A New Flaw Found in Exim Email ~ “Return of The Wizard”
A recent survey report stated that 57% of all email servers use Exim. Exim is a Mail Transfer Agent (MTA) software, which runs on email servers to pass on emails from senders to recipients. The security research company Qualys has found a new RCE defect. RCE means remote command execution and this new flaw turned email servers vulnerable to any local or remote hacker. He/She can run commands on Exim server as admin. The report by Qualys mentions that this flaw affects versions 4.87 to 4.91. This RCE flaw is named “Return of The Wizard” because of its resemblance to the ancient WIZ and DEBUG flaws that affected the Sendmail Email servers in the 90s.
Qualys Security Advisory says, “To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes).”
But the Good News is that this RCE vulnerability is inefficient in the updated 4.92 Exim version. The sincere works of Security Researchers who discover these defects to protect users is deeply appreciated. But, because every shield has a chink, a zero-day vulnerability in Windows 10 came to the open eye recently. Unfortunately, this zero-day flaw has no shield or update yet and can be exploited by intruders to gain total access over a system.