Exim mail server developers users about the identification of a critical vulnerability (), allowing a local or remote attacker to execute their code on the server with root rights. There are no publicly available exploits for this problem yet, but the researchers who identified the vulnerability have prepared a preliminary prototype of the exploit.
A coordinated release of package updates and publication of a corrective release are scheduled for September 6 (13:00 MSK) . Until that time, detailed information about the problem . All Exim users should prepare for an emergency installation of an unscheduled update.
This year is the third in Exim. In accordance with the September automated more than two million mail servers, Exim's share is 57.13% (a year ago 56.99%), Postfix is used on 34.7% (34.11%) of mail servers, Sendmail - 3.94% (4.24%), Microsoft Exchange - 0.53% (0.68%).
Source: opennet.ru