{"id":4850,"date":"2012-10-28T08:30:57","date_gmt":"2012-10-28T12:30:57","guid":{"rendered":"http:\/\/g33kinfo.com\/info\/?p=4850"},"modified":"2012-10-28T08:30:57","modified_gmt":"2012-10-28T12:30:57","slug":"cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671","status":"publish","type":"post","link":"https:\/\/g33kinfo.com\/info\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/","title":{"rendered":"cPanel Exim Remote Code Execution Vulnerability Notification CVE-2012-5671"},"content":{"rendered":"<p>From <a href=\"http:\/\/cpanel.net\/exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/\" target=\"_blank\" rel=\"noopener noreferrer\">cpanel.net<\/a><\/p>\n<div>Posted on\u00a0<a title=\"4:05 pm\" href=\"http:\/\/cpanel.net\/exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/\" rel=\"bookmark noopener noreferrer\" target=\"_blank\">October 26, 2012<\/a>\u00a0by\u00a0<a title=\"View all posts by cPanel\" href=\"http:\/\/cpanel.net\/author\/sarah\/\" target=\"_blank\" rel=\"noopener noreferrer\">cPanel<\/a><\/div>\n<div>\n&nbsp;&nbsp;<br \/>\n<strong>Summary<\/strong><\/p>\n<p>A remote code execution vulnerability exists in Exim versions between 4.70 and 4.80, inclusive. Exim is the mail transfer agent used by cPanel &amp; WHM.<\/p>\n<p><strong>Security Rating<\/strong><br \/>\n<strong>This vulnerability has been rated as Critical [1] by the cPanel Security team.<\/strong><\/p>\n<p><!--more--><\/p>\n<p><strong>Description<\/strong><\/p>\n<p>A remote code execution flaw in Exim has been discovered by an internal audit performed by the Exim developers [2]. This vulnerability may lead to arbitrary code execution with the privileges of the user executing the Exim daemon. In some circumstances this may lead to privilege escalation.<\/p>\n<p>The vulnerability is tied to the DKIM support introduced in Exim 4.70. It has been assigned CVE-2012-5671[3].<\/p>\n<p>The following Exim RPMs, as distributed by cPanel, Inc. are known to be vulnerable:<\/p>\n<p>* exim-4.76-1<br \/>\n* exim-4.77-0<br \/>\n* exim-4.77-1<br \/>\n* exim-4.80-0<br \/>\n* exim-4.80-1<\/p>\n<p>These RPMs were shipped as part of cPanel &amp; WHM versions 11.32 and 11.34.<\/p>\n<p><strong>Solution<\/strong><\/p>\n<p>Servers that are using the default DKIM verification settings provided with cPanel &amp; WHM 11.32 and newer are not vulnerable. The default settings disable DKIM key verification by adding the following to \/etc\/exim.conf<br \/>\n<code><br \/>\nwarn control = dkim_disable_verify<br \/>\n<\/code><br \/>\nThis prevents the exploitable code from being available during exim execution.<\/p>\n<p>To fully resolve the issue cPanel has produced new Exim RPMs for cPanel &amp; WHM version 11.32 and 11.34. Server Owners are strongly urged to update their cPanel &amp; WHM installations to the following versions:<\/p>\n<p>* cPanel &amp; WHM 11.32.5.13<br \/>\n* cPanel &amp; WHM 11.34.0.6<\/p>\n<p>Exim RPMs are distributed through cPanel\u2019s package management system. All cPanel &amp; WHM servers receiving updates automatically will receive the updated Exim RPM during normal update and maintenance operations (upcp). Servers with automatic updates disabled will require action in order to receive the update. We recommend all customers to update to the latest releases of 11.32 and 11.34 as soon as possible.<\/p>\n<p>Servers who have disabled Exim updates, via the Update Preferences interface in WHM, are strongly urged to re-enable updates.<\/p>\n<p>To perform a manual update of cPanel &amp; WHM, perform the following:<\/p>\n<p>1. Login to your server as root using SSH<br \/>\n2. Execute the following command on the command line:<br \/>\n<code><br \/>\n\/scripts\/upcp<br \/>\n<\/code><br \/>\nUpdated cPanel &amp; WHM 11.32, and 11.34, servers will have the following Exim RPM:<\/p>\n<p>exim-4.80-3<\/p>\n<p><strong>References<\/strong><\/p>\n<p>[1]\u00a0<a href=\"http:\/\/docs.cpanel.net\/twiki\/bin\/view\/AllDocumentation\/SecurityLevels\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/docs.cpanel.net\/twiki\/bin\/view\/AllDocumentation\/SecurityLevels<\/a><br \/>\n[2]\u00a0<a href=\"https:\/\/lists.exim.org\/lurker\/message\/20121026.080330.74b9147b.en.html\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/lists.exim.org\/lurker\/message\/20121026.080330.74b9147b.en.html<\/a><br \/>\n[3]\u00a0<a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-5671\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-5671<\/a><\/p>\n<\/div>\n<p>From <a href=\"http:\/\/cpanel.net\/exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/\" target=\"_blank\" rel=\"noopener noreferrer\">cpanel.net<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>From cpanel.net Posted on\u00a0October 26, 2012\u00a0by\u00a0cPanel &nbsp;&nbsp; Summary A remote code execution vulnerability exists in Exim versions between 4.70 and 4.80, inclusive. Exim is the mail transfer agent used by cPanel &amp; WHM. Security Rating This vulnerability has been rated as Critical [1] by the cPanel Security team&#8230;. <\/p>\n<div class=\"read-more navbutton\"><a href=\"https:\/\/g33kinfo.com\/info\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/\">Read More<i class=\"fa fa-angle-double-right\"><\/i><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-4850","post","type-post","status-publish","format-standard","hentry","category-cpanel"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>cPanel Exim Remote Code Execution Vulnerability Notification CVE-2012-5671 - Linux Shtuff<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/g33kinfo.com\/info\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"cPanel Exim Remote Code Execution Vulnerability Notification CVE-2012-5671 - Linux Shtuff\" \/>\n<meta property=\"og:description\" content=\"From cpanel.net Posted on\u00a0October 26, 2012\u00a0by\u00a0cPanel &nbsp;&nbsp; Summary A remote code execution vulnerability exists in Exim versions between 4.70 and 4.80, inclusive. Exim is the mail transfer agent used by cPanel &amp; WHM. Security Rating This vulnerability has been rated as Critical [1] by the cPanel Security team.... Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/g33kinfo.com\/info\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/\" \/>\n<meta property=\"og:site_name\" content=\"Linux Shtuff\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:author\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:published_time\" content=\"2012-10-28T12:30:57+00:00\" \/>\n<meta name=\"author\" content=\"g33kadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/drsinger1111\" \/>\n<meta name=\"twitter:site\" content=\"@drsinger1111\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\\\/\"},\"author\":{\"name\":\"g33kadmin\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"headline\":\"cPanel Exim Remote Code Execution Vulnerability Notification CVE-2012-5671\",\"datePublished\":\"2012-10-28T12:30:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\\\/\"},\"wordCount\":397,\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"articleSection\":[\"cPanel\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\\\/\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\\\/\",\"name\":\"cPanel Exim Remote Code Execution Vulnerability Notification CVE-2012-5671 - Linux Shtuff\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\"},\"datePublished\":\"2012-10-28T12:30:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"cPanel Exim Remote Code Execution Vulnerability Notification CVE-2012-5671\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\",\"name\":\"Linux Shtuff\",\"description\":\"Because I have CRS Syndrome...\",\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\",\"name\":\"g33kadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"contentUrl\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"width\":512,\"height\":512,\"caption\":\"g33kadmin\"},\"logo\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\"},\"description\":\"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\\\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....\",\"sameAs\":[\"https:\\\/\\\/thelinuxreport.com\",\"https:\\\/\\\/fb.me\\\/g33kinf0\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/drsinger1111\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"cPanel Exim Remote Code Execution Vulnerability Notification CVE-2012-5671 - Linux Shtuff","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/g33kinfo.com\/info\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/","og_locale":"en_US","og_type":"article","og_title":"cPanel Exim Remote Code Execution Vulnerability Notification CVE-2012-5671 - Linux Shtuff","og_description":"From cpanel.net Posted on\u00a0October 26, 2012\u00a0by\u00a0cPanel &nbsp;&nbsp; Summary A remote code execution vulnerability exists in Exim versions between 4.70 and 4.80, inclusive. Exim is the mail transfer agent used by cPanel &amp; WHM. Security Rating This vulnerability has been rated as Critical [1] by the cPanel Security team.... Read More","og_url":"https:\/\/g33kinfo.com\/info\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/","og_site_name":"Linux Shtuff","article_publisher":"https:\/\/fb.me\/g33kinf0","article_author":"https:\/\/fb.me\/g33kinf0","article_published_time":"2012-10-28T12:30:57+00:00","author":"g33kadmin","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/drsinger1111","twitter_site":"@drsinger1111","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/g33kinfo.com\/info\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/#article","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/"},"author":{"name":"g33kadmin","@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"headline":"cPanel Exim Remote Code Execution Vulnerability Notification CVE-2012-5671","datePublished":"2012-10-28T12:30:57+00:00","mainEntityOfPage":{"@id":"https:\/\/g33kinfo.com\/info\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/"},"wordCount":397,"publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"articleSection":["cPanel"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/g33kinfo.com\/info\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/","url":"https:\/\/g33kinfo.com\/info\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/","name":"cPanel Exim Remote Code Execution Vulnerability Notification CVE-2012-5671 - Linux Shtuff","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/#website"},"datePublished":"2012-10-28T12:30:57+00:00","breadcrumb":{"@id":"https:\/\/g33kinfo.com\/info\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/g33kinfo.com\/info\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/g33kinfo.com\/info\/cpanel-exim-remote-code-execution-vulnerability-notification-cve-2012-5671\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/g33kinfo.com\/info\/"},{"@type":"ListItem","position":2,"name":"cPanel Exim Remote Code Execution Vulnerability Notification CVE-2012-5671"}]},{"@type":"WebSite","@id":"https:\/\/g33kinfo.com\/info\/#website","url":"https:\/\/g33kinfo.com\/info\/","name":"Linux Shtuff","description":"Because I have CRS Syndrome...","publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/g33kinfo.com\/info\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547","name":"g33kadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","url":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","contentUrl":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","width":512,"height":512,"caption":"g33kadmin"},"logo":{"@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif"},"description":"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....","sameAs":["https:\/\/thelinuxreport.com","https:\/\/fb.me\/g33kinf0","https:\/\/x.com\/https:\/\/twitter.com\/drsinger1111"]}]}},"_links":{"self":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/4850","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/comments?post=4850"}],"version-history":[{"count":0,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/4850\/revisions"}],"wp:attachment":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/media?parent=4850"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/categories?post=4850"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/tags?post=4850"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}