Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments

Exim Mail Server Vulnerability

A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users’ inboxes.

The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98.

“Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users,” according to a description shared on the U.S. National Vulnerability Database (NVD).

Cybersecurity

Exim is a free, mail transfer agent that’s used in hosts that are running Unix or Unix-like operating systems. It was first released in 1995 for use at the University of Cambridge.

Attack surface management firm Censys said 4,830,719 of the 6,540,044 public-facing SMTP mail servers are running Exim. As of July 12, 2024, 1,563,085 internet-accessible Exim servers are running a potentially vulnerable version (4.97.1 or earlier).

A majority of the vulnerable instances are located in the U.S., Russia, and Canada.

Cybersecurity

“The vulnerability could allow a remote attacker to bypass filename extension blocking protection measures and deliver executable attachments directly to end-users’ mailboxes,” it noted. “If a user were to download or run one of these malicious files, the system could be compromised.”

This also means that prospective targets must click on an attached executable for the attack to be successful. While there are no reports of active exploitation of the flaw, it’s essential that users move quickly to apply the patches to mitigate potential threats.

The development comes almost a year after the project maintainers a set of six vulnerabilities in Exim that could result in information disclosure and remote code execution.



Original Source


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.