Skip to content
Join the Censys Community Forum: Connect, Share, and Thrive! | Start Here
Advisory

July 10, 2024 Advisory: Vulnerability in Exim MTA Could Allow Malicious Email Attachments Past Filters [CVE-2024-39929]

  • Date of Disclosure: 2024-07-04
  • CVE-ID and CVSS Score: CVE-2024-39929 – CVSS 9.1
  • Issue Name and Description: A vulnerability in Exim MTA due to a bug in RFC 2231 header parsing could potentially allow remote attackers to deliver malicious attachments to user inboxes.
  • Asset Description:
    • Exim is a free mail transfer agent (MTA) that’s widely used on Unix-like operating systems. This vulnerability affects Exim releases up to and including 4.97.1
    • Of the 6,540,044 public facing SMTP mail servers Censys sees online, 4,830,719 (~74%) are running Exim, highlighting how widespread it is.
  • Vulnerability Impact: The vulnerability could allow a remote attacker to bypass filename extension blocking protection measures and deliver executable attachments directly to end-users’ mailboxes. If a user were to download or run one of these malicious files, the system could be compromised.
  • Exploitation Details: A PoC is available, but no active exploitation is known yet.
  • Patch Availability: This issue is fixed in Exim 4.98: https://github.com/Exim/exim/compare/exim-4.98-RC2…exim-4.98-RC3
  • Censys Perspective: As of July 10, 2024, Censys observes 1,567,109 publicly exposed Exim servers running a potentially vulnerable version (4.97.1 or earlier), concentrated mostly in the United States, Russia, and Canada. So far, 82 public-facing servers show indications of running a patched release of 4.98.
  • Detection with Censys: The following queries can be leveraged to identify Censys-visible public-facing Exim instances running potentially vulnerable versions affected by this CVE.
  • References:

 

Attack Surface Management Solutions
Learn more