Security researchers have discovered a critical vulnerability in the popular server-based email client Exim that allows attackers to bypass security and send malicious attachments. More than 1.5 million servers around the world are at risk.
Image Source: Aaron McLean / Unsplash
Cybersecurity experts identified 10 days ago a serious vulnerability in Exim software, one of the most common mail servers in the world, Ars Technica reports. The vulnerability, identified as CVE-2024-39929, allows attackers to bypass standard security mechanisms and send emails with executable attachments that can pose a serious threat to end users.
According to cyber threat intelligence company Censys, of the more than 6.5 million public SMTP servers currently on the Internet, 4.8 million (about 74%) are running Exim. More than 1.5 million Exim servers (approximately 31%) use vulnerable versions of the software.
The vulnerability, CVE-2024-39929, is rated 9.1 out of 10 on the CVSS severity scale and is due to an error in the handling of multi-line headers described in RFC 2231. Heiko Schlittermann, a member of the Exim development team, has confirmed the vulnerability. vulnerability, calling it a “major security issue.”
While there are currently no reports of active exploitation of the bug, experts warn of a high likelihood of targeted attacks in the near future. They recalled a 2020 case in which the hacker group Sandworm exploited another vulnerability in Exim (CVE-2019-10149) to launch massive attacks on servers.
Although a successful attack requires the end user to launch a malicious attachment, experts emphasize that social engineering techniques remain one of the most effective ways to compromise systems. Experts recommend that Exim server administrators update their software to the latest version as soon as possible to protect their systems from potential attacks.
The CVE-2024-39929 vulnerability is present in all versions of Exim up to and including 4.97.1. The fix is available in Release Candidate 3 version 4.98.
Image Source: Mediatonic Among the available formats are team deathmatch, every man for himself, and…
Seasonic has released the PRIME PX-2200 2200 W power supply. The new product was first…
The ability of modern automation to control vehicles without human intervention is limited by a…
GPUs, originally created for creating three-dimensional images, have performed well in the field of accelerating…
South Korean electronics maker Samsung Display plans to invest $1.8 billion this year to build…
More and more users are complaining about problems with the responsiveness of the iPhone 16…