A critical security issue has been discovered in the Exim Mail Transfer Agent that could allow threat actors to deliver malicious attachments to targeted users’ mailboxes.
The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. This was resolved in version 4.98.
“Exim through 4.97.1 incorrectly parses the RFC 2231 multiline header file name, allowing remote attackers to bypass the $mime_filename extension blocking protection mechanism and potentially deliver executable attachments to end-user mailboxes,” the description reads general in the US National Vulnerability Database (NVD).
Exim is a free mail transfer agent used on hosts running Unix or Unix-like operating systems. It was first released in 1995 for use at Cambridge University.
Attack surface management firm Censys said 4,830,719 out of 6,540,044 public SMTP mail servers are running Exim. As of July 12, 2024. 1,563,085 Exim servers available online are running a potentially vulnerable version (4.97.1 or earlier).
Most of the vulnerable instances are located in the USA, Russia and Canada.
“The vulnerability could allow a remote attacker to bypass file extension blocking protections and deliver executable attachments directly to end-user mailboxes,” it said. noted. “If a user downloads or runs one of these malicious files, the system could be compromised.”
This also means that potential targets must click on the attached executable for the attack to be successful. While there are no reports of active exploitation of the flaw, it is imperative that users quickly apply patches to mitigate potential threats.
The development appeared almost a year after the developers of the project a a set of six vulnerabilities in Exim, which could lead to information disclosure and remote code execution.
