• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

The Best Security Consultants

Menu
  • Security Consultant
  • Industries
      • Aviation and Airport Security Consultants Australia
      • Defence & Defence Industry Security Consulting
      • Government Security Consulting
      • Healthcare & Hospitals Security Consulting
      • Corrections and Detention
      • Maritime Security Consultant
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • School and Education Security Consultant
      • Telecommunications Security Consultant
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity Consultants
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Cyber Audits
      • Data
      • Pandemic Planning
      • Azure
      • Electronic Security
      • IT Disaster Recovery Plan
      • Business Continuity Consultant
      • Identity Theft Consultant​
      • Security Consultants
      • CCTV and Security Cameras Consultant
      • ISO
      • Duress Alarms
      • Cloud
      • AWS
      • Awareness Training
      • Penetration Testing
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

Organisations Encouraged to Upgrade Exim Email Servers

You are here: Home / Security News / Organisations Encouraged to Upgrade Exim Email Servers

Exim, a mail transfer agent used on Unix-like operating systems, has announced that their email server package for Unix and Linux platforms is highly vulnerable to complete takeover.

The Australian Cyber Security Centre (ACSC) released a high alert for these vulnerabilities, but as yet they are not aware of the vulnerabilities being actively exploited “in the wild” against production platforms. However, the Qualys website has published evidence that they have successfully exploited 4 LPEs (Local Privilege Escalations) and 3 RCEs (Remote Code Executions).

The ACSC notes that many organisations in Australia are using the Exim email server software.

Upgrade Instructions

The notice from Exim provides some upgrade instructions for distributions and self-compiled releases of the email server software.

The vulnerabilities were discovered in October 2020 and are known to be in the latest version of Exim, and also suspected to be in most previous versions.

Exim notes that there are potential problems with the upgrades, with new security features in the upgrade package version 4.94.2. Organisations running version 4.92.3 are instructed to attempt to use backported patches for version exim-4.92.3+fixes.

With the wider notifications and release of example exploit code, cybercriminals are more likely to develop and deploy exploits for these vulnerabilities to steal emails and deliver malware, including ransomware, through the newly compromised Exim email servers.

Organisations are urged to patch any Exim email servers that they are using, and as the exploits enable local and remote superuser (root) escalation, to look for signs of compromise in their Linux or Unix systems (login times, unusual processes, etc).

Contact us at Agilient for assistance with patching and ensuring your organisaton is as secure as possible.

Author: David Steele, Agilient Consultant

Tweet
Share

Security News

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2023 Agilient – Level 14, 275 Alfred St, North Sydney NSW 2060 Australia – 1300 341 692

Our Services

Security Consultant

Security Consultant Sydney

Security Consultant Melbourne

Security Consultant Canberra
Security Consultant Perth

Security Consultant Adelaide

Security Consultant Brisbane