{"id":52755,"date":"2019-06-06T18:19:55","date_gmt":"2019-06-06T23:19:55","guid":{"rendered":"https:\/\/blog.cpanel.com\/?p=52755"},"modified":"2019-06-06T18:19:55","modified_gmt":"2019-06-06T23:19:55","slug":"exim-cve-2019-10149-protect-yourself","status":"publish","type":"post","link":"https:\/\/devel.www.cpanel.net\/blog\/products\/exim-cve-2019-10149-protect-yourself\/","title":{"rendered":"Exim CVE-2019-10149: how to protect yourself"},"content":{"rendered":"\n

Update June 6, 2019: We have now released updates for the End Of Life Versions 70 and 76.<\/strong> <\/h3>\n\n\n\n

Exim is the mail server software cPanel & WHM servers use. Last week an exploit for Exim was identified, and today a patch for the exploit was released. This exploit allowed for both local and remote root-level privilege escalation. That means that you won’t need to be able to access the server as a user to exploit the server, as is the case with most security vulnerabilities that are found. <\/p>\n\n\n\n

It’s possible that the update will be blocked with an error similar to this:<\/p>\n\n\n\n

A system upgrade was not possible due to the following blockers:
\n[2019-06-07 02:02:51 +0200] W [FATAL] - You must migrate from EA3 to EA4 before upgrading to v78 or newer. You can do so by running \/usr\/local\/cpanel\/scripts\/migrate_ea3_to_ea4 or via WHM\u2019s EasyApache 4 Migration interface. For more information please see: https:\/\/go.cpanel.net\/EA4Migration<\/pre>\n\n\n\n

If you encounter this error, you must manually adjust your \/etc\/cpupdate.conf file to the example below:<\/p>\n\n\n\n

CPANEL=11.76\nRPMUP=daily\nSARULESUP=daily\nSTAGING_DIR=\/usr\/local\/cpanel\nUPDATES=daily<\/pre>\n\n\n\n

Once you have completed this update (upcp) please set this back to the following:<\/p>\n\n\n\n

CPANEL=release\nRPMUP=daily\nSARULESUP=daily\nSTAGING_DIR=\/usr\/local\/cpanel\nUPDATES=daily<\/pre>\n\n\n\n

This will allow you to upgrade to newer versions of cPanel & WHM once you have migrated to EasyApache 4.<\/p>\n\n\n\n

While Exim is open source software that we bundle with our software and is not built by cPanel, this vulnerability is something that we feel deserves our attention. This is an extremely rare and specific situation that has the potential to impact everyone who interacts with the internet in any way. For that reason, we have released an update to patch this vulnerability for both Version 70 and Version 76. To ensure that your server has received the patch, please update to one of the following versions:<\/p>\n\n\n\n
TIER<\/th>VERSION<\/th><\/tr><\/thead>
70<\/td>70.0.69<\/td><\/tr>
76<\/td>76.0.22<\/td><\/tr>
78<\/td>78.0.27<\/td><\/tr><\/tbody><\/table>\n\n\n\n

cPanel & WHM Versions 70 and 76 remain End of Life and will receive no other updates. This is a one-time bending of our policy, and we do not plan to pursue any other updates for these versions. We still strongly recommend that you keep your servers updated, and continue to run the most recent versions of cPanel & WHM available. <\/p>\n\n\n\n


\n\n\n\n

<\/p>\n\n\n\n

How to Protect Yourself from Exim Vulnerabilities<\/h2>\n\n\n\n

The best way to protect yourself is to upgrade to a supported version of cPanel & WHM. All supported versions of cPanel & WHM are immune to the exploit. Version 80 was never vulnerable, as it included a newer (and non-vulnerable) version of Exim. Thanks in large part to the improvements we’ve made around installs and updates<\/a>, we were also able to take that update from Exim, test it, and release an update for Version 78 today.

To confirm you are already running a patched version, you can run this command on the server:<\/p>\n\n\n\n

rpm -q exim<\/code><\/p>\n\n\n\n

The output will show you the Exim versions that are installed, and should look something like what’s below:<\/p>\n\n\n\n

For Version 78: exim-4.92-1.cp1178.x86_64<\/em> 
For Version 80: exim-4.92-1.cp1180.x86_64 <\/em>
For Version 70 and 76: exim-4.91-4.cp1170.x86_64 <\/em><\/p>\n\n\n\n

cPanel & WHM Version 76 Not Patched (now patched, see above update)<\/h2>\n\n\n\n

cPanel & WHM Version 76 reached end of life<\/a> in April of this year and was the last version to support EasyApache 3. Some hosting providers have not yet migrated to EasyApache 4, which means they are prevented from upgrading beyond Version 76. If you are using EasyApache 3, you are not only vulnerable to this exploit, but also dozens of exploits that exist in the now end-of-life versions of Apache and PHP used by EasyApache 3.<\/p>\n\n\n\n

If you are concerned about migrating to EasyApache 4, you shouldn’t be! Migrating to EasyApache 4 is easy! Our Documentation breaks down all of the changes that have been made in the migration process in The EasyApache 3 to EasyApache 4 Migration Process<\/a>. Any concerns about specific parts of the migration can be eased by reviewing the Current Status of EasyApache 4<\/a> documentation, which breaks down all of the bits we took into account.<\/p>\n\n\n\n

Migrating can be done with the click of a button inside WHM. Just log in, go to the EasyApache 4<\/em> interface, and click Migrate<\/em>. The command line steps to migrate can be found in our How to Install EasyApache 4<\/a> documentation as well. <\/p>\n\n\n\n

Current Workarounds<\/h2>\n\n\n\n

There are no known-good workarounds at this time. The only way to ensure that you are protected is to upgrade your server to a patched version. Both Versions 78 and 80 are patched at this time. You can also see the CVE-2019-10149 Exim<\/a> page in our documentation for more information about our response. <\/p>\n\n\n\n

If you need help with any of this, don’t hesitate to reach out! The best places to ask questions are the cPanel Forums<\/a>, our directly to our support team<\/a>. You can also join us in our Slack<\/a> or Discord<\/a> channels, or even ask on our subreddit<\/a>! <\/p>\n","protected":false},"excerpt":{"rendered":"

