Security News > 2024 > July > Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments

A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes.

"Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users," according to a description shared on the U.S. National Vulnerability Database.

Exim is a free, mail transfer agent that's used in hosts that are running Unix or Unix-like operating systems.

Attack surface management firm Censys said 4,830,719 of the 6,540,044 public-facing SMTP mail servers are running Exim.

As of July 12, 2024, 1,563,085 internet-accessible Exim servers are running a potentially vulnerable version.

"The vulnerability could allow a remote attacker to bypass filename extension blocking protection measures and deliver executable attachments directly to end-users' mailboxes," it noted.

News URL

https://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.html