OpenSSL, Exim Version problems for PCI-Compliance

[jlhost]

cPanel is nightmare when it comes to PCI-Compliance I found out. I've been working on this for the last 2 weeks with no success.

cPanel support recommended a change to the latest CURRENT build for the apparent compatible version, but no - it doesn't seem like it.

After an update to the latest CURRENT cPanel, we fail OpenSSL version test. I installed OpenSSL latest manually but still fail.

[root@sm1 ~]# rpm -qa | grep openssl
openssl096b-0.9.6b-22.46
openssl-devel-0.9.7a-43.17.el4_6.1
openssl-0.9.7a-43.17.el4_6.1
xmlsec1-openssl-1.2.6-3
[root@sm1 ~]#

[root@sm1 ~]# openssl version
OpenSSL 0.9.8i 15 Sep 2008
[root@sm1 ~]#

Also a NEW exim problem now:

The remote host is running a version of the Exim MTA which is vulnerable to several remote buffer overflows. Specifically, if either 'headers_check_syntax' or 'sender_verify = true' is in the exim.conf file, then a remote attacker may be able to execute a classic stack- based overflow and gain inappropriate access to the machine. *** If you are running checks with safe_checks enabled, this may be a false positive as only banners were used to assess the risk! *** It is known that Exim 3.35 and 4.32 are vulnerable. Solution: Upgrade to Exim latest version Risk Factor: High [More] [Hide]

Our exim is the latest version...

Anybody had these problems with their cPanel servers? How helpful were the cPanel support team to you in getting these resolved?

[cpanelkenneth]

The OpenSSL matter is more than likely a false positive. You will find some very good threads on the forum about such matters. Search for PCI OpenSSL. And likewise with Exim.

[lostmind]

May I suggest an email to cpanel support?

They have been extremely helpful when it comes to this.