Server Buddies
Server Buddies info@serverbuddies.com Server Management Offline Live Support English
Eng
Server Management
Spanish
Spa
     
Providing Dedicated Server Solutions Just a Click AWAY
Home
Services
Order
Support
News
Contact Us
About Us
server management
Empty
Cpanel Support
Plesk Support
Ensim Support
Webmin Support
Directadmin Support
Empty
We Accept
We accept Visa, Mastercard, Discover and American Express credit cards.
Paypal is also accepted. The email address to use to make PayPal payment to us is:
order@serverbuddies.com
Paypal Accepted Paypal Accepted
2Checkout



Empty
Testimonials
This turned out to be more of a training lesson in Security. ServerBuddies could have done it by theirself but was nice enough to chat me through it so I could understand exactly what was involved. They knew all the answers to my questions and were patient with me while I tried to finally get it. If you are looking for an excellent provider, you can’t go wrong with ServerBuddies. Thanks!
AidMedia Solutions.
See more reviews
Empty
News

Exim Remote Code Execution Vulnerability Notification CVE-2012-5671

11-06-2012
Exim Remote Code Execution Vulnerability Notification CVE-2012-5671


Summary


A remote code execution vulnerability exists in Exim versions between 4.70 and 4.80, inclusive. Exim is the mail transfer agent used by cPanel & WHM.

Security Rating

This vulnerability has been rated as Critical[1] by the cPanel Security team.

Description

A remote code execution flaw in Exim has been discovered by an internal audit performed by the Exim developers[2]. This vulnerability may lead to arbitrary code execution with the privileges of the user executing the Exim daemon. In some circumstances this may lead to privilege escalation.

The vulnerability is tied to the DKIM support introduced in Exim 4.70. It has been assigned CVE-2012-5671[3].

The following Exim RPMs, as distributed by cPanel, Inc. are known to be vulnerable:

    exim-4.76-1
    exim-4.77-0
    exim-4.77-1
    exim-4.80-0
    exim-4.80-1

These RPMs were shipped as part of cPanel & WHM versions 11.32 and 11.34.

Solution

Servers that are using the default DKIM verification settings provided with cPanel & WHM 11.32 and newer are not vulnerable. The default settings disable DKIM key verification by adding the following to /etc/exim.conf

   warn control = dkim_disable_verify

This prevents the exploitable code from being available during exim execution.

To fully resolve the issue cPanel has produced new Exim RPMs for cPanel & WHM version 11.32 and 11.34. Server Owners are strongly urged to update their cPanel & WHM installations to the following versions:

    cPanel & WHM 11.32.5.13
    cPanel & WHM 11.34.0.6


Exim RPMs are distributed through cPanel’s package management system. All cPanel & WHM servers receiving updates automatically will receive the updated Exim RPM during normal update and maintenance operations (upcp). Servers with automatic updates disabled will require action in order to receive the update. We recommend all customers to update to the latest releases of 11.32 and 11.34 as soon as possible.

Servers who have disabled Exim updates, via the Update Preferences interface in WHM, are strongly urged to re-enable updates.

To perform a manual update of cPanel & WHM, perform the following:

    Login to your server as root using SSH
    Execute the following command on the command line:

       /scripts/upcp

Updated cPanel & WHM 11.32, and 11.34, servers will have the following Exim RPM:    exim-4.80-3

References

    http://docs.cpanel.net/twiki/bin/view/AllDocumentation/SecurityLevels
Remember, we listen to you! Any comments/suggestions should be sent to info@serverbuddies.com.

 
RedHat Support Debian Support Gentoo Linux Support FreeBSD Linux Fedora Support Ubuntu Support CentOS Support SuSe Support
Home | Services | Order | Support | News | About Us | Contact | Site Map | Refund & Privacy Policy | Blog