cPanel and SMTP smuggling`

[rclemings]

This CVE says that Exim <4.97 may be vulnerable to SMTP smuggling

https://nvd.nist.gov/vuln/detail/CVE-2023-51766

My up-to-date cPanel 110.0.17 (LTS) is using Exim 4.96.2-1.cp108~el7.

I don't know what newer cPanel versions are using, but in any case, do we need to worry? (And if so, who can prod cPanel to update?)

What's SMTP smugging? See: https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

 

[Stuart Elliot]

Im in the same boat. Trying to pass my PCI - DSS on the servers and im getting this issue.

 

[KH-Jonathan]

I'll give cPanel a poke and see what they say.

 

[Stuart Elliot]

Is it worth , me creating a support ticket for this?

 

[KH-Jonathan]

Is it worth , me creating a support ticket for this?

Nah it won't speed anything up or help. I'll let ya know here when I hear back from them.

 

[KH-Jonathan]

It should hit cPanel 116 this week. I'm trying to find out about LTS.

 

[KH-Jonathan]

LTS (110) should get it next week.

 

[Stuart Elliot]

You are a star. Thank you very much Jonathan. PS do you do any consultation work ? or any server management support or know of anyone.

 

[KH-Jonathan]

You are a star. Thank you very much Jonathan. PS do you do any consultation work ? or any server management support or know of anyone.

We offer professional services at an hourly rate Toss in a ticket and let us know what you need.