By now, some of you have been hearing about a recent security vulnerability affecting the Exim mail transfer agent. With that news, let explore what’s happening…
A flaw was found in Exim versions 4.87 to 4.91 (inclusive), that may lead to remote command execution due to improper validation of recipient address in the `deliver_message()` function inside /src/deliver.c.
This vulnerability has a CVSSv3 Base Score of 9.8 (Critical).
Affected Packages State:
RHEL 5/CentOS 5 Not affected*
As cPanel stated:
To confirm you are already running a patched version, you can run this command on the server:
rpm -q exim
The output will show you the Exim versions that are installed, and should look something like what’s below:
For Version 78: exim-4.92-1.cp1178.x86_64
For Version 80: exim-4.92-1.cp1180.x86_64
This flaw has been fixed as of version 4.92, which cPanel is shipping in version 78 and higher. cPanel version 76 and lower are considered EOL and are not provided with a patch to address this vulnerability. This happens to coincide with EasyApache 3 being removed as of cPanel version 78 and presents an opportunity to address a fundamental issue which is clients running software in End-of-Life status.
For additional information, please see https://blog.cpanel.com/exim-
* CentOS 5 ships with 4.63 and is not affected by this flaw. However, the base operating system is no longer supported by cPanel.
This Exim exploit could affect any servers running cPanel & WHM versions below our latest LTS version which, as of this email is, v78.0.27. For more information about this Exim exploit, please see the link above.
We recommend that you update any servers below cPanel & WHM v78.0.27, promptly, to ensure that you’ve received the latest system updates.
To update your server manually, right away, please use the WebHost Manager interface: WHM >> Home >> cPanel >> Upgrade to Latest Version
If you have any issues with the updates, please contact our technical support analysts for assistance: https://tickets.cpanel.net
We’ve added more in-depth details about this Exim exploit and explain how you can protect yourself, in a blog post on our website, here: