Sysadmins Scramble to Secure 5M Exim Email Servers
A really-simple-to-exploit vulnerability in Exim needs patching on about 5 million internet-facing servers. If sysadmins don’t patch—and patch fast—they can expect their boxes to be quickly owned.
At its heart, the bug is a failure to correctly escape a special character in the TLS Server Name Indication (SNI). A simple pair of bytes in the SNI allows root access to the server.
The potential consequences are truly frightening. In today’s SB Blogwatch, we