Skip to main content

World's most popular email server hit by security bug

(Image credit: Image Credit: / Shutterstock)

The world’s most popular mail transfer agent (MTA) has detected a critical bug (opens in new tab) which would allow hackers to run malicious code with root privileges. The bug was since patched, but until all webmasters upgrade their systems, a realistic threat of a huge data breach exists.

Exim is one of the most widespread mail transfer agent software out there, with a market share of 57 per cent, according to ZDNet. It often comes bundled with different Linux distributions, such as Debian or Red Hat.

All Exim servers running version 4.92.1 or earlier are vulnerable. That means that (not to get too technical) - if the server is configured to accept incoming TLS connections, a hacker could run malicious code with root privileges.

The vulnerability (opens in new tab)was first spotted by a security researcher named Zerons, back in July. The Exim team was notified, and they have been building a patch ever since, in utmost privacy. That’s because, apparently, the flaw is super easy to exploit. Also, it seems as no one exploited it just yet.

The patch has been issued last Friday, and the problem has since been resolved.

According to BinaryEdge, there are more than 5.2 million Exim servers which are currently running a vulnerable version. This is the second major vulnerability (opens in new tab) which the Exim team patched this summer, after the “Return of the WIZard” was fixed this June.

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.