All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Exim vulnerability lets attackers run commands as root on remote email servers.
In a security alert shared with ZDNet earlier today, Qualys, a cyber-security firm specialized in cloud security and compliance, said it found a very dangerous vulnerability in Exim installations running versions 4.87 to 4.91.
The vulnerability is described as a remote command execution -- different, but just as dangerous as a remote code execution flaw -- that lets a local or remote attacker run commands on the Exim server as root.
Qualys said the vulnerability can be exploited instantly by a local attacker that has a presence on an email server, even with a low-privileged account.
But the real danger comes from remote hackers exploiting the vulnerability, who can scan the internet for vulnerable servers, and take over systems.
"To remotely exploit this vulnerability in the default configuration, an attacker must keep a connection to the vulnerable server open for 7 days (by transmitting one byte every few minutes)," researchers said.
"However, because of the extreme complexity of Exim's code, we cannot guarantee that this exploitation method is unique; faster methods may exist."
Comments
my server is compromised, i cant even access the ip from putty for ssh. how can i backup the server?
not to rub it in too much but ... backups are something you make before you need them, right?
that said - if you have console access, then should be able to login in single user mode and reset the password, then copy over whatever data you need and reinstall your system.
Actually I doubt that you even really want to do that because you seriously should not trust anything on a compromised server.
But if you really, really want to do it anyway, @uptime opened the door for you. And do yourself a favour: Burn his first sentence into your brain and never forget it.
Well, that may explain why 185.137.111.0/24 was hitting port 25 all of my ranges for days with just a tiny bit of data every now and then.
good chance someone is using that range targeting just this so good idea to blackhole it on your networks, they have already been blacklisted by spamhaus for similar stuff.
via recovery mode