A critical issue in Exim mail transfer agent (MTA) has left over 1.5 million servers unpatched, posing significant security risks. Tracked as CVE-2024-39929, the flaw allows threat actors to bypass security filters and deliver malicious executable attachments to users’ mailboxes. The issue arises from incorrect parsing of multiline RFC2231 header filenames, compromising the $mime_filename extension-blocking protection. Although there is no known active exploitation, proof of concept (PoC) exists, increasing the urgency for administrators to act swiftly.
Exim, the default MTA for Debian Linux and the world’s most popular MTA software, is highly targeted due to its internet accessibility. A recent survey found over 59% of the 409,255 mail servers online run Exim, highlighting the widespread risk.