Security Issue Exim : CVE-2016-1531 -> PATCHED! | HostStage .

Security Issue Exim : CVE-2016-1531 -> PATCHED!

Security Issue Exim : CVE-2016-1531 -> PATCHED!

  • 03 Feb 0
Did you like what you read?Share on Facebook0Share on Google+0Tweet about this on Twitter0Share on LinkedIn0Share on Reddit0Digg thisBuffer this page

On the 2nd of March an Exim vulnerability has been discovered and announced allowing any user to gain root privileges. 
This issue is affecting all its versions. 

Exim is the default mail transporter for all cPanel based servers. 

cPanel has included an emergency update which was patched overnight. We did a manual update on all our critical infrastructures using cPanel (mainly our shared and reseller servers) a few hours after the security issue. 

You can check whether your server has been updated by running the following command : 

rpm -q –changelog exim | grep CVE-2016-1531

Which should give the following output : 

– Fixes CVE-2016-1531

It doesn’t return anything and if you are running cPanel you would only need to type the following SSH commands : 

/scripts/upcp
/scripts/check_cpanel_rpms –fix –long-list
**UPDATE : 4th March 2016

The update has broken a feature to detect mailing script which now returns cwd=/ instead of cwd=/path/to/script

We have notified cPanel which has notified Exim and a patch is on its way since our custom malware script detection relies on returning the full path of a script sending emails.

**UPDATE : 5th March 2016

A work around is being worked on, we are waiting for its official release. 

https://bugs.exim.org/show_bug.cgi?id=1805

Did you like what you read?Share on Facebook0Share on Google+0Tweet about this on Twitter0Share on LinkedIn0Share on Reddit0Digg thisBuffer this page

Leave A Comment


Join Us on Facebook

Our Latest Tweets

  • 4 days ago

    #Google My Business API Supports Google Posts https://t.co/7X7bnSQ07l #DigitalMarketing https://t.co/fc97mzFox8

  • 5 days ago

    3 #Twitter #Hashtags #Marketing Tips for Small Businesses https://t.co/mCzWmHnGoW https://t.co/lLJ11ZQDIA

  • 6 days ago

    Does #Googlebot Crawl Using HTTP/2 Protocols? https://t.co/hnUHgbQtlQ #SEO #HOSTING Not quite ready yet!

  • 7 days ago

    Get Your #Data House in Order: Our Checklist for Useful #Marketing Data https://t.co/xqt1RhmJz6 #kpi https://t.co/dk8vCCpfrO

  • 2 weeks ago

    [Infographic] 127 Facts You Probably Didn't Know About #Video #Marketing https://t.co/CaAHtEomcs