CVE-2024-39929 PoC — Exim 安全漏洞

Source

https://github.com/rxerium/CVE-2024-39929

Associated Vulnerability

Title:Exim 安全漏洞 (CVE-2024-39929)
Description:Exim是一个运行于Unix系统中的开源消息传送代理（MTA），它主要负责邮件的路由、转发和投递。 Exim 4.97.1及之前版本存在安全漏洞，该漏洞源于错误解析了多行RFC 2231头文件名，因此远程攻击者可以绕过扩展阻止保护机制，并可能将可执行附件传送到最终用户的邮箱。

Description

Detection method for Exim vulnerability CVE-2024-39929

Readme

# CVE-2024-39929 PoC

## Vulnerability Brief

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.

## How does this detection method work?

Versions through 4.97.1 are vulnerable to this vulnerability. This template version matches for any instances of Exim prior to and including 4.87.1.

## How do I run this script?

1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com -t template.yaml` 

## References

- https://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-39929
- https://github.com/Exim/exim


## Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.

File Snapshot


 [4.0K]  /data/pocs/1b51b56f5fc0c267092ab2b5252836bcffabb22c
├── [1.0K]  README.md
└── [1.9K]  template.yaml

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!