Recently, Qualys, a cyber-security firm specializing in cloud security and compliance, has analyzed an exploitable vulnerability reported to Exim that affects cPanel versions lower than 78. Exim is the mail server software that runs on Unix-like systems, such as cPanel and WHM, to relay emails from senders to recipients. This exploit, tracked as CVE-2019-15846, allows local or remote unauthenticated attackers to execute programs with administrative privileges on servers that accept TLS connections.
cPanel has released an update to patch this vulnerability for Versions 78 and 82. If you are a shared hosting customer, we have already applied the relevant patches and there is no further action required for you.
For VPS and dedicated server customers, to ensure that your server receives the patch, please update to one of the following versions:
cPanel and WHM Versions 70 and 76 have reached End of Life and will not receive any updates. To confirm you are running a patched version, you can run this command on the server:
rpm -q exim
The output will show you the Exim version that is installed in your server and should look similar to this:
For Version 82: exim-4.92-3.cp1180.x86_64
For LTS version 78: exim-4.92-5.cp1178.x86_64
If your server is not running one of the above versions, update immediately. To upgrade your server, use WHM’s interface and go to Home >> cPanel >> Upgrade to Latest Version. Alternatively, you can run the commands below to upgrade your server from the command line:
/scripts/check_cpanel_rpms –fix –long-list
Once this is done, verify the new Exim RPM was installed by running the command mentioned above.
There are currently no known workarounds and Canadian Web Hosting strongly recommends that you upgrade your server to a patched version. Please refer to the CVE-2019-15846 Exim page for more information.
Customers with any questions or require assistance, please contact our Support Team at 1-604-283-2127 or email firstname.lastname@example.org.