Security News > 2024 > July > Critical Exim bug bypasses security filters on 1.5 million mail servers
Censys warns that over 1.5 million Exim mail transfer agent instances are unpatched against a critical vulnerability that lets threat actors bypass security filters.
Tracked as CVE-2024-39929 and patched by Exim developers on Wednesday, the security flaw impacts Exim releases up to and including version 4.97.1.
According to the survey, over 59% of the 409,255 mail servers reachable on the Internet during the survey were running Exim, representing just over 241,000 Exim instances.
Per a Shodan search, over 3.3 million Exim servers are currently exposed online, most in the United States, followed by Russia and the Netherlands.
The National Security Agency revealed in May 2020 that the notorious Russian military hacking group Sandworm has been exploiting a critical CVE-2019-10149 Exim flaw since at least August 2019.
More recently, in October, the Exim devs patched three zero-days disclosed through Trend Micro's Zero Day Initiative, one of them exposing millions of Internet-exposed Exim servers to pre-auth RCE attacks.
News URL
Related news
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-04 | CVE-2024-39929 | Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users. | 0.0 |
2019-06-05 | CVE-2019-10149 | OS Command Injection vulnerability in multiple products A flaw was found in Exim versions 4.87 to 4.91 (inclusive). | 9.8 |