Users of the popular Exim email server software are being urged to update their installations following the discovery a vulnerability that can allow hackers to install malicious code with root privileges.

The vulnerability is found in all versions of Exim up to and including 4.92.1 with 4.92.2 released Friday night to address the vulnerability.

The vulnerability, called CVE-2019-15846, was discovered by a security researcher called Zerons in late July. It allows an attacker to take advantage of the TLS ServerName Indicator, a feature that allows TLS to serve different certificates for various websites.

An attacker can create a buffer overflow targeting the feature to gain access to a server running Exim. Since the vulnerability doesn’t depend on the TLS library being used by the server, both GnuTLS and OpenSSL are affected. “The vulnerability is exploitable by sending a SNI ending in a backslash-null sequence during the initial TLS handshake,” the security advisory notes.

While certainly not a household name, Exim is widely popular and is used to serve an estimated 57% of all publicly reachable email servers on the internet. Originally designed for Unix servers, Exim is available for Linux and Microsoft Corp. Windows as well. While sitting behind the scenes, Exim powers email in cPanel, which is certainly far better known among those who have owned or have ever set up a website on a server, shared, dedicated or otherwise.

Updating Exim installs is being strongly encouraged by the Exim Maintainers Group, the group of coders who donate their time to support and update Exim. The software is open-source and free to use.

According to Hacker News, the Exim Maintainers are offering assistance. “If you can’t install the above versions, ask your package maintainer for a version containing the backported fix,” it advised. “On request and depending on our resources we will support you in backporting the fix.”

Photo: audioreservoir/Flickr