Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Blogs
    • Security Watch

    Attackers Exploiting Exim Bugs with Rootkit

    By
    Fahmida Y. Rashid
    -
    December 18, 2010
    Share
    Facebook
    Twitter
    Linkedin

      Attackers are already exploiting a bug in the Exim mailer to remotely execute code on compromised Linux machines, according to a pair of Linux security advisories.

      Posted on US-Cert as Vulnerability Note VU #682457, the bug exists in Exim mail server software prior to version 4.70. Affected systems include Debian Linux, Novell’s SUSE Linux, and Canonical’s Ubuntu Linux.

      Exim is a mail transfer agent popularly used on Unix-based machines.

      “The internal string handling functions of the Exim software contain a function called string_format(). The version of this function included with Exim versions prior to 4.70 contains a flaw that can result in a buffer overflow. An attacker can exploit this vulnerability by crafting message headers that are subsequently supplied to Exim logging functions,” wrote Chad Dougherty on the US-CERT list.

      When a rootkit is installed on a machine running the older version of Exim, the malware creates a number of temporary files, including a small C program. An attacker can remotely compile the program. When executed, it runs using Exim server’s privileges.

      While bad, it’s not as bad as running as root, except for the fact there is yet another Exim bug.

      A bug in the way Exim mail server handles configuration files allows local programs to get root-level privileges, according to Vulnerability Note VU #758489. Since the rootkit is running locally on the compromised machine, this bug allows the program to grant itself root privileges, giving the remote attacker complete control over the system.

      This bug is currently affecting SUSE Linux, according to the advisory.

      The bugs were discovered because of their “exploitation in the wild,” according to the advisories.

      The first bug can be fixed by upgrading to version 4.7 or by applying an Exim patch.

      As for the second bug, the software is built by default without specifying the ALT_CONFIG_ROOT_ONLY option, which allows all commands in the configuration file to execute as root. Clearly, administrators not needing to use multiple configuration files should build Exim on their systems ALT_CONFIG_ROOT_ONLY option enabled. However, this recommendation doesn’t help administrators who need to use more than one set of configurations on the mail server. In fact, Dougherty wrote there was currently “no practical solution” to the configuration file bug.

      There is a simple way to suspect that the rootkit may be on the mail server: e-mail would stop working.

      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×