Security researchers at Qualys has found remote code execution bug in older versions of mail transfer agent (MTA). Exim — a critical, open source piece of the email infrastructure in many organizations.
The vulnerability affected more than 4.1 million systems and allow RCE bug with root privilege. Researchers have found more than 4.1 million systems are potentially vulnerable to the flaw.
According to researchers at Tenable, there are no exploits have been seen, they expect at least proof-of-concept exploits to appear in the near future. In the meantime, the vulnerability has been patched. Shodan scan executed by Tenable researchers on June 6 showed just 475,591 running updated and patched versions of Exim.
Total Results by Version Number
- Exim 4.87: 206,024
- Exim 4.88: 24,608
- Exim 4.89: 206,571
- Exim 4.90: 5,480
- Exim 4.91: 3,738,863
- Exim 4.92: 475,591