Exim "21nails" vulnerabilities

Patch up your exim installs today, friends. New vulnerability: https://www.qualys.com/2021/05/04/21nails/21nails.txt

Brief description:

When Exim receives a mail, it creates two files in the “input”
subdirectory of its spool directory: a “data” file, which contains the
body of the mail, and a “header” file, which contains the headers of the
mail and important metadata (the sender and the recipient addresses, for
example). Such a header file consists of lines of text separated by ‘\n’

Unfortunately, an unprivileged local attacker can send a mail to a
recipient whose address contains ‘\n’ characters, and can therefore
inject new lines into the spool header file and change Exim’s behavior

And that’s just the first. There’s more in this.

If you’re using DirectAdmin on your server, this will patch it and apply one of my sane customizations that I believe every server should have anyway:



This one is huge!

I hope everyone gets their systems patched ASAP and has no problems.

1 Like