CVE-2024-39929: 
Exim vulnerability analysis and mitigation

Exim through version 4.97.1 contains a vulnerability (CVE-2024-39929) related to incorrect parsing of multiline RFC 2231 header filenames. The vulnerability was discovered in June 2024 and publicly disclosed on July 4, 2024. This security flaw affects the Exim mail transfer agent (MTA), which is widely used on Unix-like operating systems, with approximately 74% of public-facing SMTP mail servers running Exim (Censys Report).

The vulnerability stems from a misparsing issue in how Exim handles multiline RFC 2231 header filenames. The CVSS score for this vulnerability is 5.4 (Medium) with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N. The technical issue involves the incorrect parsing of filename parameters in email attachments when they are specified using multiple parameters according to RFC 2231 specifications (NVD, Exim Bug).

The vulnerability allows remote attackers to bypass the $mime_filename extension-blocking protection mechanism, potentially enabling the delivery of executable attachments directly to end-users' mailboxes. Of the 6.5 million public-facing SMTP mail servers observed, approximately 1.5 million servers were running potentially vulnerable versions of Exim as of July 2024 (Censys Report).

The vulnerability has been fixed in Exim version 4.98. System administrators are advised to upgrade to this version or apply the available patches. The fix includes improvements to the MIME parsing of filenames specified using multiple parameters (GitHub Compare).