I get errors in a PCI compliance scan.
"OpenSSL < 0.9.6e / 0.9.7b3 Multiple Remote Vulnerabilities"
This happens on ports 2083, 2087, 2096 but not on 22 and 443.
When I run...
rpm -q --changelog openssl | grep -B 1 CVE-2002-0656
... I get nothing. I get nothing for that and numbers 2000-535, 2001-1141, 2002-0655, 2002-0656, 2002-0657 and 2002-0659
An openssl version check gives me this...
# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Some OS Info
2.6.32-042stab090.3 #1 SMP Fri Jun 6 09:35:21 MSK 2014 x86_64 x86_64 x86_64 GNU/Linux
WHM version 11.44.1
So is this a false positive? Is there something I need to do to fix those ports? I just want to make sure I do this right before I submit a false positive report. I had received a similar warning for bind but I checked and bind comes back as patched so that one is ok.
"OpenSSL < 0.9.6e / 0.9.7b3 Multiple Remote Vulnerabilities"
This happens on ports 2083, 2087, 2096 but not on 22 and 443.
When I run...
rpm -q --changelog openssl | grep -B 1 CVE-2002-0656
... I get nothing. I get nothing for that and numbers 2000-535, 2001-1141, 2002-0655, 2002-0656, 2002-0657 and 2002-0659
An openssl version check gives me this...
# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Some OS Info
2.6.32-042stab090.3 #1 SMP Fri Jun 6 09:35:21 MSK 2014 x86_64 x86_64 x86_64 GNU/Linux
WHM version 11.44.1
So is this a false positive? Is there something I need to do to fix those ports? I just want to make sure I do this right before I submit a false positive report. I had received a similar warning for bind but I checked and bind comes back as patched so that one is ok.