Alexa metrics
Live Chat

Welcome to UKFast, do you have a question? Our hosting experts have the answers.

Chat Now
Sarah UKFast | Account Manager

Exim Exploit: What You Need to Know

9 September 2019 by Charlotte Greene

Cybersecurity Updates BannerOn Wednesday 4th September 2019, Exim maintainers announced that they had received a report of a potential remote exploit in Exim, in versions up to and including 4.92.2.

CVE-2019-15846 is the new unauthenticated remote code execution vulnerability in the Exim message transfer agent. It allows remote attackers to execute arbitrary code as root via a trailing backslash.

How do I protect against it?

This vulnerability has been patched in version 4.92.2 and all users have been urged to update immediately.

First, check what version of WHM/cPanel you’re running via SSH: /usr/local/cpanel/cpanel -V

Then check what version of Exim you have installed via SSH: rpm -q exim

You should get the following patched responses:

  • Patched response on version 82 and the EDGE tier: exim-4.92-3.cp1180.x86_64
  • Patched response on LTS version 78: exim-4.92-5.cp1178.x86_64

If the resulting responses identify that your version is (or is older than) 4.92.2, then your version of Exim may be vulnerable. You can then confirm this by running: rpm -q –changelog exim | grep CVE-2019-15846

Updating

If you’ve confirmed that the version you are running is vulnerable, update the Exim version in cPanel as follows:

  • /scripts/upcp
  • /scripts/check_cpanel_rpms –fix –long-list

You should get an output similar to: Applied upstream patch for CVE-2019-15846

If you are using Exim but not with cPanel or WHM, update using your OS software package updater.

For any further information on CVE-2019-15846, you can view cPanel’s supporting documentation here.

Support

The UKFast team is more than happy to help answer any questions you may have about your security or carrying out the above updates. Please don’t hesitate to contact the UKFast support team on 0800 923 0605.

Explore UKFast’s range of security services and protect your infrastructure now.

UKFAST SECURITY