The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mail Server Fails PCI Compliance because of SMTP Buffer Overflow Threat

Discussion in 'Security' started by darren0610, Aug 27, 2010.

  1. darren0610

    darren0610 Member

    Joined:
    Aug 27, 2010
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Hey all I get this message when failing the PCI compliance:
    The remote SMTP server is vulnerable to a buffer overflow. Description : The remote SMTP server crashes when it is sent a command with a too long argument. An attacker might use this flaw to kill this service or worse, execute arbitrary code on your server.

    I have enabled the SMTP tweak and it still fails. Is there a way I can allow the PCI compliance scanner to bypass the SMTP proxy or make it so the scanner gets a message with cPanel/WHM?
     
  2. sirdopes

    sirdopes Well-Known Member
    PartnerNOC

    Joined:
    Sep 25, 2007
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    Generally, I have seen this error caused by some kind of firewall. The pci scanner makes multiple requests in a short period of time and the scanner gets blocked. It shows that it can't connect after sending a large string and assumes that it crashed and that is why it is not responding. You can just whitelist the scanner's ip or try just providing the logs showing that exim did not crash.
     
  3. darren0610

    darren0610 Member

    Joined:
    Aug 27, 2010
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I tried to white list it and it still fails. It must be something with cPanel as we have white listed the IP, done REJECT instead of DROP on IPTABLES. We are still looking.
     
  4. sirdopes

    sirdopes Well-Known Member
    PartnerNOC

    Joined:
    Sep 25, 2007
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    What iptables do you have set for port 25?
     
Loading...

Share This Page