A newly discovered vulnerability in the Exim mail server is currently affecting more than 1.5 million servers worldwide, according to recent reports. The good news is that a patch is already available.
Exim is a freely available mail transfer agent (MTA) that runs on many servers with Unix or Unix derivatives. Exim was developed in 1995 for the University of Cambridge and is now used worldwide.
Due to the widespread use of Exim, the vulnerability now found, labelled CVE-2024-39929, is very serious. It has been categorised with a severity level of 9.1 on a scale of up to 10. All Exim versions up to and including version 4.97.1 are affected.
Your security and maintenance specialist in the DataCentre
A bug in the processing of headers can be exploited
The vulnerability exists due to an exception in the processing of multiline headers by Exim, as defined in RFC 2231. The vulnerability could allow attackers to bypass the protective measures for blocking file name extensions and thus send executable attachments to mailboxes. Downloading or executing such attachments can compromise the user’s system. Heiko Schlittermann, a member of the Exim project team, confirmed the severity of the vulnerability.
More than 1.5 million mail servers worldwide are affected. In Germany alone, the number is around 60,000. 74 per cent of the 6.5 million publicly accessible SMPT servers worldwide run Exim.
No exploits reported yet
But there is also good news: No exploits of the vulnerability are known so far. However, due to the ease with which the vulnerability can be exploited and the large number of potentially affected servers, it seems only a matter of time before it becomes an active exploit.
Although a successful exploit requires a user to click on a malware attachment, the risk is high, for example due to social engineering tactics used by attackers to get users to open email attachments.
What can users who are affected do?
Release Candidate 3 of Exim version 4.98 contains a fix for the vulnerability CVE-2024-39929. It is recommended to update Exim mail servers to the latest version as soon as possible to reduce the risk of exploits. To do this, the corresponding patch must be downloaded and installed.
Before updating the system to the new version, a complete backup of the server must be carried out.