Research company Qualys has discovered a new RCE vulnerability, which is said to affect half of the email servers on the Internet. Although RCE vulnerability is usually understood as “Remote code execution”, there is an expression “Execution by the remote command”, and, as its nature implies, a new vulnerability allows a local or remote attacker to execute commands on the Exim server as an administrator.
Exim is a Mail Transfer Agent (MTA) program that works on mail servers to send emails from senders to recipients. According to ZDNet, a survey conducted in June 2019 reports that approximately 57% of all mail servers are used by Exim, and the Qualys security report mentions that a defect affects Exim installations with versions from 4.87 to 4.91.
As reported, the RCE vulnerability can be immediately used by a local attacker, as well as a remote attacker in some non-standard configurations. “In order to remotely use this vulnerability in the default configuration, an attacker must keep the connection to the vulnerable server open for 7 days (transferring a byte every few minutes),” the Qualys Security Advisory for Linux Distribution Managers says.
The flaw was recently discovered by a research team while analyzing the code for the latest changes in the Exim mail server, and the company advised companies that rely on Exim to upgrade to version 4.92, which is not affected by the RCE vulnerability.
Currently tracked using the identifier CVE-2019-10149, the new RCE vulnerability is called “Return of the WIZard” because it resembles the ancient WIZ and DEBUG vulnerabilities that affected the Sendmail mail server in the 1990s.
New defects and vulnerabilities continue to appear, but thanks to security researchers who responsibly inform companies, users are mostly protected from malicious attacks. However, this is not always the case. Recently, a new zero-day vulnerability has been published online in Windows 10 with a demo video.
The lack of a zero-day is a vulnerability for which developers do not have ready-made patches, and hackers can use them for their nefarious purposes. The new flaw concerns local privilege escalation (LPE), and if an attacker finds a way to enter the system, this defect can be used to gain access to the entire system.