Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,212
- Points
- 113
Hackers got a new attack tool.
Censys has warned of a critical vulnerability in Exim mail servers that affects more than 1.5 million servers worldwide. The bug allows attackers to bypass security filters and deliver malicious attachments to users ' mailboxes.
In Exim, you can use filters that analyze the names of nested files (MIME filename). Filters help you identify and block files with suspicious or dangerous names to prevent infection through attachments. The administrator can configure Exim to block attachments with extensions that are often used to distribute malware (for example,. exe,. bat), or to check file names for suspicious characters and sequences.
Vulnerability CVE-2024-39929 (CVSS score: 9.1) is caused by incorrect parsing of multi-line RFC2231 header file names, which allows a remote attacker to bypass the $mime_filename protection. The error allows you to deliver executable files to the mailboxes of users who may compromise the system when opened.
Currently, there are 1,532,163 publicly available Exim servers running on the affected version (4.97.1 or earlier). Most of the servers are located in the United States, Russia, and Canada. Note that a PoC is already available for this flaw, but nothing is known about active use yet.
Administrators of Exim servers are advised to update the software to the latest version and fix the vulnerability immediately. If the update is not possible, you should restrict remote access to servers from the Internet to prevent attempts to exploit the vulnerability. Currently, 82 public servers show signs of working with the corrected version 4.98.
According to Shodan, there are more than 3.4 million Exim servers open on the Internet, most of which are located in the United States, Russia, and the Netherlands. Censys also found 6,540,044 public mail servers, of which 4,830,719 (approximately 74%) run on Exim.
Available Online Exim Servers
Mail servers such as Exim are often targeted because they are almost always accessible over the Internet. Exim is the standard MTA for Debian Linux and the most popular mail server in the world. According to the latest data, more than 241,000 copies of the 409,255 available on the Internet are running on Exim.
Source
Censys has warned of a critical vulnerability in Exim mail servers that affects more than 1.5 million servers worldwide. The bug allows attackers to bypass security filters and deliver malicious attachments to users ' mailboxes.
In Exim, you can use filters that analyze the names of nested files (MIME filename). Filters help you identify and block files with suspicious or dangerous names to prevent infection through attachments. The administrator can configure Exim to block attachments with extensions that are often used to distribute malware (for example,. exe,. bat), or to check file names for suspicious characters and sequences.
Vulnerability CVE-2024-39929 (CVSS score: 9.1) is caused by incorrect parsing of multi-line RFC2231 header file names, which allows a remote attacker to bypass the $mime_filename protection. The error allows you to deliver executable files to the mailboxes of users who may compromise the system when opened.
Currently, there are 1,532,163 publicly available Exim servers running on the affected version (4.97.1 or earlier). Most of the servers are located in the United States, Russia, and Canada. Note that a PoC is already available for this flaw, but nothing is known about active use yet.
Administrators of Exim servers are advised to update the software to the latest version and fix the vulnerability immediately. If the update is not possible, you should restrict remote access to servers from the Internet to prevent attempts to exploit the vulnerability. Currently, 82 public servers show signs of working with the corrected version 4.98.
According to Shodan, there are more than 3.4 million Exim servers open on the Internet, most of which are located in the United States, Russia, and the Netherlands. Censys also found 6,540,044 public mail servers, of which 4,830,719 (approximately 74%) run on Exim.
Available Online Exim Servers
Mail servers such as Exim are often targeted because they are almost always accessible over the Internet. Exim is the standard MTA for Debian Linux and the most popular mail server in the world. According to the latest data, more than 241,000 copies of the 409,255 available on the Internet are running on Exim.
Source
