censys.com
Open in
urlscan Pro
2606:4700::6812:e5b
Public Scan
URL:
https://censys.com/cve-2024-39929/
Submission: On July 15 via api from TR — Scanned from DE
Submission: On July 15 via api from TR — Scanned from DE
Form analysis 2 forms found in the DOM
<form id="mktoForm_1156" __bizdiag="196352707" __biza="W___" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutAbove" style="font-family: inherit; font-size: 13px; color: rgb(51, 51, 51); width: 1601px;">
<style type="text/css"></style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 5px;">
<div class="mktoOffset" style="width: 5px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 300px;">
<div class="mktoAsterix">*</div>Email Address
</label>
<div class="mktoGutter mktoHasWidth" style="width: 5px;"></div><input id="Email" name="Email" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email" class="mktoField mktoEmailField mktoHasWidth mktoRequired"
aria-required="true" style="width: 300px;"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Last_UTM_Medium__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="NULL" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Last_UTM_Source__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="NULL" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Last_UTM_Campaign__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="NULL" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoFormCol" style="margin-bottom: 5px;">
<div class="mktoOffset mktoHasWidth" style="width: 5px;"></div>
<div class="mktoFieldWrap">
<div class="mktoHtmlText mktoHasWidth" style="width: 332px;"><em>Censys uses the contact information you provide to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how
to unsubscribe, as well as our commitment to protecting your privacy, please review our <a href="https://censys.io/privacy-policy/" target="_blank" id="">Privacy Policy</a>.</em></div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderGDPR_Consent__c"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderExplicit_Opt_In__c"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoNative" style="margin-left: 110px;"><button type="submit" class="mktoButton">SUBSCRIBE</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="1156"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="120-HWT-117">
</form><form __bizdiag="-488594213" __biza="W___" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutAbove"
style="font-family: inherit; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>Text Content
Skip to content
Censys Search Teams: Industry-leading internet intelligence for growing security
teams and organizations | Learn More
Dismiss message
Toggle Menu
* Products
< Back
PRODUCTS
Explore the leading Internet Intelligence Platform for Threat Hunting and
Attack Surface Management.
* Censys Search
* Censys Search Commercial Pricing
* Censys Attack Surface Management
* The Censys Internet Map
* Integrations
* Solutions
< Back
SOLUTIONS
Discover how to empower your security teams to defend attack surfaces and
hunt for threats.
* External Attack Surface Management
* Cloud Asset Discovery
* Exposure and Risk Management
* Rapid Response
* Subsidiaries, Mergers, and Acquisitions
* Security Framework & Compliance
* Threat Hunting
* Federal
* Resources
< Back
RESOURCES
Explore Censys thought leadership on threat hunting, attack surface
management, and industry trends.
* Resource Hub
* Blogs
* Censys Search Pricing
* Glossary
* Exposure Management 101
* Search Documentation
* Attack Surface Management Documentation
* Company
< Back
COMPANY
Learn more about the Censys mission and the talented team behind it.
* About
* Leadership
* Board of Directors
* Customers
* Careers
* Diversity & Inclusion
* Benefits
* Partners
* Search Now
* Request a Demo
Advisory
JULY 10, 2024 ADVISORY: VULNERABILITY IN EXIM MTA COULD ALLOW MALICIOUS EMAIL
ATTACHMENTS PAST FILTERS [CVE-2024-39929]
SHARE
* Share post on LinkedIn
* Share post on Twitter
* Share post on Facebook
* Share via email
July 10, 2024
Tags:
* Email
* Rapid Response
* Date of Disclosure: 2024-07-04
* CVE-ID and CVSS Score: CVE-2024-39929 – CVSS 9.1
* Issue Name and Description: A vulnerability in Exim MTA due to a bug in RFC
2231 header parsing could potentially allow remote attackers to deliver
malicious attachments to user inboxes.
* Asset Description:
* Exim is a free mail transfer agent (MTA) that’s widely used on Unix-like
operating systems. This vulnerability affects Exim releases up to and
including 4.97.1
* Of the 6,540,044 public facing SMTP mail servers Censys sees online,
4,830,719 (~74%) are running Exim, highlighting how widespread it is.
* Vulnerability Impact: The vulnerability could allow a remote attacker to
bypass filename extension blocking protection measures and deliver executable
attachments directly to end-users’ mailboxes. If a user were to download or
run one of these malicious files, the system could be compromised.
* Exploitation Details: A PoC is available, but no active exploitation is known
yet.
* Patch Availability: This issue is fixed in Exim 4.98:
https://github.com/Exim/exim/compare/exim-4.98-RC2…exim-4.98-RC3
* Censys Perspective: As of July 10, 2024, Censys observes 1,567,109 publicly
exposed Exim servers running a potentially vulnerable version (4.97.1 or
earlier), concentrated mostly in the United States, Russia, and Canada. So
far, 82 public-facing servers show indications of running a patched release
of 4.98.
* Detection with Censys: The following queries can be leveraged to identify
Censys-visible public-facing Exim instances running potentially vulnerable
versions affected by this CVE.
* Censys Search Query for Potentially Vulnerable Exposures:
services.software: (product=”exim” and version: [* to 4.97.1])
* Censys ASM Query for Potentially Vulnerable Exposures:
host.services.software: (product=”exim” and version: [* to 4.97.1]) or
web_entity.instances.software: (product=”exim” and version: [* to 4.97.1])
* Censys ASM Risk Query for customers: risks.name=”Vulnerable Exim Server
[CVE-2024-39929]”
* Risk matches should populate in customer workspaces within 24 hours.
* References:
* https://bugs.exim.org/show_bug.cgi?id=3099#c4
* https://ubuntu.com/security/CVE-2024-39929
* https://git.exim.org/exim.git/commit/6ce5c70cff8989418e05d01fd2a57703007a6357
* https://nvd.nist.gov/vuln/detail/CVE-2024-39929
Back to Resources Hub
GIVE US A CALL:
US: 1-888-985-5547
Intl: +1-877-438-9159
* Home
* Censys Search
* Censys Search Commercial Pricing
* Attack Surface Management
* The Censys Internet Map
* Integrations
* Partners
* Censys for Federal
* Resource Hub
* Blog
* Glossary
* About Censys
* Culture
* Careers
* Contact Us
*
*
SUBSCRIBE TO OUR BLOG
*
Email Address
Censys uses the contact information you provide to contact you about our
products and services. You may unsubscribe from these communications at any
time. For information on how to unsubscribe, as well as our commitment to
protecting your privacy, please review our Privacy Policy.
SUBSCRIBE
© 2024 Censys
* Data Retention Policy
* Privacy Policy
* Terms & Conditions
Show CTA
Attack Surface Management Solutions
Learn more
English
* Deutsch
* Français
* Español