Millions of Exim Mail Servers Are Currently Being Attacked

From prodefence.org

Millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions are currently under siege, with attackers gaining permanent root access via SSH to the exploited machines according to security researchers.

The flaw tracked as CVE-2019-10149 and named “The Return of the WIZard” by Qualys, the research outfit which discovered it, makes it possible for attackers to remotely run arbitrary commands as root — in most cases — on exposed servers after exploitation.

When we first reported about the critical severity vulnerability found in Exim versions 4.87 to 4.91, a quick Shodan search showed that vulnerable versions of Exim were running on more than 4,800,000 machines, with roughly 588,000 servers having already installed the patched Exim 4.92 release.

Read more…