Exim is the mail server software cPanel & WHM servers use. Last week an exploit for Exim was identified, and today a patch for the exploit was released. This exploit allowed for both local and remote root-level privilege escalation. That means that you won’t need to be able to access the server as a user to exploit the server, as is the case with most security vulnerabilities that are found.
The best way to protect yourself is to upgrade to a supported version of cPanel & WHM. All supported versions of cPanel & WHM are immune to the exploit. Version 80 was never vulnerable, as it included a newer (and non-vulnerable) version of Exim. Thanks in large part to the improvements we’ve made around installs and updates, we were also able to take that update from Exim, test it, and release an update for Version 78 today.
To confirm you are already running a patched version, you can run this command on the server:
rpm -q exim
The output will show you the Exim versions that are installed, and should look something like what’s below:
For Version 78: exim-4.92-1.cp1178.x86_64
For Version 80: exim-4.92-1.cp1180.x86_64
cPanel & WHM Version 76 reached end of life in April of this year and was the last version to support EasyApache 3. Some hosting providers have not yet migrated to EasyApache 4, which means they are prevented from upgrading beyond Version 76. If you are using EasyApache 3, you are not only vulnerable to this exploit, but also dozens of exploits that exist in the now end-of-life versions of Apache and PHP used by EasyApache 3.
If you are concerned about migrating to EasyApache 4, you shouldn’t be! Migrating to EasyApache 4 is easy! Our Documentation breaks down all of the changes that have been made in the migration process in The EasyApache 3 to EasyApache 4 Migration Process. Any concerns about specific parts of the migration can be eased by reviewing the Current Status of EasyApache 4 documentation, which breaks down all of the bits we took into account.
Migrating can be done with the click of a button inside WHM. Just log in, go to the EasyApache 4 interface, and click Migrate. The command line steps to migrate can be found in our How to Install EasyApache 4 documentation as well.
There are no known-good workarounds at this time. The only way to ensure that you are protected is to upgrade your server to a patched version. Both Versions 78 and 80 are patched at this time. You can also see the CVE-2019-10149 Exim page in our documentation for more information about our response.
If you need help with any of this, don’t hesitate to reach out! The best places to ask questions are the cPanel Forums, our directly to our support team. You can also join us in our Slack or Discord channels, or even ask on our subreddit!