Exim security vulnerability affects 1.5 million servers

A newly discovered vulnerability in the Exim mail server is currently affecting more than 1.5 million servers worldwide, according to recent reports. The good news is that a patch is already available.

Exim is a freely available mail transfer agent (MTA) that runs on many servers with Unix or Unix derivatives. Exim was developed in 1995 for the University of Cambridge and is now used worldwide.

Due to the widespread use of Exim, the vulnerability now found, labelled CVE-2024-39929, is very serious. It has been categorised with a severity level of 9.1 on a scale of up to 10. All Exim versions up to and including version 4.97.1 are affected.

Mail MTA Sicherheitslücke CVE-2024-39929

Request a Quote

Your security and maintenance specialist in the DataCentre

Thanks to decades of experience, we know what is important in the security environment of your data centre. Benefit not only from our experience, but also from our excellent prices. Get a quote and make your own comparison.

Request a Quote

A bug in the processing of headers can be exploited

The vulnerability exists due to an exception in the processing of multiline headers by Exim, as defined in RFC 2231. The vulnerability could allow attackers to bypass the protective measures for blocking file name extensions and thus send executable attachments to mailboxes. Downloading or executing such attachments can compromise the user’s system. Heiko Schlittermann, a member of the Exim project team, confirmed the severity of the vulnerability.

More than 1.5 million mail servers worldwide are affected. In Germany alone, the number is around 60,000. 74 per cent of the 6.5 million publicly accessible SMPT servers worldwide run Exim.

No exploits reported yet

But there is also good news: No exploits of the vulnerability are known so far. However, due to the ease with which the vulnerability can be exploited and the large number of potentially affected servers, it seems only a matter of time before it becomes an active exploit.

Although a successful exploit requires a user to click on a malware attachment, the risk is high, for example due to social engineering tactics used by attackers to get users to open email attachments.

What can users who are affected do?

Release Candidate 3 of Exim version 4.98 contains a fix for the vulnerability CVE-2024-39929. It is recommended to update Exim mail servers to the latest version as soon as possible to reduce the risk of exploits. To do this, the corresponding patch must be downloaded and installed.

Before updating the system to the new version, a complete backup of the server must be carried out.

What is Hardwarewartung 24 thinking?

The Exim security vulnerability in the Mail MTA should not be underestimated. We strongly recommend installing a patch. You can find all relevant information on sources and patch options by following the link in the article.

Learn More

Your maintenance specialist for all major hardware brands

Thanks to decades of experience, we know what is important when it comes to servicing and maintaining your data centre hardware. Benefit not only from our experience, but also from our excellent prices. Get a quote and compare for yourself.