Rapid7 Vulnerability & Exploit Database

Severely outdated Exim mail server version

Back to Search

Severely outdated Exim mail server version

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
11/01/2004
Created
07/25/2018
Added
11/01/2004
Modified
07/16/2012

Description

The Exim mail server version is very old and should be updated. Versions prior to 3.0x are potentially vulnerable to a denial of service attack.

Any versions prior to 1.0x were very early beta versions and should never be used, because they were buggy and are potentially vulnerable to local and remote root exploits (Exim v1.62 is vulnerable to a remote root buffer overflow)

The Exim team recommends that all versions of Exim upgraded to at least 3.34 (for various reasons, including a potential remote denial-of-service hole in version 3.0x and earlier, and other security issues that were fixed in 3.34).

Solution(s)

  • exim-upgrade-3x-latest
  • exim-upgrade-4x-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;