Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SMTP Exim Servers vulnerability detected

Discussion in 'Security' started by informatica rme, Mar 14, 2018.

  1. informatica rme

    Joined:
    Oct 17, 2016
    Messages:
    15
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Madrid
    cPanel Access Level:
    Root Administrator
    This is the vulnerability issue:

    The Threat of CVE-2018-6789 vulnerability affecting Exim SMTP Servers is being analyzed, the Devcore group of researchers has published information about an overflow vulnerability in Exim's base64 decoding function, which affects all versions of Exim below 4.90.1 and that could be used to perform an RCE (remote code execution) and compromise the Server. For now there are no public exploits, and because of what they say in different sources it is possible that their exploitation is difficult.

    A scan of the whm/cpanel servers has been made and they may have vulnerable Exim Servers and to which the vulnerability should be notified so that they patch if they have not done so, since their security may be at risk. Exim versions that are not vulnerable are 4.90.1 and later releases.

    We need the Servers to be patched in order to avoid possible Security Incidents due to exploitation of these vulnerabilities. I guess that cpanel support team will release a massive patch to secure the servers that are using whm/cpanel.

    Regards

    For more information:
    CVE-2018-6789
     
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    678
    Likes Received:
    228
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelMichael likes this.
  3. informatica rme

    Joined:
    Oct 17, 2016
    Messages:
    15
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Madrid
    cPanel Access Level:
    Root Administrator
    Ok thanks but could you help me with the following question:

    I have a dedicated server in production running WHM/CPanl v68.0.30 on CentOS 6.9 standard. Can I update it directly or it is better to backup all the server before doing this? Honestly, this is the first time I meet this type of vulnerability.
     
  4. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    678
    Likes Received:
    228
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Your v68.0.30 server is already patched with a back-ported patch Fixed case CPANEL-18511: Update exim to 4.89.1-2.cp1162. that was included in the cPanel v68.0.29 release.

    You can check if the patch has been applied by running the following code in a terminal
    Code:
    # rpm -q --changelog exim | grep CVE-2018-6789
    
    It should return
    Code:
    - Fix CVE-2018-6789
    if the patch has been applied
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelMichael likes this.
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,740
    Likes Received:
    1,796
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice