21Nails Exim vulnerabilities
This blog contains information about the 21 Nails Exim vulnerabilities. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

T-Update
This blog contains information about the 21 Nails Exim vulnerabilities. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update May 4, 2021
22:00 | Newly discovered vulnerabilities in the Exim mail transfer agent (MTA) allow attackers to execute code and gain root privilege on servers running Exim. The vulnerabilities together have been named 21Nails because there are 11 locally exploitable weaknesses and 10 remote. This can lead to allow attackers to fully compromise the mailservers.
Direct patching is highly recommended. For systems older than version 4.94 this should be done with some policy, because the configuration of older versions still needs to be adjusted slightly for the update to work. This is because of an extra security measure in version 4.94.2.
Background
Risk
In the Netherlands, just under 180,000 systems are vulnerable (see image below):

Advice
The following CVE references belong to this vulnerability. More information:
Sources
Learn more about 21Nails Exim vulnerabilities on this external source.
Sign up to receive T-Updates
Receive the latest vulnerabilities in your email every Wednesday
More than 1,000 organisations have already joined us.
