Your security is of utmost importance to us, and we will continue to monitor this situation closely. Rest assured, our team is dedicated to keeping your hosting environments secure and up-to-date.
No Action Required by Default on Your End
At cPanel, we prioritize the security of your hosting environments. Therefore, we provide you with important information regarding the recent Zero-Day vulnerabilities that have been disclosed for Exim, the message transfer agent (MTA) used on millions of systems worldwide.
CVE-2023-42119:
Another unknown issue has been reported, this time related to dnsdb, cPanel Exim builds with dnsdb in version 102 and later. If you do not use smart hosts, you are not at risk. However, if you have manually added a dnsdb configuration in any version of cPanel & WHM, please review your settings.
What is Exim?
CVE-2023-42115:
Exim addressed issues specific to external authentication. If you are using cPanel Exim with the default settings, you are not vulnerable to this issue unless the ‘external’ authentication driver is explicitly enabled.
Risk Assessment: Understanding the Zero-Day Disclosures
CVE-2023-42114 & CVE-2023-42116:
Exim fixed vulnerabilities related to SPA (Secure Password Authentication) and NTLM (NT LAN Manager). By default, cPanel Exim is not vulnerable to these issues unless the ‘SPA’ authentication driver is activated.
Exim serves as a robust message transfer agent (MTA) initially created at the University of Cambridge for Unix systems that maintain internet connectivity. This versatile MTA boasts a widespread presence across millions of systems globally and has a track record of encountering noteworthy security challenges.
Enjoyed reading it?
Share this post
If you have any questions or concerns about any potential vulnerabilities or any other security-related matters, please do not hesitate to reach out to our support team. We are here to assist you in every way.
Just a few days ago, Zero Day Initiative (ZDI) publicly disclosed not one, not two, but six Zero-Day vulnerabilities in the widely-used Exim mail server. These vulnerabilities have been lurking in the shadows since their discovery in June 2022, when precautionary steps were taken to release patches for Exim and libspf2. Now, the vulnerabilities are finally unraveled. And spoiler alert, you are totally safe!
Based on our latest risk assessment and understanding of the defect reports, no further action is required from your side. Further changes in cPanel & WHM of any version are not needed.
Your Safety First
Here is what we currently know about the Zero-Day vulnerabilities recently disclosed through the Zero Day Initiative (ZDI):
CVE-2023-42117:
There is a known defect related to proxy protocol usage in Exim. This only poses a risk if your mail traffic is being proxied to your server, and the proxy is untrusted. We recommend verifying the trustworthiness of your proxy.