.png "back to home page")
CVE-2019-10149 : New RCE vulnerability impacts SMTP MTA Exim vulnerability lets attackers run commands as root on remote
— 以色列Israel纳达尔 (@perito_inf) June 6, 2019
No memory corruption or ROP involved. Bypass NX/ASLR/SSP/PIE/full RELRO/etc. https://t.co/GZOYXkfNLDhttps://t.co/AmgQBbdWnY
ok, this looks bad: unlike previously thought the exim vuln is exploitable remotely in default configs, but it requires the attacker to keep the connection open 7 days. https://t.co/UiE0dyztsC
— hanno (@hanno) June 5, 2019
An remote command execution flaw has been discovered in Exim, impacting over half of the Internet's email servers, security researchers from Qualys have revealed today. https://t.co/OO988vlOQT
— Geeknik (•̪̀●́) Labs (@geeknik) June 5, 2019
This looks like it might be a mess:https://t.co/YISrJAspi2
— Ryan Castellucci (@ryancdotorg) June 5, 2019
In particular note that cPanel uses Exim with a significantly customized config as its mail server. Looks like the bug was fixed by happenstance in a recent release.
Millions of machines affected by command execution flaw in Exim mail server https://t.co/gvhcOBhAJP by @dangoodin001
— Ars Technica (@arstechnica) June 7, 2019
Exploitation depends on the Exim server's configuration, but Qualys described it as "trivial"https://t.co/4uHhMeqGJV pic.twitter.com/WawKj7FQGG
— Catalin Cimpanu (@campuscodi) June 5, 2019
Security Advisory: The Return of the WIZard: RCE in Exim (CVE-2019-10149) https://t.co/fRYOMfFx54
— Qualys (@qualys) June 5, 2019
A command execution potentially impacting half of the internet’s email servers can be exploited remotely, researchers warnhttps://t.co/VMxPJO7YEh
— The Daily Swig (@DailySwig) June 6, 2019
No memory corruption or ROP involved. Bypass NX/ASLR/SSP/PIE/full RELRO/etc. https://t.co/Qgrcjpez5Ahttps://t.co/j7h6xmFZbn
— ?? ?? (@0x2AE) June 6, 2019
The vulnerability affects Exim, a mail transfer agent, which is software that runs on email servers to relay emails from senders to recipients. The real danger comes from remote hackers who can scan the internet for vulnerable servers, and take over.https://t.co/I0rNwH2epe
— Jinson Varghese (@JinsonCyberSec) June 6, 2019
New Exim RCE vulnerability lets attackers run commands as root on remote email servers.
— Catalin Cimpanu (@campuscodi) June 5, 2019
Exim runs on more than half of the Internet's email servers.https://t.co/46RttQykZM pic.twitter.com/nLd9whLcng
Almost half of internet's email servers impacted by new vulnerability allowing attackers to run commands as root on remote email servers https://t.co/Kc0xfvH2Yy @ZDNet @campuscodi #cybersecurity #IT pic.twitter.com/iIerlGiBlk
— AT&T Cybersecurity (@attcyber) June 6, 2019
New RCE vulnerability impacts nearly half of the internet's email servers https://t.co/b7pabNoiWT #Infosec pic.twitter.com/5MikrmRdWl
— #AI (@AI__TECH) June 7, 2019
New RCE vulnerability impacts nearly half of the internet's email servers https://t.co/MqCvDopbbx
— Milton Security (@MiltonSecurity) June 6, 2019
New RCE vulnerability impacts nearly half of the internet's email servers https://t.co/vFzhu1Th1B pic.twitter.com/EvxWgh8HIx
— Paolo Passeri (@paulsparrows) June 6, 2019
It's beginning to feel a little bit like infrastructure vulnerability week again.https://t.co/RiUiayLiMB
— Paul Dokas (@pauldokas) June 6, 2019
Action required! Exim mail servers need urgent patching – Naked Security https://t.co/dqntrQWh4f@archonsec @ChuckDBrooks @mclynd @gvalan @DrJDrooghaag @AlaricAloor @Fabriziobustama @jdelacruz_IoT @fogle_shane @ElJefeDSecurIT @StephaneNappo
— Philippe Vynckier (@PVynckier) June 7, 2019
Researchers have discovered another dangerous security hole hiding in recent, unpatched versions of the internet’s most popular mail server, Exim. https://t.co/ZuBRpiSCgG via @InfoSecHotSpot pic.twitter.com/8IPEc7nQd3
— Sean Harris (@InfoSecHotSpot) June 7, 2019
This just in from @cPanel .
— HIVELOCITY HOSTING (@HIVELOCITY) June 6, 2019
"We want to provide you with information regarding an Exim exploit that NIST has posted about today:https://t.co/3ch9Ij8AkT
We recommend that you update any servers below cPanel & WHM v78.0.27 promptly." pic.twitter.com/G3cJLLZt6a
Critical bug found in popular mail server software | WeLiveSecurity https://t.co/LksQqux6sX@archonsec @ChuckDBrooks @mclynd @gvalan @DrJDrooghaag @AlaricAloor @Fabriziobustama @jdelacruz_IoT @fogle_shane @ElJefeDSecurIT @StephaneNappo
— Philippe Vynckier (@PVynckier) June 8, 2019
New RCE vulnerability impacts nearly half of the internet's #email servers - #cybersecurity https://t.co/5qQEsrVSkW via @ZDNet & @campuscodi
— AcidTechnologies (@AcidTec) June 6, 2019
Action required! Exim mail servers need urgent patching https://t.co/ZJ64OugOUv #infosec pic.twitter.com/mTodscfgni
— #AI (@AI__TECH) June 8, 2019
Action required! Exim mail servers need urgent patching: Researchers have discovered another dangerous security hole hiding in recent, unpatched versions of the internet’s most popular mail server,… https://t.co/1XesoAF8uL #Securitythreats #Vulnerability #emailserver @Cygnacom pic.twitter.com/XnVb00AN85
— Debra Baker (@deb_infosec) June 7, 2019
WARNING: Action required! #Exim #email #servers need urgent #patching #cybersec #cybersecurity #hackers #infosec #cybercrime #cybercriminals #dataprotection #security #phishing #malware #gdpr #threatintel https://t.co/jxPA6d9VzA
— Jiniba (@JinibaBD) June 7, 2019