Critical Exim Vulnerability in Ubuntu Exposes Sensitive Information
Severity: Medium (Score: 57.8)
Sources: Linuxsecurity, Ubuntu
Published: · Updated:
Keywords: ubuntu, exim, vulnerability, issue, sensitive, informati, critical
Severity indicators: critical, vulnerability, issue, closure
Summary
A critical vulnerability in Exim, a mail transport agent used in multiple Ubuntu versions, has been discovered. The issue, identified by Warisjeet Singh, occurs when SUPPORT_PROXY is enabled, allowing remote attackers to potentially access sensitive information before SMTP authentication. Affected releases include Ubuntu 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. The vulnerability can be mitigated by updating to specific package versions provided in the advisory. Users are urged to perform a standard system update to address this issue. The vulnerability highlights the importance of timely updates in maintaining system security. No CVE identifier was mentioned in the articles. The current status is that the vulnerability has been acknowledged, and updates are available. Key Points: • Exim vulnerability could expose sensitive information over the network. • Affected Ubuntu versions include 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. • Users should update to the latest package versions to mitigate the risk.
Detailed Analysis
**Impact** Ubuntu users running versions 22.04 LTS, 24.04 LTS, 25.10, and 26.04 LTS with Exim mail transport agent are affected. The vulnerability allows remote attackers to potentially obtain sensitive information before SMTP authentication, risking exposure of confidential data. This affects organizations relying on Exim for mail services across sectors using these Ubuntu releases globally. No specific data volumes or sectors beyond Ubuntu users are detailed. **Technical Details** The vulnerability arises from improper memory handling in Exim when SUPPORT_PROXY is enabled, exploitable remotely before SMTP authentication. The issue was discovered by Warisjeet Singh and is identified under Ubuntu Security Notice USN-8353-1. No CVE number or malware/tool usage is provided. The attack vector is network-based exploitation targeting the mail transport agent during the initial SMTP session, corresponding to the reconnaissance or initial access stage of the kill chain. No IOCs are mentioned. **Recommended Response** Apply the updated Exim packages provided for each affected Ubuntu release immediately: exim4 version 4.99.1-1ubuntu1.3 for 26.04 LTS, 4.98.2-1ubuntu2.3 for 25.10, 4.97-4ubuntu4.6 for 24.04 LTS, and 4.95-4ubuntu2.9 for 22.04 LTS. Conduct standard system updates to ensure all necessary patches are applied. Monitor mail server logs for unusual activity related to SMTP sessions. No additional detection or mitigation guidance is provided in the sources.
Source articles (2)
- USN-8353-1: Exim vulnerability — Ubuntu · 2026-06-01
Warisjeet Singh discovered that Exim with SUPPORT_PROXY enabled did not properly handle memory before SMTP authentication. A remote attacker could possibly use this issue to obtain sensitive informati… - Ubuntu 26.04 Exim Critical Information Disclosure Vulnerability USN-8353 — Linuxsecurity · 2026-06-01
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Exim could be made to expose sensitive informati…
Timeline
- 2026-06-01 — Exim vulnerability disclosed: Warisjeet Singh discovered a vulnerability in Exim affecting multiple Ubuntu versions, enabling potential information disclosure.
- 2026-06-01 — Security updates released: Ubuntu released updates for affected systems, urging users to apply them to mitigate the vulnerability.
Related entities
- Data Breach (Attack Type)
- CWE-200 - Exposure of Sensitive Information (Cwe)
- T1190 - Exploit Public-Facing Application (Mitre Attack)
- Exim (Platform)
- Ubuntu (Company)
- Exim Critical Information Disclosure Vulnerability (Vulnerability)