PCI Compliance Fail - Ports 2083, 2087 and 2096

dhammerindy

Registered
Aug 7, 2014
3
0
1
Indianapolis, Indiana, United States
cPanel Access Level
Root Administrator
I get errors in a PCI compliance scan.

"OpenSSL < 0.9.6e / 0.9.7b3 Multiple Remote Vulnerabilities"

This happens on ports 2083, 2087, 2096 but not on 22 and 443.

When I run...

rpm -q --changelog openssl | grep -B 1 CVE-2002-0656

... I get nothing. I get nothing for that and numbers 2000-535, 2001-1141, 2002-0655, 2002-0656, 2002-0657 and 2002-0659

An openssl version check gives me this...

# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

Some OS Info
2.6.32-042stab090.3 #1 SMP Fri Jun 6 09:35:21 MSK 2014 x86_64 x86_64 x86_64 GNU/Linux

WHM version 11.44.1

So is this a false positive? Is there something I need to do to fix those ports? I just want to make sure I do this right before I submit a false positive report. I had received a similar warning for bind but I checked and bind comes back as patched so that one is ok.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,883
2,256
463
Hello :)

Yes, it does look like a false positive. What PCI scanning tool did you use?

Thank you.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
What OS version are you running? Or the full RPM name for your OpenSSL version

also in your first post it seems you might be checking openSSH instead of openSSL. Make sure you're checking the right change log.
 

dhammerindy

Registered
Aug 7, 2014
3
0
1
Indianapolis, Indiana, United States
cPanel Access Level
Root Administrator
What OS version are you running? Or the full RPM name for your OpenSSL version

also in your first post it seems you might be checking openSSH instead of openSSL. Make sure you're checking the right change log.
I checked ssh but the response included openSSL info.

# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

I believe the server runs CentOS 6.

Here is everything on the openSSL rpm.

# rpm -qi openssl
Name : openssl Relocations: (not relocatable)
Version : 1.0.1e Vendor: CentOS
Release : 16.el6_5.14 Build Date: Thu 05 Jun 2014 08:59:14 AM EDT
Install Date: Fri 06 Jun 2014 12:16:37 AM EDT Build Host: c6b8.bsys.dev.centos.org
Group : System Environment/Libraries Source RPM: openssl-1.0.1e-16.el6_5.14.src.rpm
Size : 4209656 License: OpenSSL
Signature : RSA/SHA1, Thu 05 Jun 2014 09:02:17 AM EDT, Key ID 0946fca2c105b9de
Packager : CentOS BuildSystem <http://bugs.centos.org>
URL : OpenSSL: The Open Source toolkit for SSL/TLS
Summary : A general purpose cryptography library with TLS implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,883
2,256
463