Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SMTP Exim Servers vulnerability detected

Discussion in 'Security' started by informatica rme, Mar 14, 2018.

  1. informatica rme

    Joined:
    Oct 17, 2016
    Messages:
    15
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Madrid
    cPanel Access Level:
    Root Administrator
    This is the vulnerability issue:

    The Threat of CVE-2018-6789 vulnerability affecting Exim SMTP Servers is being analyzed, the Devcore group of researchers has published information about an overflow vulnerability in Exim's base64 decoding function, which affects all versions of Exim below 4.90.1 and that could be used to perform an RCE (remote code execution) and compromise the Server. For now there are no public exploits, and because of what they say in different sources it is possible that their exploitation is difficult.

    A scan of the whm/cpanel servers has been made and they may have vulnerable Exim Servers and to which the vulnerability should be notified so that they patch if they have not done so, since their security may be at risk. Exim versions that are not vulnerable are 4.90.1 and later releases.

    We need the Servers to be patched in order to avoid possible Security Incidents due to exploitation of these vulnerabilities. I guess that cpanel support team will release a massive patch to secure the servers that are using whm/cpanel.

    Regards

    For more information:
    CVE-2018-6789
     
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    618
    Likes Received:
    192
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    cPanelMichael likes this.
  3. informatica rme

    Joined:
    Oct 17, 2016
    Messages:
    15
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Madrid
    cPanel Access Level:
    Root Administrator
    Ok thanks but could you help me with the following question:

    I have a dedicated server in production running WHM/CPanl v68.0.30 on CentOS 6.9 standard. Can I update it directly or it is better to backup all the server before doing this? Honestly, this is the first time I meet this type of vulnerability.
     
  4. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    618
    Likes Received:
    192
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Your v68.0.30 server is already patched with a back-ported patch Fixed case CPANEL-18511: Update exim to 4.89.1-2.cp1162. that was included in the cPanel v68.0.29 release.

    You can check if the patch has been applied by running the following code in a terminal
    Code:
    # rpm -q --changelog exim | grep CVE-2018-6789
    
    It should return
    Code:
    - Fix CVE-2018-6789
    if the patch has been applied
     
    cPanelMichael likes this.
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page