A Tale of Picture this: being at a party, saying goodnight to your child, riding in a car – that’s what three of our security engineers were doing on that fateful Saturday, September 30th. Suddenly, their phones started ringing, interrupting the party music, the silence of the kids’ room, and the hum of the car, respectively. It’s an alert of a critical security issue with Exim, the mail server used by 56% of all mail servers on the Internet, including SiteGround’s. Despite their different situations, all three of our security engineers immediately halted their plans to address this issue – a testament to our unwavering commitment to security.
What is Exim and why should we care?
Exim is like the postman of the digital world, responsible for delivering your emails from one point to another. A problem with Exim could potentially mean serious problems for your emails and more. To give you an idea of the scale, Exim is the most popular mail server in the world, used by over 342,000 mail servers. That’s over 56% of all mail servers on the internet. Of course, it’s the mail server software that we at SiteGround rely on entirely to deliver outgoing messages and incoming mail for all our customers.
Since email services are a crucial part of our hosting El Salvador Email Database offering, and are used by the majority of our customers, we are constantly working to maintain the security, deliverability and reliability of our email service. It all starts with an intense customization process, which is our usual approach to all software we use, to ensure that they best meet our customers’ needs, giving us more control to keep them extremely secure and always up to date.
The Exim Problem and Site Ground’s Proactive Response
The issue, labeled CVE-2023-42115, was actually a combination of six different zero-day exploits against Exim. A zero-day vulnerability means that all servers using this particular configuration are immediately at risk. We received the report as soon as it was published and immediately investigated all six issues to assess the risk to our customers. The good news is that because we heavily customize all the software on our servers, those particular parts of Exim that were affected were not even in use on our servers. However, our work didn’t stop there. Here’s a breakdown of all the issues, why SiteGround customers were safe, and what we did to ensure they stayed that way.
Three of the reported Exim exploits involved different Buy Email Database List types of email authentication, namely SPA/NTLM and EXTERNAL. In short, they are about proving to the mail server who you are and then allowing you to send emails. The new vulnerability meant that an attacker could craft a special request, exploit security holes in the authentication mechanisms, and gain access to the server running Exim. Furthermore, the attacker could gain full access to the server, not only to Exim as a mail server, but to all the data residing on the server. On SiteGround’s servers, however, we do not use any of these authentication methods, so SiteGround customers were not compromised.
The fourth exploit was related to a proxy issue and was very similar in nature, while the fifth issue resided in a library call “libspf2”, which is use for some SPF checks on emails. Since we do not use proxies in front of our Exim mail servers on SiteGround, nor do we use this problematic library, we were not affect by this attack vector either.
The last issue was with how people do DNS lookups
Many people just use third-party DNS resolvers and can’t be sure that the DNS resolvers validate the data they receive. SiteGround uses its own DNS resolvers and we validate the data we receive. So that didn’t concern us either. Typically, there are two ways to approach a vulnerability. One is to assess whether and how it Bulk Database affects you, and simply let it go if it doesn’t affect your systems. But the smarter way to proceed is to think ahead, and so even if a particular vulnerability, or some of them, don’t directly affect you now, it’s still a good idea to be proactive in patching. In case that vulnerability develops and opens the door to additional exploits that could potentially affect you at a later stage.
So that’s exactly what we did:
Despite our servers not being directly at risk from any of the vectors of this particular attack .Our engineers didn’t sit idly by. In addition to thoroughly checking and testing all exploits to ensure they didn’t affect Site Ground’s servers. As soon as a new, more secure version of Exim was release (version 4.96.1). We immediately update all of our Exim mail servers. It’s our way of ensuring your peace of mind and a testament to our proactive approach to security.
