CVE-2024-39929: The Exim Vulnerability Threatening Global Email Security

The Mail Transfer Agent (MTA) is primarily responsible for forwarding emails over the network. Exim, which is open-source and free, is a typical and widely used MTA.

Exim is designed for Unix and Unix-like systems such as Linux. Its flexibility and configurability make it the preferred MTA for many system administrators.

According to internet traffic statistics, 74% of the world’s 6.5 million SMTP mail servers (approximately 4.83 million) can be accessed via Exim. A newly discovered vulnerability in Exim affects over 1.5 million SMTP mail servers.

A security flaw in Exim, designated as CVE-2024-39929, allows attackers to bypass protective mechanisms and send unfiltered executable attachments to end users’ mailboxes.

This vulnerability impacts all versions of Exim, including version 4.97.1. However, not all Exim servers can be scanned due to configuration differences, but intelligence systems detected that 1.56 million mail servers are affected.

The CVE-2024-39929 vulnerability arises from an error in parsing the RFC-2231 header, which manages the encoding and interpretation of file names in email attachments. When exploited, malicious attachments can bypass security mechanisms and reach users’ mailboxes.

Although there is no evidence that hackers have actively exploited this vulnerability, a proof-of-concept has emerged in the open-source community, indicating that attacks are only a matter of time.

On July 10, Exim released version 4.98, which addresses this vulnerability. In addition to fixing the flaw, the new version of Exim has enhanced DKIM DNS record parsing. All system administrators using Exim are advised to upgrade to the latest version promptly to ensure security.