Critical root vulnerability on server [CVE-2019-10149 Exim <4.92]

Today I received an email from Linux Malware Detect Software on the vulnerability of my server and would like to share with you how to resolve this issue. Below is the content an email.

Important security notice,
The Linux Malware Detect installation running on server has
detected that you may be vulnerable to a critical remote code execution
vulnerability. The currently installed version of Exim MTA v4 improperly
validates recipient addresses and can allow malicious code execution to
take place. This may provide a path for malicious actors to gain root
access, remotely, to this system. This vulnerability currently has known
exploits circulating with both targeted and automated compromises taking
place against vulnerable systems.

Please upgrade Exim to version 4.92 or a known patched earlier version
immediately. Alternatively, if upgrading is not an immediate option,
consider disabling the Exim MTA service as soon as possible.

Disable Exim:

touch /etc/eximdisable
service exim stop
systemctl disable exim
chkconfig exim off

Upgrade Exim:
1. DirectAdmin:

cd /usr/local/directadmin/custombuild
./build update
./build set exim yes
./build set eximconf yes
./build update
./build exim
./build exim_conf

2. cPanel https://documentation.cpanel.net/display/CKB/CVE-2019-10149+Exim

RedHat / CentOS
https://pkgs.org/download/exim

Further reading:
https://blog.cpanel.com/exim-cve-2019-10149-protect-yourself/
https://documentation.cpanel.net/display/CKB/CVE-2019-10149+Exim
https://www.exim.org/static/doc/security/CVE-2019-10149.txt
https://access.redhat.com/security/cve/cve-2019-10149

Leave a Reply

Your email address will not be published. Required fields are marked *

82 − 73 =