Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:
CYBER ALERT
Home / CYBER ALERT
/
Exim: Public PoC for the exploitation of CVE-2024-39929 (AL01/240715/CSIRT-ITA)

Exim: Public PoC for the exploitation of CVE-2024-39929 (AL01/240715/CSIRT-ITA)

Synthesis

A Proof of Concept (PoC) is available for the CVE-2024-39929 vulnerability present in Exim, Mail Transfer Agent (MTA) used on Unix-like systems. This vulnerability, due to an incorrect analysis of the RFC 2231 header, could allow – a remote attacker – to bypass the security mechanisms in order to distribute malicious executables in the mailboxes of end users.

Risk

Estimated impact of vulnerability on the reference community: HIGH/ORANGE (71.92/100)1.

Type

  • Arbitrary Code Execution
  • Security Restrictions Bypass

Affected products and versions

Exim, versions prior to 4.98

Mitigation actions

It is recommended to update vulnerable products to the latest available version.

Unique vulnerability identifiers

CVE-2024-39929

References

https://www.exim.org/download.html

1This estimate is carried out taking into account various parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.

Recommended to you

Search in 365TRUST

Our services