Mail Server Fails PCI Compliance because of SMTP Buffer Overflow Threat

**darren0610** · 08-27-2010 10:09 AM

Hey all I get this message when failing the PCI compliance:
The remote SMTP server is vulnerable to a buffer overflow. Description : The remote SMTP server crashes when it is sent a command with a too long argument. An attacker might use this flaw to kill this service or worse, execute arbitrary code on your server.

I have enabled the SMTP tweak and it still fails. Is there a way I can allow the PCI compliance scanner to bypass the SMTP proxy or make it so the scanner gets a message with cPanel/WHM?

**sirdopes** · 08-27-2010 06:26 PM

Generally, I have seen this error caused by some kind of firewall. The pci scanner makes multiple requests in a short period of time and the scanner gets blocked. It shows that it can't connect after sending a large string and assumes that it crashed and that is why it is not responding. You can just whitelist the scanner's ip or try just providing the logs showing that exim did not crash.

**darren0610** · 08-29-2010 06:25 PM

I tried to white list it and it still fails. It must be something with cPanel as we have white listed the IP, done REJECT instead of DROP on IPTABLES. We are still looking.

**sirdopes** · 08-30-2010 02:02 PM

What iptables do you have set for port 25?

LinkBack

Thread Tools

Mail Server Fails PCI Compliance because of SMTP Buffer Overflow Threat

Security Metrics PCI compliance - Exim fails test.

Is this serious? PHP <= 4.4.3 / 5.1.4 (objIndex) Local Buffer Overflow Exploit PoC

Buffer Overflow Attemp?