Security Issue Exim : CVE-2016-1531 -> PATCHED! | HostStage .

Security Issue Exim : CVE-2016-1531 -> PATCHED!

Security Issue Exim : CVE-2016-1531 -> PATCHED!

  • 03 Feb 0
Did you like what you read?Share on Facebook
Facebook
0Share on Google+
Google+
0Tweet about this on Twitter
Twitter
0Share on LinkedIn
Linkedin
Share on Reddit
Reddit
0Digg this
Digg
Buffer this page
Buffer

On the 2nd of March an Exim vulnerability has been discovered and announced allowing any user to gain root privileges. 
This issue is affecting all its versions. 

Exim is the default mail transporter for all cPanel based servers. 

cPanel has included an emergency update which was patched overnight. We did a manual update on all our critical infrastructures using cPanel (mainly our shared and reseller servers) a few hours after the security issue. 

You can check whether your server has been updated by running the following command : 

rpm -q –changelog exim | grep CVE-2016-1531

Which should give the following output : 

– Fixes CVE-2016-1531

It doesn’t return anything and if you are running cPanel you would only need to type the following SSH commands : 

/scripts/upcp
/scripts/check_cpanel_rpms –fix –long-list
**UPDATE : 4th March 2016

The update has broken a feature to detect mailing script which now returns cwd=/ instead of cwd=/path/to/script

We have notified cPanel which has notified Exim and a patch is on its way since our custom malware script detection relies on returning the full path of a script sending emails.

**UPDATE : 5th March 2016

A work around is being worked on, we are waiting for its official release. 

https://bugs.exim.org/show_bug.cgi?id=1805

Did you like what you read?Share on Facebook
Facebook
0Share on Google+
Google+
0Tweet about this on Twitter
Twitter
0Share on LinkedIn
Linkedin
Share on Reddit
Reddit
0Digg this
Digg
Buffer this page
Buffer

Leave A Comment


Join Us on Facebook

Our Latest Tweets

  • 1 week ago

    4 Unconventional Ways to Reclaim Lost #Facebook #OrganicReach https://t.co/wQ7NhNAHMF #InternetMarketing https://t.co/5SXQhpd4VW

  • 1 week ago

    #DuplicateContent Issues in #Wordpress & Fixing Them https://t.co/y3Gdmb1cN7 #SEO #DigitalMarketing https://t.co/XjdcAUtVrn

  • 2 weeks ago

    Beyond #keywords: What really matters in #SEO content #Digitalmarketing #contentmarketing https://t.co/GppMYLamn3 https://t.co/uHYX5MVJcj

  • 2 weeks ago

    CVE-2018-0886: Microsoft Security Update CredSSP affecting RDP Access https://t.co/xizOnVEBkx

  • 2 weeks ago

    Compressibility - How Search Engines Found #Spam Content https://t.co/OASbXRlqtQ #contentmarketing #SEO https://t.co/vuo0eBQWbZ