C
cPanelUser-Inactive
Guest
In a post on the cPanel Blog last night we shared information regarding an exploit that had been identified in Exim. This exploit allows attackers to execute code as the root user on your server without authentication and was rated a 9.8 out of 10 in severity.
While Version 80 was never vulnerable to this exploit, and we released a patch for Version 78 last night, the recently End of Life Version 70 and Version 76 remained vulnerable. More details were released today, including details on exactly how to gain root access to a remote server.
While Exim is open source software that we bundle with our software and is not built by cPanel, this vulnerability is something that we feel deserves our attention. This is an extremely rare and specific situation that has the potential to impact everyone who interacts with the internet in any way. For that reason, we have released an update to patch this vulnerability for both Version 70 and Version 76.
To ensure that your server has received the patch, please update to one of the following versions:
TIER VERSION
70 -> 70.0.69
76 -> 76.0.22
78 -> 78.0.27
cPanel & WHM Versions 70 and 76 remain End of Life and will receive no other updates. This is a one-time bending of our policy, and we do not plan to pursue any other updates for these versions. We still strongly recommend that you keep your servers updated, and continue to run the most recent versions of cPanel & WHM available.
If you need help with any of this, don’t hesitate to reach out! The best places to ask questions are here on the cPanel Forums, our directly to our support team. You can also join us in our Slack or Discord channels, or even ask on our subreddit!
While Version 80 was never vulnerable to this exploit, and we released a patch for Version 78 last night, the recently End of Life Version 70 and Version 76 remained vulnerable. More details were released today, including details on exactly how to gain root access to a remote server.
While Exim is open source software that we bundle with our software and is not built by cPanel, this vulnerability is something that we feel deserves our attention. This is an extremely rare and specific situation that has the potential to impact everyone who interacts with the internet in any way. For that reason, we have released an update to patch this vulnerability for both Version 70 and Version 76.
To ensure that your server has received the patch, please update to one of the following versions:
TIER VERSION
70 -> 70.0.69
76 -> 76.0.22
78 -> 78.0.27
cPanel & WHM Versions 70 and 76 remain End of Life and will receive no other updates. This is a one-time bending of our policy, and we do not plan to pursue any other updates for these versions. We still strongly recommend that you keep your servers updated, and continue to run the most recent versions of cPanel & WHM available.
If you need help with any of this, don’t hesitate to reach out! The best places to ask questions are here on the cPanel Forums, our directly to our support team. You can also join us in our Slack or Discord channels, or even ask on our subreddit!
