Scroll Top

Critical Exim Security Vulnerability

November 25, 2017

A remote code execution vulnerability has been reported in Exim, with immediate public disclosure (we were given no private notice). A tentative patch exists but has not yet been confirmed. Exim is a widely used mail transfer agent used on Unix-like operating systems.

With immediate effect, please apply this workaround: if you are running Exim 4.88 or newer (4.89 is current, 4.90 is upcoming) then in the main section of your Exim configuration, set:

chunking_advertise_hosts =

 

That’s an empty value, nothing on the right of the equals. This disables advertising the ESMTP CHUNKING extension, making the BDAT verb unavailable and avoids letting an attacker apply the logic.

This should be a complete workaround. Impact of applying the workaround is that mail senders have to stick to the traditional DATA verb instead of using BDAT.

We’ve requested CVEs. More news will be forthcoming as we get this worked out.

A quick check can be performed to see if you are vulnerable:
exim -bP | grep chunking_advertise_hosts

If the value is empty you are safe. If you’d like to remove the value enter the following:
sed -i 's/chunking_advertise_hosts.*/chunking_advertise_hosts =/g' /etc/exim.conf

For servers running cPanel:

# perl -pi.bak -e "s/^chunking_advertise_hosts =.*/chunking_advertise_hosts = /g" /usr/local/cpanel/etc/exim/config_options # /scripts/buildeximconf # /scripts/restartsrv_exim

 

This will remove the configured hosts that the chunking_advertise_hosts option currently has and set it to an empty host list. It will also back up the current /usr/local/cpanel/etc/exim/config_options as /usr/local/cpanel/etc/exim/config_options.bak.

It is recommended that you take immediate action.

EDIT: servers running DirectAdmin are NOT affected. The chunking_advertise_hosts directive can be found in the exim.variables.conf file and has an empty value by default.

 

More Information:
https://lists.gt.net/exim/announce/108962

Ongoing Discussion via WHT:
http://www.webhostingtalk.com/showthread.php?t=1684234

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW
We respect your privacy.

Related Posts

cPanel TSR-2015-0005 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv2 scores ranging from…

22 Sep 2015
cPanel TSR-2017-0002 Announcement

cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from…

31 Mar 2017
Linux Sudo patches address vulnerability

Security updates have been issued for several Linux distributions to address a flaw in Sudo. Sudo allows users to run programs with the security privileges of another user, by default the superuser. Users must, by default, supply their own password for authentication, rather than the password of the target…

02 Jun 2017
Plesk 12 Security Updates Issued

An update for Plesk 12 (Windows) was just released to address various security vulnerabilities and it is recommended that you update as soon as possible. Official Link: http://download1.parallels.com/Plesk/PP12/12.0/release-notes/parallels-plesk-12.0-for-windows-change-log.html#12018-mu52 Join Our Online Security and Hosting Newsletter Today and stay updated with the latest news, updates, releases & much more. Subscribe…

26 Jun 2015
Exim – Math Comparison Functions Local Command Execution

Exim contains a flaw in the expansion of arguments to math comparison functions, which can result in the values being doubled. The end result is that an attacker can perform a local command execution if they are able to perform a look-up using Exim against files that they can…

25 Jul 2014
Vulnerability in Code Snippets plugin for WordPress discovered

A serious vulnerability has been discovered in older versions of the popular Code Snippets plugin for WordPress. The flaw allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site. This is a Cross-Site Request Forgery (CSRF) to Remote Code Execution…

11 Feb 2020
LiteSpeed Security Update Issued

An update for LiteSpeed 4 & 5 was just released to address a security vulnerability within OpenSSL (CVE-2015-1793) and it is recommended that you update as soon as possible. Join Our Online Security and Hosting Newsletter Today and stay updated with the latest news, updates, releases & much more….

10 Jul 2015
Vulnerabilities found in Newsletter plugin for WordPress

Newsletter, a free WordPress plugin with more than 300,000 installations, was found to contain multiple vulnerabilities that could eventually lead to the takeover of an affected website. The bugs were discovered by the Wordfence team who notified the developer of the plugin. Join Our Online Security and Hosting Newsletter…

07 Aug 2020
Xen security updates issued

Numerous updates were just released to address various security vulnerabilities and it is recommended that you update as soon as possible. (XSA-145 to XSA-153) Official Link: http://xenbits.xen.org/xsa/ Source: Hostingseclist Join Our Online Security and Hosting Newsletter Today and stay updated with the latest news, updates, releases & much more….

29 Oct 2015
MariaDB – MyiSAM/Aria File Delete Vulnerability

Product Description: MariaDB Server is one of the most popular database servers in the world. It is developed by the original creators of the ubiquitous MySQL server and it is guaranteed by the developers to remain open source software. Notable users of MariaDB include Wikipedia, WordPress.com and Google. MariaDB…

09 Nov 2020
WordPress 4.7.2 security update

WordPress 4.7.2 was released last Thursday, January 26th. WordPress have just announced that In addition to the three security vulnerabilities mentioned in the original release post, WordPress 4.7 and 4.7.1 had one additional vulnerability for which disclosure was delayed. Join Our Online Security and Hosting Newsletter Today and stay…

06 Feb 2017
Drupal security vulnerabilities discovered SA-CORE-2017-003

  Multiple vulnerabilities for the Drupal CMS have been discovered. Drupal have released versions 8.3.4 and 7.56 which contain fixes for these security vulnerabilities. We recommend that you update Drupal as soon as possible. Join Our Online Security and Hosting Newsletter Today and stay updated with the latest news,…

24 Jun 2017
Magento Security Update Issued

An update for Magento was just released to address a critical security vulnerability and it is recommended that you update as soon as possible. Official Link: http://bit.ly/1flmoA8 Source: hostingseclist.com Join Our Online Security and Hosting Newsletter Today and stay updated with the latest news, updates, releases & much more….

07 Jul 2015
VMware Update Fixes Critical Remote Code Execution Vulnerability

VMware has fixed a critical flaw in its vCenter Server that could be exploited to execute code remotely. The vulnerability affects vCenter versions 6.5 and 6.0. Users are urged to upgrade to versions 6.5c or 6.0U3b. US-CERT warned about the vulnerability, stressing exploitation could result in an attacker taking…

19 Apr 2017
WordPress Security Update Issued

WordPress 4.2.3 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. Join Our Online Security and Hosting Newsletter Today and stay updated with the latest news, updates, releases & much more. Subscribe Email I agree…

23 Jul 2015

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW
We respect your privacy.
close-link
Our website uses cookies from third party services to improve your browsing experience. Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required
Privacy Policy Cookies Policy