Today I received an email from Linux Malware Detect Software on the vulnerability of my server and would like to share with you how to resolve this issue. Below is the content an email.
Important security notice, The Linux Malware Detect installation running on server has detected that you may be vulnerable to a critical remote code execution vulnerability. The currently installed version of Exim MTA v4 improperly validates recipient addresses and can allow malicious code execution to take place. This may provide a path for malicious actors to gain root access, remotely, to this system. This vulnerability currently has known exploits circulating with both targeted and automated compromises taking place against vulnerable systems. Please upgrade Exim to version 4.92 or a known patched earlier version immediately. Alternatively, if upgrading is not an immediate option, consider disabling the Exim MTA service as soon as possible.
Disable Exim:
touch /etc/eximdisable service exim stop systemctl disable exim chkconfig exim off
Upgrade Exim:
1. DirectAdmin:
cd /usr/local/directadmin/custombuild ./build update ./build set exim yes ./build set eximconf yes ./build update ./build exim ./build exim_conf
2. cPanel https://documentation.cpanel.net/display/CKB/CVE-2019-10149+Exim
RedHat / CentOS
https://pkgs.org/download/exim
Further reading:
https://blog.cpanel.com/exim-cve-2019-10149-protect-yourself/
https://documentation.cpanel.net/display/CKB/CVE-2019-10149+Exim
https://www.exim.org/static/doc/security/CVE-2019-10149.txt
https://access.redhat.com/security/cve/cve-2019-10149