostly shielded from malicious attacks. However, this is not the case every time. A new Windows 10 zero-day vulnerability was recently outed online with a proof of concept video. A zero-day flaw is a vulnerability for which developers have no patch ready and attackers can exploit to for their nefarious intents. The new flaw pertains to local privilege escalation (LPE) and if an intruder finds a way to get into your system, this flaw can be used to gain access over a complete system. You can read more about this exploit here.
from Latest Technology News http://bit.ly/2MvgPEA
No comments:
Post a Comment