Exim Buffer Overflow RCE Vulnerability CVE-2018-6789

Avatar
  • Answered
My company does not use Exim, but resides on shared hosting and have very limited control on what services are run on that host. The platform is currently running version 4.89_1 but the attack works on everything below 4.90.1. How is Inmotion handling this and when do they plan to update to 4.90.1?
Avatar
KyleM
Hello,

Thanks for asking about the recent exim vulnerability. All of our shared servers were pathed the day the vulnerability was released. You may want to check with your provider to see if the vulnerability has been patched or not because even though the version number is one of the effected versions it can still be patched. This is because CentOS (The OS that cPanel runs on and most shared providers) uses backports which means it could be advertising a certain version even though its an updated version of that version that is not vulnerable, this is done to prevent compatability issues in most cases.

Best Regards,
KyleM