General Discussion

[Attacks against EXIM vuln]

FYI...

Attacks against EXIM vuln...
- http://isc.sans.edu/diary.html?storyid=10093
Last Updated: 2010-12-17 17:40:25 UTC - "Users of the popular exim mail server report attacks exploiting the recently patched vulnerability [1,2]. It appears that the attacks are scripted and installing popular rootkits...
[1] http://www.reddit.com/r/netsec/comments/en650/details_of_the_root_kit_that_got_installed_on_my/
[2] http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html ..."

- http://www.kb.cert.org/vuls/id/682457
Last Updated: 2010-12-13 - "... Solution: Apply an update: Users who obtain Exim from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors. This vulnerability is reportedly addressed in Exim version 4.70. Users of Exim from the original source distribution should upgrade to this version or later, as appropriate. Users who are unable to upgrade are encouraged to apply the following patch from the Exim developers:
- http://git.exim.org/exim.git/commitdiff/24c929a2 ..."

Related: cPanel update: http://www.cpanel.net/2010/12/critical-exim-security-update.html

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4344
Last revised: 12/21/2010
CVSS v2 Base Score: 9.3 (HIGH)