Server Buddies
Server Buddies info@serverbuddies.com Server Management Offline Live Support English
Eng
Server Management
Spanish
Spa
     
Providing Dedicated Server Solutions Just a Click AWAY
Home
Services
Order
Support
News
Contact Us
About Us
server management
Empty
Cpanel Support
Plesk Support
Ensim Support
Webmin Support
Directadmin Support
Empty
We Accept
We accept Visa, Mastercard, Discover and American Express credit cards.
Paypal is also accepted. The email address to use to make PayPal payment to us is:
order@serverbuddies.com
Paypal Accepted Paypal Accepted
2Checkout



Empty
Testimonials
Serverbuddies took care of the migration of my domains from a VPS to a dedicated server. Without their help, I never would have been able to make this transition. They continue to maintain our server today. I sleep better at night knowing that professionals are taking care this aspect of our business.
Durham Radio Sales & Service Inc.
See more reviews
Empty
News

new exim remote code execution vulnerability

10-28-2012

Summary

A remote code execution vulnerability exists in Exim versions between 4.70 and 4.80, inclusive. Exim is the mail transfer agent used by cPanel & WHM.

Security Rating

This vulnerability has been rated as Critical[1] by the cPanel Security team.

Description

A remote code execution flaw in Exim has been discovered by an internal audit performed by the Exim developers[2]. This vulnerability may lead to arbitrary code execution with the privileges of the user executing the Exim daemon. In some circumstances this may lead to privilege escalation.

The vulnerability is tied to the DKIM support introduced in Exim 4.70. It has been assigned CVE-2012-5671[3].

The following Exim RPMs, as distributed by cPanel, Inc. are known to be vulnerable:

* exim-4.76-1
* exim-4.77-0
* exim-4.77-1
* exim-4.80-0
* exim-4.80-1

These RPMs were shipped as part of cPanel & WHM versions 11.32 and 11.34.

Solution

Contact us at info@serverbuddies.com for patching your Exim server with the latest security patches and run a Full Security Audit on your server.

Remember, we listen to you! Any comments/suggestions should be sent to info@serverbuddies.com.

 
RedHat Support Debian Support Gentoo Linux Support FreeBSD Linux Fedora Support Ubuntu Support CentOS Support SuSe Support
Home | Services | Order | Support | News | About Us | Contact | Site Map | Refund & Privacy Policy | Blog