This advisory is provided as a courtesy.
We are made aware that many mail servers around the world are still using vulnerable versions of Exim (version 49.2 or earlier) -- refer to our security advisories last year at below URLs:
Security Advisory: Exim Mail Server Vulnerability
Security Advisory: (Another) Exim Mail Server Vulnerability
Recently in the past months, hacking attempts using such vulnerability have been intensified as reported by some articles below:
NSA flags email vulnerability
Many Exim Servers Remain Vulnerable to Year-Old Flaw
Customers still using Exim version 4.92 are strongly advised to upgrade to version 4.93. To check the current version of Exim you are using, issue below command from the Linux shell:
exim -bV
For example:
===
[root@mail2 ~]# exim -bV
Exim version 4.93.0.4 #5 built 04-Jun-2020 12:45:09
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 4.7.25: (March 22, 2017)
Support for: crypteq IPv6 Perl OpenSSL move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PRDR Experimental_SRS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb aveserver fsecure kavdaemon sophie clamd mksd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /etc/exim.conf
===
If the result is still showing Exim version 49.2 or lower, you are advised to upgrade to version 4.93 immediately.
Affected Software
Exim versions up to 4.92.1
How to Fix the Problem
If you are running cPanel or DirectAdmin control panel, please follow the instructions provided by the respective hosting control panels to update Exim to the latest version.
For cPanel, login to WHM control panel (e.g. https://your-server-hostname-or-ip:2087) and go to cPanel > Upgrade to Latest Version.
For DirectAdmin, use CustomBuild to update Exim to the latest version. More information can be found on DirectAdmin's documentation here.
If you are installing Exim manually, please refer to Exim documentation on how to upgrade Exim to the latest version.
Request Assistance
If you are running Exim on your system and need our assistance to patch it up, we can perform the patch installation for you at a one-time discounted fee of $10. Please submit your order at Order -> Additional Services -> Vulnerability Fix - LINUX & WINDOWS: Linux Kernel "Use-After-Free", OpenSSL, GNU C Library, Poodle SSLV3, Stack Clash, Optionsbleed Vulnerability - $10.
Or please first open a support ticket and give us the hostname, IP address and OS template. You can find this information on your servelet's control panel.
For example:
Hostname: yourservelethostname
IP Address: 103.25.202.81
OS Template: CentOS 7.2
Thank you.
??
English
Bahasa Indonesia
???
Espanol