Exim flaw is under attack on Linux Server

As of last Thursday Amit Serper, Cybereason’s head of security researchers has warned about the attackers that might be exploiting the Exim flaw to gain an access control over the target Linux Server via SSH using root access.

Source: Exim Remote Command Execution Vulnerability (CVE-2019-10149)

Amit Serper have said that

 “The campaign uses a private authentication key that is installed on the target machine for root authentication,”

He continued saying

“Once remote command execution is established, it deploys a port scanner to search for additional vulnerable servers to infect. It subsequently removes any existing coin miners on the target along with any defenses against coinminers before installing its own.”

How the flaw works?

However, the flaw has been resolved and patches been released in February, there still have many vulnerable servers have not resolved and patch in the real world.

Below are the stats from Shodan.io website which refer to Exim flaws

Source: Shodan.io

Reminder:

Please patch your server if you are not patching your server…

Recommendation:

System Administrator has to update their operating system which been running in Azure Virtual Machines (VMs) based on the 16 June 2019 update.

Microsoft have said that

“As this vulnerability is being actively exploited by worm activity, MSRC urges customers to observe Azure security best practices and patterns and to patch or restrict network access to VMs running the affected versions of Exim,”

Source: Linux servers under attack via latest Exim flaw

Author: Wan Ariff

He brings with him more than 2 years of working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *