• Your cart is empty
  •  

SimplerCloud Pte Ltd

×
×

News: Security Advisory: (Another) Exim Mail Server Vulnerability

Published: 16/09/2019 Back

This advisory is provided as a courtesy.

We would like to bring to your attention another newly discovered vulnerability affecting Exim, an SMTP server (MTA / mail transer agent) software widely used by popular control panels such as cPanel and DirectAdmin. The vulnerability affects Exim versions up to 4.92.1.


The vulnerability is caused by a buffer overflow flaw, which allows attackers to execute specially crafted commands with root privileges on the affected system. Both local and remote attackers can exploit the vulnerability by sending a trailing backslash in the Server Name Indication (SNI) domain name at the start of the Transport Layer Security (TLS) handshaking process.


Affected Software


Exim versions up to 4.92.1


How to Fix the Problem


If you are running cPanel or DirectAdmin control panel, please follow the instructions provided by the respective hosting control panels to update Exim to the latest version.


For cPanel, login to WHM control panel (e.g. https://your-server-hostname-or-ip:2087) and go to cPanel > Upgrade to Latest Version.


For DirectAdmin, use CustomBuild to update Exim to the latest version. More information can be found on DirectAdmin's documentation here.


If you are installing Exim manually, please refer to Exim documentation on how to upgrade Exim to the latest version.


More information


https://nvd.nist.gov/vuln/detail/CVE-2019-15846
https://www.csa.gov.sg/singcert/news/advisories-alerts/critical-vulnerability-cve-2019-15846-in-exim-mail-server
https://www.cvedetails.com/cve/CVE-2019-15846/
https://documentation.cpanel.net/display/CKB/CVE-2019-15846+Exim


Request Assistance


If you are running Exim on your system and need our assistance to patch it up, we can perform the patch installation for you at a one-time discounted fee of $10. Please submit your order at Order -> Additional Services -> Vulnerability Fix - LINUX & WINDOWS: Linux Kernel "Use-After-Free", OpenSSL, GNU C Library, Poodle SSLV3, Stack Clash, Optionsbleed Vulnerability - $10.

Or please first open a support ticket and give us the hostname, IP address and OS template. You can find this information on your servelet's control panel.

For example:

Hostname: yourservelethostname
IP Address: 103.25.202.81
OS Template: CentOS 7.2

Thank you.