Exim’s maintainers have issued patches to address as many as 21 security vulnerabilities in the program that could enable unauthenticated attackers to gain root privileges and complete remote code execution.
The bugs, dubbed ’21Nails,’ include 11 vulnerabilities that require local access to the server and ten others that can be exploited remotely. The vulnerabilities could be used to change email settings and even install new accounts on the compromised mail servers if they were successfully exploited. Qualys discovered the problems and notified Exim on October 20, 2020.
To Read More: thehackernews