A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers.
While ZDI reported the vulnerability to the Exim team in June 2022 and resent info on the flaw at the vendor's request in May 2023, the developers failed to provide an update on their patch progress.
Yikes. Sitting on a critical RCE in internet exposed server software for a year. That's a great way to destroy trust in a project.
One of the first things I tended to do after building a new Debian etc system was uninstall Exim. Vulnerabilities aside is kinda crap to maintain versus e.g Postfix
Yikes. Sitting on a critical RCE in internet exposed server software for a year. That's a great way to destroy trust in a project.
One of the first things I tended to do after building a new Debian etc system was uninstall Exim. Vulnerabilities aside is kinda crap to maintain versus e.g Postfix