Security News > 2024 > July > Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)
![Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)](/static/build/img/news/critical-exim-vulnerability-facilitates-malware-delivery-cve-2024-39929-medium.jpg)
The maintainers of the Exim mail transfer agent have fixed a critical vulnerability that currently affects around 1.5 million public-facing servers and can help attackers deliver malware to users.
CVE-2024-39929 affects Exim releases up to and including 4.97.1, and has been fixed in Exim v4.98, which was released last week.
According to Censys, of the 6,540,044 public-facing SMTP mail servers the company's sees via its search engine, nearly 75% are running Exim.
"As of July 10, 2024, Censys observes 1,567,109 publicly exposed Exim servers running a potentially vulnerable version, concentrated mostly in the United States, Russia, and Canada," the company shared.
"All versions of Exim previous to version 4.98 are now obsolete. The last 3.x release was 3.36. It is twenty years obsolete and should not be used," Exim maintainers also noted.
Vulnerabilities in Exim are often found and privately disclosed by security researchers, and occasionally exploited by attackers.
News URL
https://www.helpnetsecurity.com/2024/07/15/cve-2024-39929/
Related news
- Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments (source)
- Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) (source)
- PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) (source)
- RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability (source)
- FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine (source)
- SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) (source)
- Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability (source)
- Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool (source)