{"id":6464,"date":"2016-03-03T06:33:06","date_gmt":"2016-03-03T11:33:06","guid":{"rendered":"http:\/\/g33kinfo.com\/info\/?p=6464"},"modified":"2016-03-03T06:33:06","modified_gmt":"2016-03-03T11:33:06","slug":"exim-vulnerability-cve-2016-1531","status":"publish","type":"post","link":"https:\/\/g33kinfo.com\/info\/exim-vulnerability-cve-2016-1531\/","title":{"rendered":"Exim Vulnerability CVE-2016-1531"},"content":{"rendered":"<h3>From the cPanel Security Team: exim CVE-2016-1531<\/h3>\n<p><strong>Background Information:<\/strong> On Wednesday, March 2, 2016, Exim announced a vulnerability in all versions of the Exim software.<\/p>\n<p><strong>Impact<\/strong>: According to Exim development: &#8220;All installations having Exim set-uid root and using &#8216;perl_startup&#8217; are vulnerable to a local privilege escalation. Any user who can start an instance of Exim (this is normally *any* user) can gain root privileges.&#8221;<\/p>\n<p><strong>Releases<\/strong>: The following versions of cPanel &#038; WHM were patched to have the correct version of Exim. All previous versions of cPanel &#038; WHM, including 11.48.x and below, are vulnerable to a set-uid attack on Exim.<\/p>\n<li>11.50   11.50.5.0<\/li>\n<li>11.52   11.52.4.0<\/li>\n<li>11.54   11.54.0.18<\/li>\n<li>EDGE    11.55.9999.106<\/li>\n<li>CURRENT 11.54.0.18<\/li>\n<li>RELEASE 11.54.0.18<\/li>\n<li>STABLE  11.54.0.18<\/li>\n<p><\/p>\n<p><strong>How to determine if your server is up to date<\/strong>: The updated RPMs provided by cPanel will contain a changelog entry with the CVE number. You can check for this changelog entry with the following command:<\/p>\n<p><code>rpm -q --changelog exim | grep CVE-2016-1531<\/code><\/p>\n<p>The output should resemble below:<\/p>\n<p><code>- - Fixes CVE-2016-1531<\/code><br \/>\n<\/p>\n<p><strong>What to do if you are not up to date<\/strong>: If your server is not running one of the above versions, you will need to update immediately. You can upgrade your server by navigating to <strong>WHM Home > cPanel > Upgrade<\/strong><em> to Latest Version and clicking <strong>&#8220;Click to Upgrade&#8221;<\/strong> <a href=\"https:\/\/documentation.cpanel.net\/display\/ALD\/Update+Preferences\" target=\"_blank\" rel=\"noopener noreferrer\">(https:\/\/documentation.cpanel.net\/display\/ALD\/Update+Preferences)<\/a><\/p>\n<p>Alternatively, you can run the below commands to upgrade your server from the command line:<br \/>\n<code>\/scripts\/upcp<br \/>\n\/usr\/bin\/perl \/scripts\/check_cpanel_rpms --fix --long-list<\/code><\/p>\n<p><strong>Verify the new Exim RPM was installed:<\/strong><br \/>\n<code>rpm -q --changelog exim | grep CVE-2016-1531<\/code><br \/>\nThe output should resemble below:<br \/>\n<code>- - Fixes CVE-2016-1531<\/code><br \/>\n<\/p>\n<p><strong>What has changed<\/strong>: Exim now provides two configuration options which limit what environment variables are available to Exim and all of its child processes. The variables are keep_environment and add_environment. For the initial release with this feature, cPanel will be setting the variables as follows in all supported cPanel &#038; WHM systems. These values can be modified in the Advanced Configuration Editor if necessary, though we advise caution on adding too many variables to keep_environment.<\/p>\n<p><code>\/etc\/exim.conf<br \/>\nkeep_environment = X-SOURCE : X-SOURCE-ARGS : X-SOURCE-DIR<br \/>\nadd_environment = PATH=\/usr\/local\/sbin::\/usr\/local\/bin::\/sbin::\/bin::\/usr\/sbin::\/usr\/bin::\/sbin::\/bin<\/code><\/p>\n<p><strong>Additional Information<\/strong>: <\/p>\n<p><a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-1531\" target=\"_blank\" rel=\"noopener noreferrer\">CVE: http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-1531<\/a><br \/>\n <a href=\"https:\/\/lists.exim.org\/lurker\/message\/20160302.191005.a72d8433.en.html\" target=\"_blank\" rel=\"noopener noreferrer\">Initial Public Disclosure: https:\/\/lists.exim.org\/lurker\/message\/20160302.191005.a72d8433.en.html<\/a><br \/>\n<a href=\"https:\/\/documentation.cpanel.net\/display\/CKB\/CVE-2016-1531+Exim\" target=\"_blank\" rel=\"noopener noreferrer\">Documentation: https:\/\/documentation.cpanel.net\/display\/CKB\/CVE-2016-1531+Exim<\/a><br \/><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>From the cPanel Security Team: exim CVE-2016-1531 Background Information: On Wednesday, March 2, 2016, Exim announced a vulnerability in all versions of the Exim software. Impact: According to Exim development: &#8220;All installations having Exim set-uid root and using &#8216;perl_startup&#8217; are vulnerable to a local privilege escalation. Any user who can start an instance of Exim&#8230; <\/p>\n<div class=\"read-more navbutton\"><a href=\"https:\/\/g33kinfo.com\/info\/exim-vulnerability-cve-2016-1531\/\">Read More<i class=\"fa fa-angle-double-right\"><\/i><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-6464","post","type-post","status-publish","format-standard","hentry","category-info"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Exim Vulnerability CVE-2016-1531 - Linux Shtuff<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/g33kinfo.com\/info\/exim-vulnerability-cve-2016-1531\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Exim Vulnerability CVE-2016-1531 - Linux Shtuff\" \/>\n<meta property=\"og:description\" content=\"From the cPanel Security Team: exim CVE-2016-1531 Background Information: On Wednesday, March 2, 2016, Exim announced a vulnerability in all versions of the Exim software. Impact: According to Exim development: &#8220;All installations having Exim set-uid root and using &#8216;perl_startup&#8217; are vulnerable to a local privilege escalation. Any user who can start an instance of Exim... Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/g33kinfo.com\/info\/exim-vulnerability-cve-2016-1531\/\" \/>\n<meta property=\"og:site_name\" content=\"Linux Shtuff\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:author\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:published_time\" content=\"2016-03-03T11:33:06+00:00\" \/>\n<meta name=\"author\" content=\"g33kadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/drsinger1111\" \/>\n<meta name=\"twitter:site\" content=\"@drsinger1111\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/exim-vulnerability-cve-2016-1531\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/exim-vulnerability-cve-2016-1531\\\/\"},\"author\":{\"name\":\"g33kadmin\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"headline\":\"Exim Vulnerability CVE-2016-1531\",\"datePublished\":\"2016-03-03T11:33:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/exim-vulnerability-cve-2016-1531\\\/\"},\"wordCount\":342,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"articleSection\":[\"General Info\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/exim-vulnerability-cve-2016-1531\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/exim-vulnerability-cve-2016-1531\\\/\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/exim-vulnerability-cve-2016-1531\\\/\",\"name\":\"Exim Vulnerability CVE-2016-1531 - Linux Shtuff\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\"},\"datePublished\":\"2016-03-03T11:33:06+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/exim-vulnerability-cve-2016-1531\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/exim-vulnerability-cve-2016-1531\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/exim-vulnerability-cve-2016-1531\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Exim Vulnerability CVE-2016-1531\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\",\"name\":\"Linux Shtuff\",\"description\":\"Because I have CRS Syndrome...\",\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\",\"name\":\"g33kadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"contentUrl\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"width\":512,\"height\":512,\"caption\":\"g33kadmin\"},\"logo\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\"},\"description\":\"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\\\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....\",\"sameAs\":[\"https:\\\/\\\/thelinuxreport.com\",\"https:\\\/\\\/fb.me\\\/g33kinf0\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/drsinger1111\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Exim Vulnerability CVE-2016-1531 - Linux Shtuff","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/g33kinfo.com\/info\/exim-vulnerability-cve-2016-1531\/","og_locale":"en_US","og_type":"article","og_title":"Exim Vulnerability CVE-2016-1531 - Linux Shtuff","og_description":"From the cPanel Security Team: exim CVE-2016-1531 Background Information: On Wednesday, March 2, 2016, Exim announced a vulnerability in all versions of the Exim software. Impact: According to Exim development: &#8220;All installations having Exim set-uid root and using &#8216;perl_startup&#8217; are vulnerable to a local privilege escalation. Any user who can start an instance of Exim... Read More","og_url":"https:\/\/g33kinfo.com\/info\/exim-vulnerability-cve-2016-1531\/","og_site_name":"Linux Shtuff","article_publisher":"https:\/\/fb.me\/g33kinf0","article_author":"https:\/\/fb.me\/g33kinf0","article_published_time":"2016-03-03T11:33:06+00:00","author":"g33kadmin","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/drsinger1111","twitter_site":"@drsinger1111","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/g33kinfo.com\/info\/exim-vulnerability-cve-2016-1531\/#article","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/exim-vulnerability-cve-2016-1531\/"},"author":{"name":"g33kadmin","@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"headline":"Exim Vulnerability CVE-2016-1531","datePublished":"2016-03-03T11:33:06+00:00","mainEntityOfPage":{"@id":"https:\/\/g33kinfo.com\/info\/exim-vulnerability-cve-2016-1531\/"},"wordCount":342,"commentCount":0,"publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"articleSection":["General Info"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/g33kinfo.com\/info\/exim-vulnerability-cve-2016-1531\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/g33kinfo.com\/info\/exim-vulnerability-cve-2016-1531\/","url":"https:\/\/g33kinfo.com\/info\/exim-vulnerability-cve-2016-1531\/","name":"Exim Vulnerability CVE-2016-1531 - Linux Shtuff","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/#website"},"datePublished":"2016-03-03T11:33:06+00:00","breadcrumb":{"@id":"https:\/\/g33kinfo.com\/info\/exim-vulnerability-cve-2016-1531\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/g33kinfo.com\/info\/exim-vulnerability-cve-2016-1531\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/g33kinfo.com\/info\/exim-vulnerability-cve-2016-1531\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/g33kinfo.com\/info\/"},{"@type":"ListItem","position":2,"name":"Exim Vulnerability CVE-2016-1531"}]},{"@type":"WebSite","@id":"https:\/\/g33kinfo.com\/info\/#website","url":"https:\/\/g33kinfo.com\/info\/","name":"Linux Shtuff","description":"Because I have CRS Syndrome...","publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/g33kinfo.com\/info\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547","name":"g33kadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","url":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","contentUrl":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","width":512,"height":512,"caption":"g33kadmin"},"logo":{"@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif"},"description":"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....","sameAs":["https:\/\/thelinuxreport.com","https:\/\/fb.me\/g33kinf0","https:\/\/x.com\/https:\/\/twitter.com\/drsinger1111"]}]}},"_links":{"self":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/6464","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/comments?post=6464"}],"version-history":[{"count":0,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/6464\/revisions"}],"wp:attachment":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/media?parent=6464"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/categories?post=6464"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/tags?post=6464"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}