topic Critical Exim bug bypasses security filters on 1.5 million mail servers in Threats https://community.isc2.org/t5/Threats/Critical-Exim-bug-bypasses-security-filters-on-1-5-million-mail/m-p/72106#M1256 <P>Hi All</P><P>&nbsp;</P><P>Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters.</P><P>Tracked as <A href="https://nvd.nist.gov/vuln/detail/CVE-2024-39929" target="_blank" rel="nofollow noopener">CVE-2024-39929</A> and patched by Exim developers on <A href="https://lists.exim.org/lurker/message/20240710.155945.8823670d.pt.html" target="_blank" rel="nofollow noopener">Wednesday</A>, the security flaw impacts Exim releases up to and including version 4.97.1.</P><P>The vulnerability is due to the incorrect parsing of multiline RFC2231 header filenames, which can let remote attackers deliver malicious executable attachments into end users' mailboxes by circumventing the <A href="https://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html#SECTscanmimepart" target="_blank" rel="nofollow noopener"><EM>$mime_filename</EM></A> extension-blocking protection mechanism.</P><P>&nbsp;</P><P><A href="https://www.bleepingcomputer.com/news/security/critical-exim-bug-bypasses-security-filters-on-15-million-mail-servers/" target="_blank">https://www.bleepingcomputer.com/news/security/critical-exim-bug-bypasses-security-filters-on-15-million-mail-servers/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 18 Jul 2024 01:03:57 GMT Caute_cautim 2024-07-18T01:03:57Z Critical Exim bug bypasses security filters on 1.5 million mail servers https://community.isc2.org/t5/Threats/Critical-Exim-bug-bypasses-security-filters-on-1-5-million-mail/m-p/72106#M1256 <P>Hi All</P><P>&nbsp;</P><P>Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters.</P><P>Tracked as <A href="https://nvd.nist.gov/vuln/detail/CVE-2024-39929" target="_blank" rel="nofollow noopener">CVE-2024-39929</A> and patched by Exim developers on <A href="https://lists.exim.org/lurker/message/20240710.155945.8823670d.pt.html" target="_blank" rel="nofollow noopener">Wednesday</A>, the security flaw impacts Exim releases up to and including version 4.97.1.</P><P>The vulnerability is due to the incorrect parsing of multiline RFC2231 header filenames, which can let remote attackers deliver malicious executable attachments into end users' mailboxes by circumventing the <A href="https://www.exim.org/exim-html-current/doc/html/spec_html/ch-content_scanning_at_acl_time.html#SECTscanmimepart" target="_blank" rel="nofollow noopener"><EM>$mime_filename</EM></A> extension-blocking protection mechanism.</P><P>&nbsp;</P><P><A href="https://www.bleepingcomputer.com/news/security/critical-exim-bug-bypasses-security-filters-on-15-million-mail-servers/" target="_blank">https://www.bleepingcomputer.com/news/security/critical-exim-bug-bypasses-security-filters-on-15-million-mail-servers/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 18 Jul 2024 01:03:57 GMT https://community.isc2.org/t5/Threats/Critical-Exim-bug-bypasses-security-filters-on-1-5-million-mail/m-p/72106#M1256 Caute_cautim 2024-07-18T01:03:57Z