Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: Exim Remote Code Execution Vulnerability  (Read 5012 times)

0 Members and 1 Guest are viewing this topic.

Jithin

  • Guest
Exim Remote Code Execution Vulnerability
« on: December 27, 2013, 10:43:35 pm »
Hi Guys,

This is something that need immediate attention if your Exim version is between 4.70 and 4.80. Addressing a CRITICAL remote code execution flaw in versions of Exim between 4.70 and 4.80 inclusive, when built with DKIM support (the default).

You are not vulnerable if you built Exim with DISABLE_DKIM or if you
put this at the start of an ACL plumbed into acl_smtp_connect or
acl_smtp_rcpt:

warn control = dkim_disable_verify

cPanel is using Exim as the MTA and they recently addressed this vulnerability and you can find the details here >> http://cpanel.net/exim-remote-code-execution-vulnerability-notification-cve-2012-5671/

If you are using cpanel, we request you to update the cPanel to the latest version, which will have exim-4.80-3 that is not vulnerable. If you are using a custom Linux Box with Exim, please do a manual upgrade as soon as possible.