A critical vulnerability in the Exim mail transfer agent (MTA) has recently been brought to light, posing a significant threat to over 1.5 million servers worldwide. Known as CVE-2024-39929, this flaw allows cybercriminals to bypass security filters meant to block harmful attachments, potentially compromising email security infrastructure.
The vulnerability stems from a loophole in the parsing of multiline RFC2231 header filenames in Exim versions up to and including 4.97.1. This oversight enables remote attackers to send executable attachments directly to users’ mailboxes, evading protective measures like the $mime_filename extension-blocking feature.
Developers of Exim promptly addressed this issue in the latest release, version 4.98, which includes a patch for CVE-2024-39929. By fixing the mishandling of RFC2231 headers, the patch effectively seals off avenues for potential exploits that could jeopardize email servers.
Exim, widely used across Unix-like systems, plays a pivotal role in many organizations’ email infrastructures. Statistics from Censys reveal that approximately 74% of publicly accessible SMTP mail servers run Exim, underscoring the extensive reach of this vulnerability.
According to Censys, the vulnerability in Exim MTA due to a bug in RFC 2231 header parsing could enable malicious actors to deliver harmful attachments to user inboxes. While there are no active exploits reported thus far, proof-of-concept demonstrations exist, highlighting the urgent need for installing patches.
Security experts stress the importance of promptly updating Exim installations to version 4.98 or newer in response to the disclosure. This not only addresses CVE-2024-39929 but also integrates previous fixes for other vulnerabilities, enhancing overall email security.
As of July 10, 2024, Censys reports that more than 1.5 million Exim servers remain potentially vulnerable, with a significant concentration in regions such as the United States, Russia, and Canada. Despite this, only a small percentage of these servers have undergone the necessary updates, underscoring the ongoing risks linked to delayed patching efforts.
System administrators and IT professionals are encouraged to leverage Censys’ detection capabilities to pinpoint Exim instances running vulnerable versions. This proactive method can expedite patching processes and provide protection against potential exploitation.
While CVE-2024-39929 poses a grave security threat for Exim users globally, the availability of patches and preemptive actions offer effective mitigation measures. By swiftly upgrading to Exim version 4.98 or higher, organizations can fortify their defenses against cyber threats and uphold the integrity of their email communications.