Bug 938214 (CVE-2024-39929)

Summary:	<mail-mta/exim-4.97.1-r6: Incorrect parsing of multiline rfc2231 header filename
Product:	Gentoo Security	Reporter:	Dmitry A. Bakshaev <dab1818>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	CONFIRMED ---
Severity:	normal	CC:	bertrand, grobian, jstein
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=938473
Whiteboard:	B4 [stable]
Package list:		Runtime testing required:	---
Bug Depends on:	941697
Bug Blocks:

Description Dmitry A. Bakshaev 2024-08-20 06:40:35 UTC

https://nvd.nist.gov/vuln/detail/CVE-2024-39929:
"Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users."

https://bugs.exim.org/show_bug.cgi?id=3099

Comment 1 Larry the Git Cow gentoo-dev

2024-08-21 07:40:28 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1097635d14eeaaa52eeda75da3257a08c27bcf30

commit 1097635d14eeaaa52eeda75da3257a08c27bcf30
Author:     Fabian Groffen <grobian@gentoo.org>
AuthorDate: 2024-08-21 07:39:00 +0000
Commit:     Fabian Groffen <grobian@gentoo.org>
CommitDate: 2024-08-21 07:39:47 +0000

    mail-mta/exim-4.97.1-r6: CVE-2024-39929
    
    Bug: https://bugs.gentoo.org/938214
    Signed-off-by: Fabian Groffen <grobian@gentoo.org>

 mail-mta/exim/exim-4.97.1-r6.ebuild                | 637 +++++++++++++++++++++
 .../files/exim-4.97.1-CVE-2024-39929-part1.patch   | 111 ++++
 .../files/exim-4.97.1-CVE-2024-39929-part2.patch   | 247 ++++++++
 3 files changed, 995 insertions(+)

Comment 2 Jonas Stein gentoo-dev

2024-08-25 11:49:05 UTC

Fixed in mail-mta/exim-4.98

Comment 3 Fabian Groffen gentoo-dev

2024-09-02 08:26:23 UTC

Fixbackported in mail-mta/exim-4.97.1-r6, which is running stable.  4.98 is masked due to segfaults in helper scripts.