{"id":40738,"date":"2021-05-05T17:20:06","date_gmt":"2021-05-05T17:20:06","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/"},"modified":"2021-05-05T17:20:06","modified_gmt":"2021-05-05T17:20:06","slug":"21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/","title":{"rendered":"21 nails in Exim mail server: Vulnerabilities enable &#8216;full remote unauthenticated code execution&#8217;, millions of boxes at risk"},"content":{"rendered":"<p>Researchers at security biz Qualys discovered 21 vulnerabilities in Exim, a popular mail server, which can be chained to obtain &#8220;a full remote unauthenticated code execution and gain root privileges on the Exim Server.&#8221;<\/p>\n<p>Exim is a mail transfer agent (MTA), responsible for receiving and forwarding email messages. It runs primarily on Unix or Linux and is the default MTA on Debian &#8211; though Ubuntu and Red Hat Enterprise Linux use Postfix by default.<\/p>\n<p>Some hosting companies use Exim to provide email services to their customers, and it was also popular in universities and other educational institutions (it was initially developed at the University of Cambridge in 1995) though many of these have transitioned to Office 365 or Google email, not least <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/08\/04\/cambridge_uni_decommissioning_hermes_email\/\" rel=\"noopener noreferrer\">Cambridge itself<\/a>.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,leaderboard,mpu,\" data-lg=\",fluid,leaderboard,\" data-xlg=\",fluid,superleaderboard,billboard,leaderboard,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>According to one <a target=\"_blank\" href=\"http:\/\/www.securityspace.com\/s_survey\/data\/man.202104\/mxsurvey.html\" rel=\"noopener noreferrer\">recent survey<\/a> nearly 60 per cent of mail servers visible on the internet use Exim, followed by Postfix at 34 per cent. Qualys said a Shodan search revealed nearly 4 million Exim servers exposed to the internet.<\/p>\n<div class=\"CaptionedImage Center\" readability=\"9\"><a href=\"https:\/\/regmedia.co.uk\/2021\/05\/05\/exim.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2021\/05\/05\/exim.jpg?x=648&amp;y=364&amp;infer_y=1\" alt=\"Qualys demonstrates a proof of concept exploit against the Exim mail server, achieving root access to the remote server\" title=\"Qualys demonstrates a proof of concept exploit against the Exim mail server, achieving root access to the remote server\" height=\"364\" width=\"648\"><\/a><\/p>\n<p class=\"text_center\">Qualys demonstrates a proof of concept exploit against the Exim mail server, achieving root access to the remote server<\/p>\n<\/div>\n<p>The Qualys researchers have now <a target=\"_blank\" href=\"https:\/\/blog.qualys.com\/vulnerabilities-research\/2021\/05\/04\/21nails-multiple-vulnerabilities-in-exim-mail-server\" rel=\"noopener noreferrer\">reported<\/a> on 21 critical vulnerabilities discovered via a code audit, 10 of which can be exploited remotely.<\/p>\n<p>The local vulnerabilities are also an issue, as they can enable local users to escalate privileges to root. Most of the vulnerabilities are longstanding, the researchers say, with some going back to the beginning of its Git history (the Exim source code repository).<\/p>\n<p>A proof of concept video shows an exploit (developed by Qualys but not publicly available) in action. &#8220;To run the exploit, all we need to do is point it to the target Exim server IP endpoint,&#8221; explained researcher Bharat Jogi. The exploit starts with a use after free bug (where memory is referenced after it has been freed), then discovers where Exim&#8217;s configuration resides in memory, and modifies it to &#8220;execute an arbitrary command.&#8221;<\/p>\n<p>This opens a Netcat shell, at which point the attacker has a local terminal as the Exim user. A further vulnerability allows the attacker to take ownership of any file on the system, because part of the Exim code runs as root. Ownership of the system password file then gives the user full root privileges.<\/p>\n<h3 class=\"crosshead\"> <span>Timing was tight<\/span><br \/>\n<\/h3>\n<p>Qualys said it informed the Exim security team of some vulnerabilities on 20 October 2020, followed by a further list on 29 October. Exim maintainers gave Qualys access to its Git repository both to review and to assist with writing patches. The timing was tight, though: patches were not completed until 24th February, and the Exim team did not give access to packagers and maintainers, who are responsible for providing Exim updates to users, until 27th April. The vulnerabilities were disclosed yesterday, 4 May, a date which Qualys said was agreed with the Exim project.