Mail System Vulnerability Delivers Root Privileges

The vulnerability in Exim could allow an attacker to remotely execute code with root privileges.

Exim, the mail transfer agent used by
more than half
the email servers on the Internet, has a vulnerability. The flaw, found in versions from 4.80 through 4.92.1, allows a malicious actor to use an encrypted TLS connection to remotely execute code with root privileges.
The vulnerability, designated
CVE-2019-15846
, was discovered by researcher Zerons in late July. It takes advantage of the TLS ServerName Indicator (SNI), a feature that allows TLS to serve different certificates for various websites on a single server. A buffer overflow triggered by a relatively simple SNI request followed by a counterfeit client certificate are enough to exploit the vulnerability.
Responsible disclosure procedures were followed and a patch for the vulnerability has been made available in Exim
4.92.2
.
For more, read
here
.
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
8 Ways To Spot an Insider Threat

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Mail System Vulnerability Delivers Root Privileges