A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to produce malicious attachments to focus on users’ inboxes.
The vulnerability, tracked as CVE-2024-39929, has a CVSS rating of 9.1 out of 10.. It has been resolved in edition 4.98.
“Exim by means of 4.97.1 misparses a multiline RFC 2231 header filename, and thus distant attackers can bypass a $mime_filename extension-blocking safety mechanism, and most likely deliver executable attachments to the mailboxes of conclude customers,” according to a description shared on the U.S. National Vulnerability Databases (NVD).
Exim is a absolutely free, mail transfer agent that is made use of in hosts that are functioning Unix or Unix-like working techniques. It was to start with launched in 1995 for use at the University of Cambridge.
Attack area management agency Censys mentioned 4,830,719 of the 6,540,044 public-experiencing SMTP mail servers are working Exim. As of July 12, 2024, 1,563,085 internet-obtainable Exim servers are operating a most likely susceptible edition (4.97.1 or earlier).
A the vast majority of the vulnerable cases are positioned in the U.S., Russia, and Canada.
“The vulnerability could permit a remote attacker to bypass filename extension blocking defense steps and provide executable attachments straight to stop-users’ mailboxes,” it famous. “If a person had been to obtain or run 1 of these destructive data files, the method could be compromised.”
This also usually means that potential targets have to simply click on an hooked up executable for the attack to be profitable. Though there are no reviews of energetic exploitation of the flaw, it really is essential that users transfer speedily to implement the patches to mitigate potential threats.
The growth comes virtually a year right after the task maintainers a established of six vulnerabilities in Exim that could final result in info disclosure and distant code execution.
Observed this short article attention-grabbing? Abide by us on Twitter and LinkedIn to go through a lot more distinctive written content we write-up.
Some parts of this article are sourced from:
thehackernews.com