Just a few days ago, Zero Day Initiative (ZDI) publicly disclosed not one, not two, but six Zero-Day vulnerabilities in the widely-used Exim mail server. These vulnerabilities have been lurking in the shadows since their discovery in June 2022, when precautionary steps were taken to release patches for Exim and libspf2. Now, the vulnerabilities are finally unraveled. And spoiler alert, you are totally safe!
No Action Required by Default on Your End
At cPanel, we prioritize the security of your hosting environments. Therefore, we provide you with important information regarding the recent Zero-Day vulnerabilities that have been disclosed for Exim, the message transfer agent (MTA) used on millions of systems worldwide.
Based on our latest risk assessment and understanding of the defect reports, no further action is required from your side. Further changes in cPanel & WHM of any version are not needed.
What is Exim?
Exim serves as a robust message transfer agent (MTA) initially created at the University of Cambridge for Unix systems that maintain internet connectivity. This versatile MTA boasts a widespread presence across millions of systems globally and has a track record of encountering noteworthy security challenges.
Risk Assessment: Understanding the Zero-Day Disclosures
Here is what we currently know about the Zero-Day vulnerabilities recently disclosed through the Zero Day Initiative (ZDI):
CVE-2023-42115:
Exim addressed issues specific to external authentication. If you are using cPanel Exim with the default settings, you are not vulnerable to this issue unless the ‘external’ authentication driver is explicitly enabled.
CVE-2023-42114 & CVE-2023-42116:
Exim fixed vulnerabilities related to SPA (Secure Password Authentication) and NTLM (NT LAN Manager). By default, cPanel Exim is not vulnerable to these issues unless the ‘SPA’ authentication driver is activated.
CVE-2023-42117:
There is a known defect related to proxy protocol usage in Exim. This only poses a risk if your mail traffic is being proxied to your server, and the proxy is untrusted. We recommend verifying the trustworthiness of your proxy.
CVE-2023-42118:
A vulnerability related to libspf2 has been patched by cPanel to protect against integer underflow. However, due to limited details in ZDI’s reports, the exact nature of the problem remains unknown.
CVE-2023-42119:
Another unknown issue has been reported, this time related to dnsdb, cPanel Exim builds with dnsdb in version 102 and later. If you do not use smart hosts, you are not at risk. However, if you have manually added a dnsdb configuration in any version of cPanel & WHM, please review your settings.
Your Safety First
Your security is of utmost importance to us, and we will continue to monitor this situation closely. Rest assured, our team is dedicated to keeping your hosting environments secure and up-to-date.
If you have any questions or concerns about any potential vulnerabilities or any other security-related matters, please do not hesitate to reach out to our support team. We are here to assist you in every way.
