The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BIND Version Not Supported by Trustwave

Discussion in 'Security' started by Blakles, Sep 5, 2012.

  1. Blakles

    Blakles Member

    Joined:
    Mar 9, 2012
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    On our latest PCI compliance security scan, we only had one item fail and it was this:

    Unsupported Version of ISC BIND - The version of ISC Bind detected is no longer supported by the vendor. No further security patches or upgrades will be released by the vendor for this version, and the vendor will not evaluate this version when investigating new vulnerability reports.

    We are currently running BIND 9.3.6-P1-RedHat-9.3.6-20.P1.e15_8.2

    We have all automatic updates turned on with the tier level set to "current". Trustwave is wanting us to update to at least BIND 9.5.2-P4.

    Since we are on daily automatic updates, why is the BIND version so old? How can I go about updating it without doing it manually (which I heard is a bad idea)?
     
  2. d'argo

    d'argo Active Member

    Joined:
    Jul 4, 2012
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    thats a false positive. redhat supports bind 9.3.6 and patches it. so trustwave is wrong. either find a new pci auditor or tell trustwave they need to fix their scanner.
     
  3. LDHosting

    LDHosting Well-Known Member

    Joined:
    Jan 19, 2008
    Messages:
    93
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    As d'argo said, patches for bind are backported. You can see the patches that have been applied with the following command:

    Code:
    rpm -q bind --changelog
    If you mark this as a false positive and explain it to Trustwave, they should override this for you.
     
  4. Blakles

    Blakles Member

    Joined:
    Mar 9, 2012
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks, both of you! I disputed the finding and it was approved.
     
Loading...

Share This Page