Security News > 2024 > July > Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments
A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes.
"Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users," according to a description shared on the U.S. National Vulnerability Database.
Exim is a free, mail transfer agent that's used in hosts that are running Unix or Unix-like operating systems.
Attack surface management firm Censys said 4,830,719 of the 6,540,044 public-facing SMTP mail servers are running Exim.
As of July 12, 2024, 1,563,085 internet-accessible Exim servers are running a potentially vulnerable version.
"The vulnerability could allow a remote attacker to bypass filename extension blocking protection measures and deliver executable attachments directly to end-users' mailboxes," it noted.
News URL
https://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.html
Related news
- Critical Exim bug bypasses security filters on 1.5 million mail servers (source)
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929) (source)
- Critical GitHub Enterprise Server Flaw Allows Authentication Bypass (source)
- GitHub Enterprise Server patches 10-outta-10 critical hole (source)
- New PHP Vulnerability Exposes Windows Servers to Remote Code Execution (source)
- Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability (source)
- Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed (source)
- Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool (source)