Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Exim Software
Alerts

Critical Vulnerability in Exim Software

17 July 2024

Exim has released security updates addressing a critical vulnerability (CVE-2024-39929) in their mail transfer agent (MTA). 

Successful exploitation of the vulnerability could allow attackers to bypass filename extension blocking protection measures and potentially deliver executable attachments to the mailboxes of end users remotely.

This vulnerability affects Exim releases up to and including version 4.97.1. 

Users and administrators of affected products are advised to update to the latest versions immediately. 

More information is available here:

https://nvd.nist.gov/vuln/detail/CVE-2024-39929

https://censys.com/cve-2024-39929/

https://github.com/Exim/exim/releases/tag/exim-4.98-RC3

https://arstechnica.com/security/2024/07/more-than-1-5-million-email-servers-running-exim-vulnerable-to-critical-attacks/