Eenos Exim Security Update

Eenos Exim Security Update

A critical security vulnerability has been identified in the Exim mail transfer agent, potentially allowing attackers to send malicious attachments to users' inboxes.

Vulnerability Details:

• CVE: CVE-2024-39929
• CVSS Score: 9.1/10.0
• Resolved in Version : 4.98

According to the U.S. National Vulnerability Database (NVD), "Exim through 4.97.1 misparses a multiline RFC 2231 header filename, allowing remote attackers to bypass the $mime_filename extension-blocking protection mechanism and possibly deliver executable attachments to users' mailboxes."

The Eenos hosting control panel has been updated to include Exim package version 4.98. If you have automatic updates enabled, this update has already been applied to your servers. If not, we strongly recommend updating your server as soon as possible.

Checking Your Exim Version:

To verify the Exim version on your server, use the following command:

References:

• CVE-2024-39929
• Exim GitHub Comparison
• RFC 2231
• NVD CVE-2024-39929
• Launchpad CVE-2024-39929
• Debian Security Tracker CVE-2024-39929

Bugs:

• Debian Bug 1075785
• Exim Bug 3099