{"id":771,"date":"2021-07-23T12:37:46","date_gmt":"2021-07-23T12:37:46","guid":{"rendered":"https:\/\/ssdsunucum.com\/blog\/cve-2017-1000369-exim-stack-clash\/"},"modified":"2021-07-23T12:37:46","modified_gmt":"2021-07-23T12:37:46","slug":"cve-2017-1000369-exim-stack-clash","status":"publish","type":"post","link":"https:\/\/ssdsunucum.com\/blog\/cve-2017-1000369-exim-stack-clash\/","title":{"rendered":"CVE 2017 1000369 Exim Stack Clash"},"content":{"rendered":"<\/p>\n<div class=\"col-md-9\">\n<div class=\"flex-column flex-md-row article-header\"><\/div>\n<hr>\n<h2 id=\"background-information\">Background Information<\/h2>\n<p>On Monday, June 19, 2017, Qualsys announced memory handling vulnerabilities in a number of software distributions, including a vulnerability that could leverage a bug in the Exim software to achieve a local privilege escalation to <code>root<\/code>.<\/p>\n<h2 id=\"impact\">Impact<\/h2>\n<p>Vulnerable versions of Exim can be susceptible to local privilege escalation to <code>root<\/code>.<\/p>\n<h2 id=\"releases\">Releases<\/h2>\n<ul>\n<li>\n<p>64 \u2014 64.0.30<\/p>\n<\/li>\n<li>\n<p>62 \u2014 62.0.25<\/p>\n<\/li>\n<li>\n<p>CURRENT \u2014 64.0.30<\/p>\n<\/li>\n<li>\n<p>RELEASE \u2014 64.0.30<\/p>\n<\/li>\n<li>\n<p>STABLE \u2014 64.0.30<\/p>\n<\/li>\n<\/ul>\n<h2 id=\"how-to-determine-if-your-server-is-up-to-date\">How to determine if your server is up to date<\/h2>\n<p>The updated RPMs provided by cPanel will contain a changelog entry with the CVE number. You can check for this changelog entry with the following command: <\/p>\n<div class=\"highlight\">\n<pre style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4\"><code class=\"language-perl\" data-lang=\"perl\">rpm <span style=\"color:#f92672\">-<\/span><span style=\"color:#e6db74\">q --changelog <\/span>exim <span style=\"color:#f92672\">|<\/span> grep CVE<span style=\"color:#f92672\">-<\/span><span style=\"color:#ae81ff\">2017<\/span><span style=\"color:#f92672\">-<\/span><span style=\"color:#ae81ff\">1000369<\/span><\/code><\/pre>\n<\/div>\n<p>The output should resemble below: <\/p>\n<div class=\"highlight\">\n<pre style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4\"><code class=\"language-perl\" data-lang=\"perl\"><span style=\"color:#f92672\">-<\/span> Applied patch <span style=\"color:#66d9ef\">for<\/span> CVE<span style=\"color:#f92672\">-<\/span><span style=\"color:#ae81ff\">2017<\/span><span style=\"color:#f92672\">-<\/span><span style=\"color:#ae81ff\">1000369<\/span><\/code><\/pre>\n<\/div>\n<h2 id=\"what-to-do-if-you-are-not-up-to-date\">What to do if you are not up to date<\/h2>\n<p>If your server is not running one of the above versions, update immediately.<\/p>\n<p>To upgrade your server, use WHM\u2019s <em>Upgrade to Latest Version<\/em> interface (<em>WHM &gt;&gt; Home &gt;&gt; cPanel &gt;&gt; Upgrade to Latest Version<\/em>).<\/p>\n<p>Alternatively, you can run the below commands to upgrade your server from the command line: <\/p>\n<div class=\"highlight\">\n<div style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4\">\n<table style=\"border-spacing:0;padding:0;margin:0;border:0;width:auto;overflow:auto;display:block;\">\n<tr>\n<td style=\"vertical-align:top;padding:0;margin:0;border:0;\">\n<pre style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4\"><code class=\"language-go\" data-lang=\"go\"><span style=\"margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f\">1\n<\/span><span style=\"margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f\">2\n<\/span><\/code><\/pre>\n<\/td>\n<td style=\"vertical-align:top;padding:0;margin:0;border:0;;width:100%\">\n<pre style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4\"><code class=\"language-go\" data-lang=\"go\"><span style=\"color:#f92672\">\/<\/span><span style=\"color:#a6e22e\">scripts<\/span><span style=\"color:#f92672\">\/<\/span><span style=\"color:#a6e22e\">upcp<\/span>\n<span style=\"color:#f92672\">\/<\/span><span style=\"color:#a6e22e\">scripts<\/span><span style=\"color:#f92672\">\/<\/span><span style=\"color:#a6e22e\">check_cpanel_rpms<\/span> <span style=\"color:#f92672\">--<\/span><span style=\"color:#a6e22e\">fix<\/span> <span style=\"color:#f92672\">--<\/span><span style=\"color:#a6e22e\">long<\/span><span style=\"color:#f92672\">-<\/span><span style=\"color:#a6e22e\">list<\/span><\/code><\/pre>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n<p>Verify the new Exim RPM was installed: <\/p>\n<div class=\"highlight\">\n<pre style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4\"><code class=\"language-perl\" data-lang=\"perl\">rpm <span style=\"color:#f92672\">-<\/span><span style=\"color:#e6db74\">q --changelog <\/span>exim <span style=\"color:#f92672\">|<\/span> grep CVE<span style=\"color:#f92672\">-<\/span><span style=\"color:#ae81ff\">2017<\/span><span style=\"color:#f92672\">-<\/span><span style=\"color:#ae81ff\">1000369<\/span><\/code><\/pre>\n<\/div>\n<p>The output should resemble below: <\/p>\n<div class=\"highlight\">\n<pre style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4\"><code class=\"language-perl\" data-lang=\"perl\"><span style=\"color:#f92672\">-<\/span> Applied patch <span style=\"color:#66d9ef\">for<\/span> CVE<span style=\"color:#f92672\">-<\/span><span style=\"color:#ae81ff\">2017<\/span><span style=\"color:#f92672\">-<\/span><span style=\"color:#ae81ff\">1000369<\/span><\/code><\/pre>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Background Information On Monday, June 19, 2017, Qualsys announced memory handling vulnerabilities in a number of software distributions, including a vulnerability that could leverage a bug in the Exim software to achieve a local privilege escalation to root. Impact Vulnerable versions of Exim can be susceptible to local privilege escalation to root. Releases 64 \u2014 &hellip;<\/p>\n","protected":false},"author":1,"featured_media":772,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/771"}],"collection":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/comments?post=771"}],"version-history":[{"count":0,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/771\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media\/772"}],"wp:attachment":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media?parent=771"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/categories?post=771"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/tags?post=771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}