WHM/cPanel - Urgent Updates for 70, 76, and 78
Posted by Support Admin on 09 July 2020 12:59 PM
Update now to protect yourself and your users
In a post on the cPanel Blog last week, cPanel shared information regarding an exploit that had been identified in Exim. This exploit allows attackers to execute code as the root user on your server without authentication and was rated a 9.8 in severity. This exploit has now been weaponized and is being actively used to gain root-level access to vulnerable servers. Update today to ensure your server is not vulnerable.
cPanel & WHM Version 80 was never vulnerable to this exploit, and we released a patch for Version 78 the day it was provided by Exim last week. cPanel also backported the patch to the recently End of Life Version 70 and Version 76 after more details were released on Thursday, including details on exactly how to gain root access to a remote server.
The updated RPMs provided by cPanel should be at least 4.91-4 on versions 70 and 76 and at least 4.92 on versions 78 and above. Run the following command to see the current version of Exim:
rpm -q exim
The output should resemble below:
Versions 70 and 76 exim-4.91-4.cp1170.x86_64
Version 78 exim-4.92-1.cp1178.x86_64
Version 80 exim-4.92-1.cp1180.x86_64
You can refer to this article in our documentation for help updating to the patched version.
While Exim is open source software that we bundle with our cPanel & WHM and is not built by cPanel, this vulnerability is something that we feel deserves our attention. This is an extremely rare and specific situation that has the potential to impact everyone who interacts with the internet in any way. For that reason, we have released an update to patch this vulnerability for both Version 70 and Version 76.
cPanel & WHM Versions 70 and 76 remain End of Life and will receive no other updates. This is a one-time bending of our policy, and we do not plan to pursue any other updates for these versions. We still strongly recommend that you keep your servers updated, and continue to run the most recent versions of cPanel & WHM available.
The most current version today is Version 80. Some of the highlights of that version can be found below.