exim is one of the most used MTAs on mail-enabled servers on the internet and default on Debian/Ubuntu(?).
Original author(s) | Philip Hazel (started 1995) |
---|---|
Developer(s) | The Exim Maintainers |
Thus you can expect hackers, crackers and NSA to target it.
Exim < 4.86.2 – Privilege Escalation
exim --version; # check your exim version
The available version of Exim on debian stable is 4.84.2-2, you can easily upgrade the version to version 4.89 by installing the needed package from backports through the following steps, run:
echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list
echo "deb http://httpredir.debian.org/debian jessie-backports main contrib non-free" >> /etc/apt/sources.list
apt-get update
apt-get remove exim4
apt-get -t jessie-backports install exim4
You can install a even more recent version from testing using apt-pinning way but it is not recommanded because you can break some dependencies.
(src: https://stackoverflow.com/questions/40781547/how-to-install-latest-stable-eximrspamd-version)
“This vulnerability could be exploited by attackers who have local access to the
system to escalate their privileges to root which would allow them to fully
compromise the system.”
“To exploit this setting and gain the effective root privilege of the SUID binary,
attackers can inject PERL5OPT perl environment variable, which does not get
cleaned by affected versions of Exim.”
https://www.exploit-db.com/exploits/39549/
what version of mail server you are running you can test with telnet connecting to the SMTP port of your server:
telnet domain.com 25 # or telnet domain.com 587
some examples:
Connection closed by foreign host. user@debian9:~$ telnet mx.freenet.de 587 Trying 195.4.92.211... Connected to mx.freenet.de. Escape character is '^]'. 220 mx0.freenet.de ESMTP Exim 4.85 Thu, 06 Jul 2017 11:27:46 +0200 ^C quit Connection closed by foreign host. user@debian9:~$ telnet mail.gmx.net 587 Trying 212.227.17.190... Connected to mail.gmx.net. Escape character is '^]'. 220 gmx.com (mrgmx002) Nemesis ESMTP Service ready quit 221 gmx.com Service closing transmission channel Connection closed by foreign host. user@debian9:~$ telnet mail.your-server.de 587; # hetzner Trying 78.46.5.205... Connected to mail.your-server.de. Escape character is '^]'. 220 sslproxy02.your-server.de ESMTP Exim 4.84_2 Thu, 06 Jul 2017 11:29:00 +0200 quit 221 sslproxy02.your-server.de closing connection Connection closed by foreign host.
PS: All Cisco devices have NSA-backdoors factory build-in… have PHUN! 😀
Videos: Mail Server Conference Berlin 2009
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!