38 matches found
Exploit for OS Command Injection in Exim
Exim CVE Data Collection Data Collection Related to Exim Vuln...
NSA Warns of Sandworm Backdoor Attacks on Mail Servers
The Russia-linked APT group Sandworm has been spotted exploiting a vulnerability in the internet’s top email server software, according to the National Security Agency NSA. The bug exists in the Exim Mail Transfer Agent MTA software, an open-source offering used on Linux and Unix-like systems. It...
NSA Releases Advisory on Sandworm Actors Exploiting an Exim Vulnerability
The National Security Agency NSA has released a cybersecurity advisory on Russian advanced persistent threat APT group Sandworm exploiting a vulnerability—CVE-2019-10149—in Exim Mail Transfer Agent MTA software. An unauthenticated remote attacker can use this vulnerability to send a specially...
CVE-2019-10149
Exim unauthenticated RCE with reports that it’s been used by Sandworm since August 2019 Recent assessments: ericalexanderorg at May 28, 2020 4:49pm UTC reported: Untested POC exists https://github.com/MNEMO-CERT/PoC—CVE-2019-10149Exim/blob/master/PoCCVE-2019-10149.py gwillcox-r7 at November 04,...
Exploit for OS Command Injection in Exim
CVE-2019-10149 CVE-2019-10149 : A flaw was found in Exim versi...
Exploit for OS Command Injection in Exim
CVE-2019-10149 - Exim 4.87 Local/Makefile cp eximmonitor...
Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'expect' class MetasploitModule 'Exim 4.87 - 4.91 Local Privilege Escalation', 'Description' = %q This module exploits a flaw in Exim versions 4.87 to 4.91...
Exim 4.91 Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'expect' class MetasploitModule 'Exim 4.87 - 4.91 Local Privilege Escalation', 'Description' = %q This module exploits a flaw in Exim versions 4.87 to 4.91...
Exim 4.87 / 4.91 - Local Privilege Escalation Exploit
This Metasploit module exploits a flaw in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to command execution with root privileges. This module requires Metasploit: https://metasploit.com/download Current source...
Exim 4.87 - 4.91 Local Privilege Escalation
This module exploits a flaw in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to command execution with root privileges CVE-2019-10149. This module requires Metasploit: https://metasploit.com/download Current...
Microsoft Pushes Azure Users to Patch Linux Systems
Microsoft is warning customers that some Azure installations are vulnerable to a recently-disclosed critical Linux Exim mail server flaw that is under active attack. The warning comes after a widespread worm campaign was disclosed on Friday, targeting a flaw in the Exim mail transport agent MTA,...
Exim 4.87 - 4.91 - Local Privilege Escalation
Exim 4.87 - 4.91 - Local Privilege Escalation !/bin/bash raptoreximwiz - "The Return of the WIZard" LPE exploit Copyright c 2019 Marco Ivaldi A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to...
Exim 4.87 - 4.91 - Local Privilege Escalation
!/bin/bash raptoreximwiz - "The Return of the WIZard" LPE exploit Copyright c 2019 Marco Ivaldi A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to remote command execution. CVE-2019-10149 This...
Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)
This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution RCE vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91. Microsoft Azure infrastructure and Services are not affected; only customer’s Linux IaaS...
Exim MTA Vulnerability (The Return of the WIZard – CVE-2019-10149)
Last week, Qualys issued a security advisory for a vulnerability we discovered during a code review of Exim. This vulnerability can lead to Remote Command Injection, and is currently being actively attacked in the wild. This blog will show you how to quickly identify assets that are impacted by...
Millions of Linux Servers Under Worm Attack Via Exim Flaw
A widespread campaign is exploiting a vulnerability in the Exim mail transport agent MTA to gain remote command-execution on victims’ Linux systems. Researchers say that currently more than 3.5 million servers are at risk from the attacks, which are using a wormable exploit. Specifically under...
Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)
This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution RCE vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91. Microsoft Azure infrastructure and Services are not affected; only customer’s Linux IaaS...
Exploit for OS Command Injection in Exim
PoC-CVE-2019-10149Exim MNEMO-CERT ha desarrollado una PoC que...
Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)
This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution RCE vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91. Microsoft Azure infrastructure and Services are not affected; only customer’s Linux IaaS...
Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)
This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution RCE vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91. Microsoft Azure infrastructure and Services are not affected; only customer’s Linux IaaS...