03 Feb 0
On the 2nd of March an Exim vulnerability has been discovered and announced allowing any user to gain root privileges.
This issue is affecting all its versions.
Exim is the default mail transporter for all cPanel based servers.
cPanel has included an emergency update which was patched overnight. We did a manual update on all our critical infrastructures using cPanel (mainly our shared and reseller servers) a few hours after the security issue.
You can check whether your server has been updated by running the following command :
rpm -q –changelog exim | grep CVE-2016-1531
Which should give the following output :
– Fixes CVE-2016-1531
It doesn’t return anything and if you are running cPanel you would only need to type the following SSH commands :
/scripts/check_cpanel_rpms –fix –long-list
**UPDATE : 4th March 2016
The update has broken a feature to detect mailing script which now returns cwd=/ instead of cwd=/path/to/script
We have notified cPanel which has notified Exim and a patch is on its way since our custom malware script detection relies on returning the full path of a script sending emails.
**UPDATE : 5th March 2016
A work around is being worked on, we are waiting for its official release.