Facebook
Twitter
Info: Parallels Plesk Panel v10.3.1 / OS: CentOS 5
Hello, I need some help with PCI compliance on a VPS. I've already fixed a few different problems, yet could do with help/clarification on the following scan failings by SecurityMetrics as its starting to give me a headache
---------------------------
1st Failure:
Protocol: TCP | Port: 143 | Program: imap | Score: 7.5
Summary:
Title: possible format string vulnerability in Courier IMAP Impact: A remote attacker could execute arbitrary commands.
Resolution: [http://www.courier-mta.org/download.php#imap] Upgrade to Courier IMAP 3.0.4 or higher, or set DEBUG_LOGIN equal to the default value of 0 in the IMAP configuration file, which is typically located in /usr/lib /courier-imap/etc/imapd.
2nd Failure:
Protocol: TCP | Port: 465 | Program: urd | Score: 5.0
Summary:
Description: SSL Certificate Expiry Synoposis: The remote server's SSL certificate has already expired.
Impact: This script checks expiry dates of certificates associated with SSL- enabled services on the target and reports whether any have already expired.
Resolution: Purchase or generate a new SSL certificate to replace the existing one.
3rd Failure:
Protocol: TCP | Port: 3306 | Program: N/A | Score: 4.0
Summary:
Title: Open MySQL database port Synoposis: An open MySQL database port was detected Impact: Open MySQL database port
Resolution: Disable public facing access to your MySQL database If you feel that you have received this notice in error, please contact SecurityMetrics support.
4th Failure:
Protocol: TCP | Port: 3306 | Program: N/A | Score: 4.0
Summary:
Title: Possible internet facing database on port 3306 Impact: Attackers could gain access to the database.
Resolution: Ensure that you absolutely need this available to the internet, or that the service is not available over the internet. Make sure the software is up to date.
---------------------------------------
Many thanks in advance to anyone who can help
Hello, I need some help with PCI compliance on a VPS. I've already fixed a few different problems, yet could do with help/clarification on the following scan failings by SecurityMetrics as its starting to give me a headache
---------------------------
1st Failure:
Protocol: TCP | Port: 143 | Program: imap | Score: 7.5
Summary:
Title: possible format string vulnerability in Courier IMAP Impact: A remote attacker could execute arbitrary commands.
Resolution: [http://www.courier-mta.org/download.php#imap] Upgrade to Courier IMAP 3.0.4 or higher, or set DEBUG_LOGIN equal to the default value of 0 in the IMAP configuration file, which is typically located in /usr/lib /courier-imap/etc/imapd.
2nd Failure:
Protocol: TCP | Port: 465 | Program: urd | Score: 5.0
Summary:
Description: SSL Certificate Expiry Synoposis: The remote server's SSL certificate has already expired.
Impact: This script checks expiry dates of certificates associated with SSL- enabled services on the target and reports whether any have already expired.
Resolution: Purchase or generate a new SSL certificate to replace the existing one.
3rd Failure:
Protocol: TCP | Port: 3306 | Program: N/A | Score: 4.0
Summary:
Title: Open MySQL database port Synoposis: An open MySQL database port was detected Impact: Open MySQL database port
Resolution: Disable public facing access to your MySQL database If you feel that you have received this notice in error, please contact SecurityMetrics support.
4th Failure:
Protocol: TCP | