{"id":165649,"date":"2024-07-12T19:25:01","date_gmt":"2024-07-12T19:25:01","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=165649"},"modified":"2024-07-12T19:25:03","modified_gmt":"2024-07-12T19:25:03","slug":"critical-flaw-exim-mta","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/165649\/hacking\/critical-flaw-exim-mta.html","title":{"rendered":"Critical flaw in Exim MTA could allow to deliver malware to users’ inboxes"},"content":{"rendered":"
<\/div>\n

A critical vulnerability in Exim mail server allows attackers to deliver malicious executable attachments to mailboxes.<\/h2>\n\n\n\n

Attackers can exploit a critical security flaw, tracked as CVE-2024-39929 (CVSS score of 9.1), in the Exim mail transfer agent to deliver malicious attachments to target users’ inboxes.<\/p>\n\n\n\n

Exim is a widely used Mail Transfer Agent (MTA) designed to route, deliver, and receive email messages. Developed initially for Unix-like systems, Exim is known for its flexibility and configurability, allowing administrators to customize its behavior extensively through configuration files.<\/gwmw><\/p>\n\n\n\n

Exim versions up to 4.97.1 are affected by a vulnerability that misinterprets multiline RFC 2231 header filenames. This flaw allows remote attackers to bypass the $mime_filename extension-blocking protection, potentially delivering executable attachments to user mailboxes.<\/gwmw><\/p>\n\n\n\n

The\u00a0vulnerability<\/a>, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98.<\/p>\n\n\n\n

“Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users,” read the advisory<\/a>.<\/p>\n\n\n\n

According to cyber security firm Censys, there are 6,540,044 public-facing SMTP mail servers and 4,830,719 (~74%) are running Exim<\/a>.<\/p>\n\n\n\n

Censys researchers state that a proof of concept (PoC) exploit for this issue exists, but there are no known active exploitations yet.<\/p>\n\n\n\n

“As of July 10, 2024, Censys observes\u00a01,567,109<\/a>\u00a0publicly exposed Exim servers running a potentially vulnerable version (4.97.1 or earlier), concentrated mostly in the United States, Russia, and Canada. So far,\u00a082<\/a>\u00a0public-facing servers show indications of running a patched release of 4.98.” reads the report<\/a> published by Censys.<\/p>\n\n\n\n

The firm released a set of queries that allow identifying Censys-visible public-facing Exim instances running potentially vulnerable versions affected by this CVE.<\/gwmw><\/p>\n\n\n\n

Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n

Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n

(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, malware)<\/strong><\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":"

A critical vulnerability in Exim mail server allows attackers to deliver malicious executable attachments to mailboxes. Attackers can exploit a critical security flaw, tracked as CVE-2024-39929 (CVSS score of 9.1), in the Exim mail transfer agent to deliver malicious attachments to target users’ inboxes. Exim is a widely used Mail Transfer Agent (MTA) designed to […]<\/p>\n","protected":false},"author":1,"featured_media":165655,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,5,55],"tags":[7834,4112,9508,9506,10918,30,687,841,1533],"class_list":["post-165649","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-hacking","category-security","tag-exim-mta","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-malware-2","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n杭州江阴科强工业胶带有限公司