The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenSSL banner / PCI compliance

Discussion in 'General Discussion' started by ndial, Jun 17, 2005.

  1. ndial

    ndial Registered

    Joined:
    Jun 17, 2005
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    For my company's latest compliance audit, we had a vulnerability test run against our server. The test reports that we're running Openssl 0.9.7a and that there is a "High" security risk related to that.

    From speaking to other cPanel users and reading the forums, I've learned that cPanel builds a "patched version" and that even though the hbanner says 0.9.7a, it's really got the fix for that vulnerability.

    So ...
    1) how can I know that for sure, besides taking peoples' word for it, and

    2) Where is some documentation to back it up, suitable for presenting in an audit report?

    3) if it happens to really be running an older, unpatched version of openSSL, is there ay way in cPanel to fix it?
     
  2. richy

    richy Well-Known Member

    Joined:
    Jun 30, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    16
    No, it's not cPanel, it's RedHat that "back ports" security patches.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Indeed. You will find the relevant information over on redhat.com, though their site is a nightmare to navigate.
     
Loading...

Share This Page