Thousands of servers running the Exim mail transfer agent are at risk due to critical vulnerabilities that allow remote execution of malicious code. Four of the six bugs allow for remote code execution and carry high severity ratings. Exim has patched three of the vulnerabilities, but the status of the remaining three is unknown. The vulnerabilities were reported by Zero Day Initiative and have been criticized for not being transparently disclosed. The most severe vulnerability allows remote attackers to execute arbitrary code without authentication.
Read more at Ars Technica…