-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
- Privacy
Even after the patch, if a server was compromised via another low-privileged method, the local availability of the remoting endpoints could still be used as a privilege escalation vector.
The attacker doesn't need a login. Here is how the request looks under the hood: smartermail 6919 exploit
In the autumn of 2021, a quiet but critical storm brewed in the world of enterprise email servers. SmarterMail, a popular Microsoft Exchange alternative used by thousands of small to medium-sized businesses and hosting providers, had a secret. It was a flaw so simple yet so powerful that it earned its place in the Common Vulnerabilities and Exposures (CVE) database as —more commonly known among system administrators as the "SmarterMail 6919 exploit." Even after the patch, if a server was
The issue was resolved in Build 6985 , which restricts port 17001 to local access only ( 127.0.0.1 ) by default. Build 6919 was also susceptible to other high-severity
Monitor your Error and Audit logs for:
: Build 6985 restricts port 17001 to the local loopback address ( 127.0.0.1 ), preventing remote access.
Build 6919 was also susceptible to other high-severity vulnerabilities patched in the same cycle:
NZ Poetry Shelf
You must be logged in to post a comment.