this post was submitted on 15 Jul 2024
11 points (100.0% liked)

Linux and Tech News

2102 readers
1 users here now

This is where all the News about Linux and Linux adjacent things goes. We'll use some of the articles here for the show! You can watch or listen at:

You can also get involved at our forum here on Lemmy:

Or just get the most recent episode of the show here:

founded 2 years ago
MODERATORS
leo@lemmy.linuxuserspace.show
11
Exim vulnerability affecting 1.5M servers lets attackers attach malicious files (arstechnica.com)
submitted 1 year ago by leo@lemmy.linuxuserspace.show to c/news@lemmy.linuxuserspace.show
1 comments fedilink hide all child comments
top 1 comments
sorted by: hot top controversial new old
[–] autotldr@lemmings.world 1 points 1 year ago

This is the best summary I could come up with:

More than 1.5 million email servers are vulnerable to attacks that can deliver executable attachments to user accounts, security researchers said.

Tracked as CVE-2024-39929 and carrying a severity rating of 9.1 out of 10, the vulnerability makes it trivial for threat actors to bypass protections that normally prevent the sending of attachments that install apps or execute code.

“I can confirm this bug,” Exim project team member Heiko Schlittermann wrote on a bug-tracking site.

More than 1.5 million of the Exim servers, or roughly 31 percent, are running a vulnerable version of the open source mail app.

Threat actors can exploit it to bypass extension blocking and deliver executable attachments in emails sent to end users.

Given the requirement that end users must click on an attached executable for the attack to work, this Exim vulnerability isn’t as serious as the one that was exploited starting in 2019.

The original article contains 294 words, the summary contains 148 words. Saved 50%. I'm a bot and I'm open source!