
Millions of machines affected by command execution flaw in Exim mail server - inferiorhuman
https://arstechnica.com/information-technology/2019/06/millions-of-machines-affected-by-command-execution-flaw-in-exim-mail-server/
======
fencepost
Is exim installed as an active local MTA on desktops? If so then this is a
trivial local escalation, if not then it's probably most significant when a
box is already breached by other means.

I think the main place I'd worry about this is web hosts using a default
cPanel config - if they're not already patched past the vulnerable version
then compromise of the whole server may take nothing more than a script on a
compromised WordPress site.

