TLP : CLEAR
Date : 15/07/2024
REF NO : CERT / 2024/07/64
Severity Level: High
Components Affected
Overview
A vulnerability was identified in Exim, a remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system.
Description
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.
Impact
Solution/ Workarounds
Before installation of the software, please visit the vendor web-site for more details.
Reference
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre