25th Anniversary Savings | 25% Off Dedicated Servers*Shop Now
25th Anniversary Savings | 25% Off VPS Hosting* †††Shop Now
Limited Inventory: High-Performance AMD-Powered Servers Now Available.* Shop Now >

How To Protect Your cPanel Server Against CVE-2016-1531

Posted on by dpepper
Reading Time: 2 minutes

Overview

On March 2, Exim announced via its mailing list that it had discovered a vulnerability in all versions of its mail transport agent. Exim is the default MTA on cPanel servers. The latest version patches the vulnerability, and the latest cPanel update resolves the issue.

Impact

Exim says that all installations of its MTA were vulnerable to a condition in which an attacker with any level of privileges on the server could gain root privileges. The versions of cPanel & WHM listed below are protected against the attack on Exim. Any version prior to the current versions listed below are vulnerable:

  • 11.50.5.0
  • 11.52.4.0
  • 54.0.18
  • 55.9999.106 (EDGE tier only)

Is Exim Vulnerable on Your Server?

If your cPanel server has automatic updates enabled, then the patch will already have been applied.

You can confirm that your server is protected simply by logging into WHM and checking the version listed at the top of the screen, as shown in the image below:

Check WHM version

Note: the “build” listed after the version represents the final digits in the release version. In the example above, WHM 54.0 (build 18) indicates that the version is 54.0.18.

Resolution

If you are not already on the latest version of cPanel, follow these instructions to enable automatic updates. Once you click the Save button to change your settings, you will have the option to update the server to the latest version immediately by clicking the link in the confirmation message as shown below:

UpdateNow

 

Avatar for dpepper

About the Author: dpepper

Latest Articles

PHP 7 vs PHP 8: A Comparison

Read Article

How to Create a Symbolic Link

Read Article

What Is A Private VPS Parent?

Read Article

Managed Hosting vs Unmanaged VPS Hosting

Read Article

Why Is Your IP Address Blocked?

Read Article