Security researchers have uncovered a bug affecting nearly 1.5 million email servers and are vulnerable to attacks that can deliver executable attachments to user accounts, security researchers said.
The vulnerability tracked as CVE-2024-39929 in Exim mail servers with a CVSS score of 9.1 makes it trivial for threat actors to bypass protections that normally prevent the sending of attachments that install apps or execute code. Such protections are a first line of defense against malicious emails designed to install malware on end-user devices.
Researchers at security firm Censys said that of the more than 6.5 million public-facing SMTP email servers appearing in Internet scans, 4.8 million of them run Exim. More than 1.5 million of the Exim servers, or roughly 31 percent, are running a vulnerable version of the open source mail app.
While there are no known reports of active exploitation of the vulnerability, it wouldn’t be surprising to see active targeting, given the ease of attacks and the large number of vulnerable servers.
The vulnerability exists in all Exim versions up to and including 4.97.1, and a fix is available in the Release Candidate 3 of Exim 4.98.
In 2020, Sandworm exploited a Exim vulnerability tracked as CVE-2019-10149, which allowed them to send emails that executed malicious code that ran with unfettered root system rights The attacks began in August 2019, two months after the vulnerability came to light. They continued through at least May 2020.
