The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PCI Compliance Fail - Ports 2083, 2087 and 2096

Discussion in 'Security' started by dhammerindy, Aug 7, 2014.

  1. dhammerindy

    dhammerindy Registered

    Joined:
    Aug 7, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Indianapolis, Indiana, United States
    cPanel Access Level:
    Root Administrator
    I get errors in a PCI compliance scan.

    "OpenSSL < 0.9.6e / 0.9.7b3 Multiple Remote Vulnerabilities"

    This happens on ports 2083, 2087, 2096 but not on 22 and 443.

    When I run...

    rpm -q --changelog openssl | grep -B 1 CVE-2002-0656

    ... I get nothing. I get nothing for that and numbers 2000-535, 2001-1141, 2002-0655, 2002-0656, 2002-0657 and 2002-0659

    An openssl version check gives me this...

    # ssh -V
    OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

    Some OS Info
    2.6.32-042stab090.3 #1 SMP Fri Jun 6 09:35:21 MSK 2014 x86_64 x86_64 x86_64 GNU/Linux

    WHM version 11.44.1

    So is this a false positive? Is there something I need to do to fix those ports? I just want to make sure I do this right before I submit a false positive report. I had received a similar warning for bind but I checked and bind comes back as patched so that one is ok.
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    It's got to be a false positive, those CVEs are ancient.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  4. dhammerindy

    dhammerindy Registered

    Joined:
    Aug 7, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Indianapolis, Indiana, United States
    cPanel Access Level:
    Root Administrator
    403 Labs was used. Can you recommend another service I can use for verification purposes?
     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    What OS version are you running? Or the full RPM name for your OpenSSL version

    also in your first post it seems you might be checking openSSH instead of openSSL. Make sure you're checking the right change log.
     
  6. dhammerindy

    dhammerindy Registered

    Joined:
    Aug 7, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Indianapolis, Indiana, United States
    cPanel Access Level:
    Root Administrator
    I checked ssh but the response included openSSL info.

    # ssh -V
    OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

    I believe the server runs CentOS 6.

    Here is everything on the openSSL rpm.

    # rpm -qi openssl
    Name : openssl Relocations: (not relocatable)
    Version : 1.0.1e Vendor: CentOS
    Release : 16.el6_5.14 Build Date: Thu 05 Jun 2014 08:59:14 AM EDT
    Install Date: Fri 06 Jun 2014 12:16:37 AM EDT Build Host: c6b8.bsys.dev.centos.org
    Group : System Environment/Libraries Source RPM: openssl-1.0.1e-16.el6_5.14.src.rpm
    Size : 4209656 License: OpenSSL
    Signature : RSA/SHA1, Thu 05 Jun 2014 09:02:17 AM EDT, Key ID 0946fca2c105b9de
    Packager : CentOS BuildSystem <http://bugs.centos.org>
    URL : OpenSSL: The Open Source toolkit for SSL/TLS
    Summary : A general purpose cryptography library with TLS implementation
    Description :
    The OpenSSL toolkit provides support for secure communications between
    machines. OpenSSL includes a certificate management tool and shared
    libraries which provide various cryptographic algorithms and
    protocols.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Comodo and TrustGuard are common vendors used in the hosting industry for PCI scans. You may also find the following documents helpful:

    PCI Scanning
    PCI Troubleshooting

    Thank you.
     
Loading...

Share This Page