{"id":790,"date":"2021-07-23T12:38:16","date_gmt":"2021-07-23T12:38:16","guid":{"rendered":"https:\/\/ssdsunucum.com\/blog\/cve-2016-9963-exim\/"},"modified":"2021-07-23T12:38:16","modified_gmt":"2021-07-23T12:38:16","slug":"cve-2016-9963-exim","status":"publish","type":"post","link":"https:\/\/ssdsunucum.com\/blog\/cve-2016-9963-exim\/","title":{"rendered":"CVE-2016-9963 Exim"},"content":{"rendered":"<\/p>\n
\n
<\/div>\n
\n

Background Information<\/h2>\n

On Sunday, December 25, 2016, Exim announced a vulnerability in versions 4.69 to 4.87 of the Exim software.<\/p>\n

Impact<\/h2>\n

According to Exim development:<\/p>\n

\n

\u201cIf several conditions are met, Exim leaks private information to a remote attacker.\u201d<\/p>\n<\/blockquote>\n

Depending on configuration options for Exim, a domain\u2019s DKIM signing keys can be leaked to Exim log files. Additionally, if the EXPERIMENTAL_DSN_INFO=yes<\/code> build flag is used, DKIM signing keys can be leaked to a remote attacker.<\/p>\n

Exim log files are normally not readable by unprivileged users on cPanel & WHM systems. Additionally, cPanel & WHM does not<\/strong> provide an Exim installation with the EXPERIMENTAL_DSN_INFO=yes<\/code> build flag and does not leak DKIM signing keys to remote attackers based on currently available information. As such, the most severe impacts of CVE-2016-9963 do not apply to cPanel & WHM systems.<\/p>\n

Releases<\/h2>\n

The following versions of cPanel & WHM were patched to have the correct version of Exim.<\/p>\n

    \n
  • \n

    62 \u2014 62.0.1<\/p>\n<\/li>\n

  • \n

    60 \u2014 60.0.31<\/p>\n<\/li>\n

  • \n

    58 \u2014 58.0.41<\/p>\n<\/li>\n

  • \n

    56 \u2014 56.0.41<\/p>\n<\/li>\n

  • \n

    54 \u2014 54.0.34<\/p>\n<\/li>\n

  • \n

    EDGE \u2014 62.0.1<\/p>\n<\/li>\n

  • \n

    CURRENT \u2014 62.0.1<\/p>\n<\/li>\n

  • \n

    RELEASE \u2014 60.0.31<\/p>\n<\/li>\n

  • \n

    STABLE \u2014 60.0.31<\/p>\n<\/li>\n<\/ul>\n

    How to determine if your server is up to date<\/h2>\n

    The updated RPMs provided by cPanel will contain a changelog entry with the CVE number. You can check for this changelog entry with the following command: <\/p>\n

    \n
    rpm -<\/span>q --changelog <\/span>exim |<\/span> grep CVE-<\/span>2016<\/span>-<\/span>9963<\/span><\/code><\/pre>\n<\/div>\n
    The output should resemble below: <\/p>\n
    \n
    -<\/span> Patch for<\/span> CVE-<\/span>2016<\/span>-<\/span>9963<\/span><\/code><\/pre>\n<\/div>\n
    What to do if you are not up to date<\/h2>\n
    If your server is not<\/strong> running one of the above versions, update immediately.<\/p>\n
    To upgrade your server, use WHM\u2019s Upgrade to Latest Version<\/em> interface (WHM >> Home >> cPanel >> Upgrade to Latest Version<\/em>).<\/p>\n
    Alternatively, you can run the below commands to upgrade your server from the command line: <\/p>\n
    \n
    \n\n\n
    \n
    1\n<\/span>2\n<\/span><\/code><\/pre>\n<\/td>\n
    		\n
    \/<\/span>scripts<\/span>\/<\/span>upcp<\/span>\n\/<\/span>scripts<\/span>\/<\/span>check_cpanel_rpms<\/span> --<\/span>fix<\/span> --<\/span>long<\/span>-<\/span>list<\/span><\/code><\/pre>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
    Verify the new Exim RPM was installed: <\/p>\n
    \n
    rpm -<\/span>q --changelog <\/span>exim |<\/span> grep CVE-<\/span>2016<\/span>-<\/span>9963<\/span><\/code><\/pre>\n<\/div>\n
    The output should resemble below: <\/p>\n
    \n
    -<\/span> Patch for<\/span> CVE-<\/span>2016<\/span>-<\/span>9963<\/span><\/code><\/pre>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"
    Background Information On Sunday, December 25, 2016, Exim announced a vulnerability in versions 4.69 to 4.87 of the Exim software. Impact According to Exim development: \u201cIf several conditions are met, Exim leaks private information to a remote attacker.\u201d Depending on configuration options for Exim, a domain\u2019s DKIM signing keys can be leaked to Exim log …<\/p>\n","protected":false},"author":1,"featured_media":791,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/790"}],"collection":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/comments?post=790"}],"version-history":[{"count":0,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/790\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media\/791"}],"wp:attachment":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media?parent=790"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/categories?post=790"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/tags?post=790"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}