New findings showed that at least 400.000 servers running Exim message transfer agent (MTA) are vulnerable. Hackers can explore this flaw by running malicious code remotely.

Exim is often found running on Ubuntu and Debian servers (on the latter it’s configured to be the default MTA), and is the mail transport agent used in the ubiquitous cPanel web hosting control panel.

recent study found that Exim was running on over 56% of all of the publicly accessible mail servers on the internet.



The buffer overflow vulnerability in Exim was discovered by security researcher Meh Chang on 5 February 2018, and a security update (version 4.90.1) was released five days later.

Chang fears that many vulnerable systems have not still not installed the patch, and “at least 400,000 servers are at risk.”

The risk is that a malicious attacker might exploit the buffer overflow in Exim’s handling of base64 authentication by sending out a boobytrapped mail message.


According to Chang, such an attack could be used to run arbitrary code or as part of a denial-of-service attack.

“Generally, this bug is harmless because the memory overwritten is usually unused. However, this byte overwrites some critical data when the string fits some specific length.”


A patch has been available for the last month, and organisations which already have a regime of regular patching should already have addressed the vulnerability and have nothing to fear.