• Your cart is empty
  •  

SimplerCloud Pte Ltd

×
×

News: Security Advisory: Exim Mail Server Vulnerability

Published: 13/06/2019 Back

This advisory is provided as a courtesy.

We would like to bring to your attention a newly discovered vulnerability affecting older versions of Exim, an SMTP server (MTA / mail transer agent) software widely used by popular control panels such as cPanel and DirectAdmin. The vulnerability affects Exim versions 4.87 (firest released on on 6 April 2016) through 4.91 (both versions inclusive).


The vulnerability allows a local attacker (for Exim using default configuration) or a remote attacker (for Exim using non-default configuration) to send a mail to a specially crafted email address on localhost to execute commands as root and perform malicious activities on the server.


Affected Software


Exim versions 4.87 through 4.91 (both versions inclusive)


How to Fix the Problem


If you are running cPanel or DirectAdmin control panel, please follow the instructions provided by the respective hosting control panels to update Exim to the latest version.


For cPanel, login to WHM control panel (e.g. https://your-server-hostname-or-ip:2087) and go to cPanel > Upgrade to Latest Version.


For DirectAdmin, use CustomBuild to update Exim to the latest version. More information can be found on DirectAdmin's documentation here.


If you are installing Exim manually, please refer to Exim documentation on how to upgrade Exim to the latest vesrion.


More information


CVE-2019-10149: Critical Remote Command Execution Vulnerability Discovered In Exim
CVE-2019-10149 Detail
[SingCERT] Critical Vulnerability (CVE-2019-10149) in Exim Mail Server
cPanel: Exim CVE-2019-10149, how to protect yourself


Request Assistance

If you are running Exim on your system and need our assistance to patch it up, we can perform the patch installation for you at a one-time discounted fee of $10. Please submit your order at Order -> Additional Services -> Vulnerability Fix - LINUX & WINDOWS: Linux Kernel "Use-After-Free", OpenSSL, GNU C Library, Poodle SSLV3, Stack Clash, Optionsbleed Vulnerability - $10.

Or please first open a support ticket and give us the hostname, IP address and OS template. You can find this information on your servelet's control panel.

For example:

Hostname: yourservelethostname
IP Address: 103.25.202.81
OS Template: CentOS 7.2

Thank you.