Exim邮件服务器中的21个漏洞使Web，云操作暴露

作者:糖果
发布时间:2024-04-09 03:33:46 (10天前)
来源:www.scmagazine.com/home

Researchers Tuesday released a study that found 21 unique vulnerabilities in the Exim mail server, some of which can be chained together to obtain full remote unauthenticated code execution and gain root privileges.
研究人员周二发布了一项研究，发现Exim邮件服务器中存在21个独特的漏洞，其中一些漏洞可以链接在一起以获得完整的远程未经身份验证的代码执行并获得root特权。
In a blog post, the Qualys Research Team said that these vulnerabilities affect numerous organizations because an estimated 60% of internet servers run on Exim. A Shodan search executed by the research found that nearly 4 million Exim servers are exposed to the internet.
Qualys研究小组在博客中表示，这些漏洞影响众多组织，因为估计有60％的Internet服务器都在Exim上运行。一个 初段搜查 由执行研究发现，近400万进出口服务器暴露到互联网。
Security pros should also take note that Exim servers hosted in the cloud can be exploited, said Parag Bajaria, vice president of cloud and container security solutions at Qualys.
Qualys的云和容器安全解决方案副总裁Parag Bajaria表示，安全专家还应注意，可以利用云中托管的Exim服务器。
“There are many exploits that an attacker can run in the cloud once they have gained root privileges on the VM hosting Exim server,” Bajaria said. “Depending on where the Exim server is located there’s a further possibility of lateral movement. And if the virtual machine that hosts an Exim server has IAM permissions attached to it, then those permissions can be further exploited for data exfiltration and IAM privilege escalation.”
Exim Internet Mailer has become a popular mail transfer agent (MTA) that’s available for major Unix-like operating systems and comes pre-installed on Linux distributions such as Debian.
According to the Qualys researchers, attackers can exploit 10 of the vulnerabilities remotely, some of them leading to provide root privileges on the remote system. And for the other 11, attackers can exploit them locally with most of them exploited in either default configuration or in a very common configuration.
MTAs have become interesting targets for attackers, say the researchers, because they are usually accessible over the internet. “Once exploited, they could modify sensitive email settings on the mail servers, and allow adversaries to create new accounts on the target mail servers,” said the researchers. “Last year, the vulnerability in the Exim Mail Transfer Agent was a target of Russian cyber actors formally known as the Sandworm Team.”
 “The Exim vulnerability once again illustrates the point that organizations must adopt a multi-layered defense strategy,” said Vishal Jain, co-founder and chief technology officer at Valtix.
“Cloud infrastructure providers don’t guard against remote execution of the customer’s applications,” Jain said. “Cloud and security operations teams often bear this responsibility. It’s imperative that enterprises protect applications in the public cloud against inbound threats through best-practice network security across ingress, egress, east-west, and DNS traffic. Network security offers a strong defense for remote execution vulnerabilities, like what you find in the case of Exim.”
Bajaria说：“一旦攻击者获得了承载Exim服务器的VM的root特权，攻击者便可以在云中运行许多漏洞。” “根据Exim服务器的位置，还可能出现横向移动。如果托管Exim服务器的虚拟机具有附加的IAM权限，则可以进一步利用这些权限进行数据渗透和IAM权限升级。”
Exim Internet Mailer已成为一种流行的邮件传输代理（MTA），可用于主要的类Unix操作系统，并且预装在Linux发行版（例如Debian）中。
根据Qualys研究人员的说法，攻击者可以远程利用其中的10个漏洞，其中一些漏洞导致在远程系统上提供root用户特权。而对于其他11个人，攻击者可以在本地利用它们，其中大多数都以默认配置或非常通用的配置被利用。
研究人员说，MTA已成为攻击者的有趣目标，因为它们通常可以通过Internet访问。研究人员说：“一旦被利用，他们就可以修改邮件服务器上的敏感电子邮件设置，并允许对手在目标邮件服务器上创建新帐户。” “去年，Exim Mail Transfer Agent中的漏洞是正式被称为Sandworm Team的俄罗斯网络参与者的目标。”
 Valtix的联合创始人兼首席技术官Vishal Jain说：“ Exim漏洞再次说明了组织必须采取多层防御策略的观点。”
Jain说：“云基础架构提供商不会阻止客户应用程序的远程执行。” “云和安全运营团队经常承担这项责任。企业必须通过跨入口，出口，东西向和DNS流量的最佳实践网络安全性，保护公共云中的应用程序免受入站威胁。网络安全为远程执行漏洞提供了强有力的防御，就像您在Exim的情况下所发现的那样。”

1 条回复

动动手指，沙发就是你的了！

登录后才能参与评论