CVE-2024-39929 PoC — Exim 安全漏洞

Source

https://github.com/rxerium/CVE-2024-39929

Associated Vulnerability

Title:Exim 安全漏洞 (CVE-2024-39929)
Description:Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.

Description

Detection method for Exim vulnerability CVE-2024-39929

Readme

# CVE-2024-39929 PoC

## Vulnerability Brief

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.

## How does this detection method work?

Versions through 4.97.1 are vulnerable to this vulnerability. This template version matches for any instances of Exim prior to and including 4.87.1.

## How do I run this script?

1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com -t template.yaml` 

## References

- https://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-39929
- https://github.com/Exim/exim


## Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.

File Snapshot


 [4.0K]  /data/pocs/1b51b56f5fc0c267092ab2b5252836bcffabb22c
├── [1.0K]  README.md
└── [1.9K]  template.yaml

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!