How to find Exim mail servers on your network
Rumble Network Discovery is now runZero!
In their security advisory for 21Nails, the Qualys Research team communicated their discovery of several critical vulnerabilities in Exim mail servers that can be exploited for unauthenticated code execution and root privileges.
Recently, maintainers of the Exim mail server released updates to patch the vulnerabilities. If you have Exim mail servers, you must patch them immediately.
Finding Exim mail servers with Rumble
According to the Qualys blog, a Shodan search showed nearly 4 million Exim servers exposed to the internet. Their accessibility makes these mail transfer agents targets for attackers.
With Rumble, you can find Exim mail servers in your inventory with this pre-built query. This query searches for any live asset that has protocol SMTP and exim in the banner.
_asset.protocol:smtp and protocol:smtp and banner:exim
As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.
Try Rumble
Don’t have Rumble and need help finding Ubiquiti devices? Start your Rumble trial today.
Similar Content
February 15, 2023
Finding OpenSSH servers
The OpenSSH team surfaced a security issue earlier this month that specifically affects OpenSSH server version 9.1p1 (a.k.a. version 9.1). This version contains a memory double-free vulnerability (tracked as CVE-2023-25136) that can be reached pre-authentication by a remote …
Read MoreFebruary 8, 2023
Finding VMware ESXi assets
This Rapid Response post covers ESXiArgs, a new strain of ransomware that is targeting VMware ESXi servers. Learn how you can find potentially affected servers on your network.
February 3, 2023
Finding Lexmark printer assets
Printer manufacturer Lexmark recently published details on a vulnerability that affects over 100 of their printer models. Learn how runZero can help you find potentially affected assets.