Oct 29th, 2012
Exim Remote Code Execution Vulnerability
Summary
A remote code execution vulnerability exists in Exim versions between 4.70 and 4.80, inclusive. Exim is the mail transfer agent used by cPanel & WHM.
Security Rating
This vulnerability has been rated as Critical[1] by the cPanel Security team.
Description
A remote code execution flaw in Exim has been discovered by an internal audit performed by the Exim developers[2]. This vulnerability may lead to arbitrary code execution with the privileges of the user executing the Exim daemon. In some circumstances this may lead to privilege escalation.
The vulnerability is tied to the DKIM support introduced in Exim 4.70. It has been assigned CVE-2012-5671[3].
The following Exim RPMs, as distributed by cPanel, Inc. are known to be vulnerable:
* exim-4.76-1
* exim-4.77-0
* exim-4.77-1
* exim-4.80-0
* exim-4.80-1
These RPMs were shipped as part of cPanel & WHM versions 11.32 and 11.34.
Solution
Contact us at info@serverbuddies.com for patching your Exim server with the latest security patches and run a Full Security Audit on your server.