<\/p>\n<p>This timeline inevitably means that many servers were not patched at the time of the announcement. Debian released a <a target=\"_blank\" href=\"https:\/\/www.debian.org\/security\/2021\/dsa-4912\" rel=\"noopener noreferrer\">security advisory yesterday<\/a> for its current stable distribution, Buster. At the time of writing, the packages for Debian 9 (Stretch), which is end of life but in long term support, had not yet been updated. All Exim versions before Exim 4.94.2 are vulnerable.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,leaderboard,mpu,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>The Qualys team chose the name 21 Nails as a pun on &#8220;21 vulnerabilities in a &#8216;Mail&#8217; transfer agent.&#8221; Nothing to do with coffins, though the new vulnerabilities will reinforce claims that running Postfix, which was designed with security in mind (it was also called Secure Mailer) is a better idea from a security perspective.<\/p>\n<p>Email servers are an obvious attack point because they are of necessity internet-accessible, as evidenced by another recent <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/03\/03\/hafnium_exchange_server_attack\/\" rel=\"noopener noreferrer\">security incident<\/a>, called Haffnium, that affected Microsoft Exchange. The number of Exim instances out there is far greater than the number of Exchange servers, although the corporate nature of Exchange may make it a more attractive target. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2021\/05\/05\/21_nails_in_exim_mail\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nearly 4 million to be exact, say researchers Researchers at security biz Qualys discovered 21 vulnerabilities in Exim, a popular mail server, which can be chained to obtain &#8220;a full remote unauthenticated code execution and gain root privileges on the Exim Server.&#8221;\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-40738","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>21 nails in Exim mail server: Vulnerabilities enable &#039;full remote unauthenticated code execution&#039;, millions of boxes at risk 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"21 nails in Exim mail server: Vulnerabilities enable &#039;full remote unauthenticated code execution&#039;, millions of boxes at risk 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-05T17:20:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"21 nails in Exim mail server: Vulnerabilities enable &#8216;full remote unauthenticated code execution&#8217;, millions of boxes at risk\",\"datePublished\":\"2021-05-05T17:20:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\\\/\"},\"wordCount\":652,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\\\/\",\"name\":\"21 nails in Exim mail server: Vulnerabilities enable 'full remote unauthenticated code execution', millions of boxes at risk 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2021-05-05T17:20:06+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"21 nails in Exim mail server: Vulnerabilities enable &#8216;full remote unauthenticated code execution&#8217;, millions of boxes at risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"21 nails in Exim mail server: Vulnerabilities enable 'full remote unauthenticated code execution', millions of boxes at risk 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/","og_locale":"en_US","og_type":"article","og_title":"21 nails in Exim mail server: Vulnerabilities enable 'full remote unauthenticated code execution', millions of boxes at risk 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-05-05T17:20:06+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"21 nails in Exim mail server: Vulnerabilities enable &#8216;full remote unauthenticated code execution&#8217;, millions of boxes at risk","datePublished":"2021-05-05T17:20:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/"},"wordCount":652,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/","url":"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/","name":"21 nails in Exim mail server: Vulnerabilities enable 'full remote unauthenticated code execution', millions of boxes at risk 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2021-05-05T17:20:06+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YJL7@dlnSeswLbfGCUip3AAAABQ&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/21-nails-in-exim-mail-server-vulnerabilities-enable-full-remote-unauthenticated-code-execution-millions-of-boxes-at-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"21 nails in Exim mail server: Vulnerabilities enable &#8216;full remote unauthenticated code execution&#8217;, millions of boxes at risk"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40738","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40738"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40738\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40738"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40738"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40738"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}