Reseller Login or Sign up FAQ Search
ResellersPanel's Blog

Critical RCE vulnerability affects half of email servers online. We are patched so you are safe on our platform!

The security researchers from Qualys – a cyber-security company, revealed last week that a critical RCE security flaw has impacted over half of the Internet’s email servers.

RCE (Remote code execution) is the ability of an attacker to access a computing device with user privileges and execute malicious code.

That vulnerability affects Exim – a mail transfer agent which relays emails from senders to recipients.

The Exim vulnerability empowers an attacker to run commands on a remote email server as root and take control of a system.

Exim is running on 57% of all mail servers on the Internet, according to a recent study.

The vulnerability was patched accidentally with the release of Exim 4.92 in February this year.

So the RCE flaw is now affecting all Exim installations with versions 4.87 to 4.91.

For that reason, Exim users are urged to update to the 4.92 version to avoid any mail service disruption.

According to the mail server report mentioned above, only 4.34% of all Exim servers are currently running the safe v.4.92 release.

This Exim vulnerability is currently tracked under the CVE-2019-10149 identifier, but is informally referred to as “Return of the WIZard” because of its similarity with the ancient WIZ and DEBUG vulnerabilities that hit the Internet more than 20 years ago.

How to protect yourself from the CVE-2019-10149 vulnerability?

If you are using our services, you can rest assured that all of our servers are patched and fully immune to the CVE-2019-10149 vulnerability.

Otherwise, the best way to protect yourself is to upgrade to a patched version of cPanel & WHM as recommended on cPanel’s official blog.

Both Versions 78 and 80 are currently patched. For the latest updates on the matter, you can follow with the CVE-2019-10149 Exim page.

You can also ask questions in the cPanel Forums, or contact the cPanel’s support team directly.

To make sure that you are running a patched version on the server, you can use the following command:

rpm -q exim

The output should list the Exim versions that are currently installed on the server:

For Version 78: exim-4.92-1.cp1178.x86_64

For Version 80: exim-4.92-1.cp1180.x86_64

For Version 70 and 76: exim-4.91-4.cp1170.x86_64

Originally published Wednesday, June 12th, 2019 at 3:45 pm, updated June 14, 2019 and is filed under Online Security.


Leave a Reply

« Back to menu