Remote Exim Exploit In the Wild

Posted by kdawson on Friday December 10, 2010 @04:11AM from the be-careful-out-there dept.

An anonymous reader sends word of a remote exploit in the wild against the Exim mail agent. The news comes on the exim mailing list, where a user posted that he had his exim install hacked via remote exploit giving the attacker the privilege of the mailnull user, which can lead to other possible attacks. A note up at the Internet Storm Center reminds exim users how to set up to run in unprivileged mode, and a commenter includes recompile instructions for Debian exim for added safety. The security press hasn't picked up on this story so far.

2 of 90 comments (clear)

Min score:

Reason:

Sort:

Re:First comment! by clang_jangle · 2010-12-10 04:23 · Score: 4, Funny

It is to the four people who actually succeeded at getting exim to run.

--
Caveat Utilitor
Sure glad all my servers run Sendmail by dskoll · 2010-12-10 08:52 · Score: 5, Funny

Bet you never thought you'd read that in response to a security announcement. :)