Does using an external email provider such as zoho or gsuite and set mx to their servers mitigate this exim issue, even if the cPanel server generates and sends emails [such as CFS/php script generated email] ?
Hello @oldie,
The vulnerability is applicable to unpatched cPanel & WHM servers with Exim enabled in WHM >> Service Manager. Using an external email provider does not mitigate the vulnerability unless you've disabled the Exim service.
Thank you.
CloudLinux is one alternative to consider here due to it's support for legacy PHP versions as part of it's PHP Selector feature:
https://www.cloudlinux.com/php-selector
https://documentation.cpanel.net/display/CKB/How+to+purchase+CloudLinux
Thank you.
Hello,
[security] Fixed case CPANEL-29669: Updated Exim for CVE-2019-16928.
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
11.82.0.16
[security] Fixed case CPANEL-29669: Updated Exim for CVE-2019-16928.
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
11.82.0.16