4:25pm, 17 Jun 2019
TLP Rating: White
Exim mail transfer agent (MTA) vulnerability being exploited
CERT NZ is aware of a vulnerability in Exim Mail Transfer Agent (MTA) software being actively exploited by two separate groups. Exim is widely used, according to ZDNet it is thought to be running on over 50% of the mail servers on the internet.
The vulnerability, CVE-2019-10149 and nicknamed "Return of the WIZard", allows attackers to run arbitrary system commands under the Exim process' access level, which on most servers is root.
The two known exploits have been observed spreading malware, establishing backdoor access, and installing cryptocurrency miners on compromised Exim servers.