The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim 0 Day Discussion

Discussion in 'Security' started by lorio, Dec 9, 2010.

  1. lorio

    lorio Well-Known Member

    Joined:
    Feb 25, 2004
    Messages:
    243
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
  2. Domenico

    Domenico Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    362
    Likes Received:
    0
    Trophy Points:
    16
  3. mohan

    mohan Member

    Joined:
    Nov 13, 2004
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Re: [case 45290] Exim 0 day!

    # rpm -qa | grep exim
    exim-4.69-25_cpanel_maildir


    /etc/init.d/exim restart
    Shutting down exim: [ OK ]
    Shutting down spamd: [FAILED]
    Starting exim-26: [ OK ]
    Starting exim: [ OK ]
    Starting exim alt spool: exim: -D is not available in this Exim binary
    [FAILED]
    Starting exim-smtps: [ OK ]



    And, from netstat, exim is now listening on port 26, but not on port 25.

    tcp 0 0 0.0.0.0:26 0.0.0.0:* LISTEN 2140/exim


    Please help
     
  4. mohan

    mohan Member

    Joined:
    Nov 13, 2004
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Re: [case 45290] Exim 0 day!

    Yes, thank you for pointing it out..
     
  5. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Re: [case 45290] Exim 0 day!

    Even though its noted here that Freebsd users have to do a much more complicated update process, after running upcp on my freebsd boxes I see we are now running Exim-4.72-0

    Does that mean it is above the required 4.69 and we are ok, or do we still have to do something special ?. I didnt do anything manual other than run upcp from WHM.
     
  6. MarcelPol

    MarcelPol Registered

    Joined:
    Dec 10, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
  7. Rubas

    Rubas Well-Known Member

    Joined:
    Sep 15, 2003
    Messages:
    125
    Likes Received:
    0
    Trophy Points:
    16
    Re: [case 45290] Exim 0 day!

    CVE-2010-4344 exim remote code execution flaw
    CVE-2010-4345 exim privilege escalation


    Look like cpanel didn't address CVE-2010-4344 (bugfix 787) atm.
     
  8. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Re: [case 45290] Exim 0 day!

    The fix for CVE-2010-4344 is still being tested by QA. A second update is forthcoming in a few hours. The above advisory is for CVE-2010-4345.

    In the mean time the exploit can be mitigated by going into WHM => Exim Configuration Editor => Advanced and adding


    Code:
     log_selector = -rejected_header 
    in the top box and saving.
     
  9. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    If we are upgraded to one of these listed below, do we still have to manually have -reject_header added to the log_selector line in Exim? Or should I go back and remove that?

    Systems configured to use Maildir: Exim 4.69-26
    Systems configured to use mbox (deprecated): Exim 4.63-5

    And if I were to do a brand new cPanel install tomorrow, would I have to do anything [such as edit the log_selector line to include -reject_header], or has the vulnerability actually been patched up in the exim code that the binary was compiled from?

    The info from the mailing list left me unsure enough that i had to ask the question.

    Mike
     
  10. MaraBlue

    MaraBlue Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    335
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Carmichael, CA
    cPanel Access Level:
    Root Administrator
    I would feel better if cPanel would upgrade Exim to 4.70. We're on the RELEASE tree and have 4.69_26.

    I would also recommend all making a note of this and saving the documentation for the next time your PCI Compliance scan is done. I just know McAfee is going to complain about "Exim being out-dated and vulnerable."
     
  11. Daky

    Daky Well-Known Member

    Joined:
    May 22, 2005
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    This is safe?

    Name : exim Relocations: (not relocatable)
    Version : 4.69 Vendor: (none)
    Release : 26_cpanel_maildir Build Date: Fri 10 Dec 2010 11:59:45 AM EST
    Install Date: Sat 11 Dec 2010 06:02:37 AM EST Build Host: rpmb-centos-50-64bit
    Group : Daemons Source RPM: exim-4.69-26_cpanel_maildir.src.rpm

    Thanks
     
  12. nocbr.com

    nocbr.com Member

    Joined:
    May 1, 2006
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Hi chirpy,

    Will we able to use to in only scanning again? In/Out let my server load to hight.
     
  13. pamamolf

    pamamolf Active Member

    Joined:
    Nov 9, 2010
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    I was add this: log_selector = -rejected_header

    But when i run the: /scripts/eximup it says that i am up to date...

    How can i check what exim version i use and which version is safe?

    Is it a problem to get the latest update if i use STABLE as cpanel updates?

    Thank you
     
  14. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    That is the updated latest version for cPanel & WHM; yes.
     
  15. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    All update tiers, including STABLE, received the updated Exim version. If you would like to force an Exim update/re-install, you may use the following command:
    Code:
    # /scripts/eximup --force
    Either of the following two commands will check and report the Exim version information from the installed RPM:
    Code:
    # rpm -q exim
    # rpm -qi exim
     
  16. pamamolf

    pamamolf Active Member

    Joined:
    Nov 9, 2010
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    am i safe now for both exploits?

    CVE-2010-4344 exim remote code execution flaw
    CVE-2010-4345 exim privilege escalation


    root@server [~]# rpm -q exim

    exim-4.69-26_cpanel_maildir

    root@server [~]# rpm -qi exim

    Name : exim Relocations: (not relocatable)
    Version : 4.69 Vendor: (none)
    Release : 26_cpanel_maildir Build Date: Fri 10 Dec 2010 06:59:45 PM EET
    Install Date: Sat 11 Dec 2010 06:32:05 PM EET Build Host: rpmb-centos-50-64bit
    Group : Daemons Source RPM: exim-4.69-26_cpanel_maildir.src.rpm
    Size : 2046920 License: GPL


    Thank you
     
  17. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    -26, yes you are.
     
  18. pamamolf

    pamamolf Active Member

    Joined:
    Nov 9, 2010
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Can i remove now and be totaly safe the:

    log_selector = -rejected_header


    As i use:

    root@server [~]# rpm -q exim
    exim-4.69-26_cpanel_maildi

    ?
     
  19. nibb

    nibb Well-Known Member

    Joined:
    Mar 22, 2008
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    I dont think that is correct. All my servers had version exim-4.69-23.1 on it.

    I updated cPanel manually and now they show exim-4.69-26

    What im worried is that I have set up to update cPanel/WHM manually (because of modifications) but I have security updates and cPanel Updates set to Automatically and it seems this was not the case with any of the servers. They are running current builds now 11.28.52
     
  20. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page