Security News > 2024 > July > Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments
A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes.
"Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users," according to a description shared on the U.S. National Vulnerability Database.
Exim is a free, mail transfer agent that's used in hosts that are running Unix or Unix-like operating systems.
Attack surface management firm Censys said 4,830,719 of the 6,540,044 public-facing SMTP mail servers are running Exim.
As of July 12, 2024, 1,563,085 internet-accessible Exim servers are running a potentially vulnerable version.
"The vulnerability could allow a remote attacker to bypass filename extension blocking protection measures and deliver executable attachments directly to end-users' mailboxes," it noted.
News URL
https://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.html
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (source)
- Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)