Update June 6, 2019: We have now released updates for the End Of Life Versions 70 and 76. Exim is the mail server software cPanel & WHM servers use. Last week an exploit for Exim was identified, and today a patch for the exploit was released. This exploit allowed for both local and remote root-level […]<\/p>\n","protected":false},"author":77,"featured_media":65181,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[49],"tags":[2233,805,2237],"class_list":["post-52755","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-products","tag-cve","tag-exim","tag-the-return-of-the-wizard"],"acf":[],"yoast_head":"\nExim CVE-2019-10149: how to protect yourself | cPanel<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/devel.www.cpanel.net\/blog\/products\/exim-cve-2019-10149-protect-yourself\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Exim CVE-2019-10149: how to protect yourself | cPanel\" \/>\n<meta property=\"og:description\" content=\"Update June 6, 2019: We have now released updates for the End Of Life Versions 70 and 76. Exim is the mail server software cPanel & WHM servers use. Last week an exploit for Exim was identified, and today a patch for the exploit was released. This exploit allowed for both local and remote root-level […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/devel.www.cpanel.net\/blog\/products\/exim-cve-2019-10149-protect-yourself\/\" \/>\n<meta property=\"og:site_name\" content=\"cPanel\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cpanel\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-06-06T23:19:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/devel.www.cpanel.net\/wp-content\/uploads\/2019\/06\/2019.06.05.exim_.cve2_.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2000\" \/>\n\t<meta property=\"og:image:height\" content=\"792\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"cPanel Community\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cPanel\" \/>\n<meta name=\"twitter:site\" content=\"@cPanel\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"cPanel Community\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/exim-cve-2019-10149-protect-yourself\/\",\"url\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/exim-cve-2019-10149-protect-yourself\/\",\"name\":\"Exim CVE-2019-10149: how to protect yourself | cPanel\",\"isPartOf\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/#website\"},\"datePublished\":\"2019-06-06T23:19:55+00:00\",\"dateModified\":\"2019-06-06T23:19:55+00:00\",\"author\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8\"},\"breadcrumb\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/exim-cve-2019-10149-protect-yourself\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/devel.www.cpanel.net\/blog\/products\/exim-cve-2019-10149-protect-yourself\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/exim-cve-2019-10149-protect-yourself\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/devel.www.cpanel.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Exim CVE-2019-10149: how to protect yourself\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#website\",\"url\":\"https:\/\/devel.www.cpanel.net\/\",\"name\":\"cPanel\",\"description\":\"Hosting Platform of Choices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/devel.www.cpanel.net\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8\",\"name\":\"cPanel Community\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g\",\"caption\":\"cPanel Community\"},\"description\":\"The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel & WHM their hosting platform of choice. For more information, visit cPanel.net.\",\"sameAs\":[\"https:\/\/cpanel.net\"],\"url\":\"https:\/\/devel.www.cpanel.net\/blog\/author\/cpadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Exim CVE-2019-10149: how to protect yourself | cPanel","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/devel.www.cpanel.net\/blog\/products\/exim-cve-2019-10149-protect-yourself\/","og_locale":"en_US","og_type":"article","og_title":"Exim CVE-2019-10149: how to protect yourself | cPanel","og_description":"Update June 6, 2019: We have now released updates for the End Of Life Versions 70 and 76. Exim is the mail server software cPanel & WHM servers use. Last week an exploit for Exim was identified, and today a patch for the exploit was released. This exploit allowed for both local and remote root-level […]","og_url":"https:\/\/devel.www.cpanel.net\/blog\/products\/exim-cve-2019-10149-protect-yourself\/","og_site_name":"cPanel","article_publisher":"https:\/\/www.facebook.com\/cpanel\/","article_published_time":"2019-06-06T23:19:55+00:00","og_image":[{"width":2000,"height":792,"url":"https:\/\/devel.www.cpanel.net\/wp-content\/uploads\/2019\/06\/2019.06.05.exim_.cve2_.png","type":"image\/png"}],"author":"cPanel Community","twitter_card":"summary_large_image","twitter_creator":"@cPanel","twitter_site":"@cPanel","twitter_misc":{"Written by":"cPanel Community","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/devel.www.cpanel.net\/blog\/products\/exim-cve-2019-10149-protect-yourself\/","url":"https:\/\/devel.www.cpanel.net\/blog\/products\/exim-cve-2019-10149-protect-yourself\/","name":"Exim CVE-2019-10149: how to protect yourself | cPanel","isPartOf":{"@id":"https:\/\/devel.www.cpanel.net\/#website"},"datePublished":"2019-06-06T23:19:55+00:00","dateModified":"2019-06-06T23:19:55+00:00","author":{"@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8"},"breadcrumb":{"@id":"https:\/\/devel.www.cpanel.net\/blog\/products\/exim-cve-2019-10149-protect-yourself\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/devel.www.cpanel.net\/blog\/products\/exim-cve-2019-10149-protect-yourself\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/devel.www.cpanel.net\/blog\/products\/exim-cve-2019-10149-protect-yourself\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/devel.www.cpanel.net\/"},{"@type":"ListItem","position":2,"name":"Exim CVE-2019-10149: how to protect yourself"}]},{"@type":"WebSite","@id":"https:\/\/devel.www.cpanel.net\/#website","url":"https:\/\/devel.www.cpanel.net\/","name":"cPanel","description":"Hosting Platform of Choices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/devel.www.cpanel.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8","name":"cPanel Community","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g","caption":"cPanel Community"},"description":"The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel & WHM their hosting platform of choice. For more information, visit cPanel.net.","sameAs":["https:\/\/cpanel.net"],"url":"https:\/\/devel.www.cpanel.net\/blog\/author\/cpadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts\/52755"}],"collection":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/users\/77"}],"replies":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/comments?post=52755"}],"version-history":[{"count":0,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts\/52755\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/media\/65181"}],"wp:attachment":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/media?parent=52755"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/categories?post=52755"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/tags?post=52755"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}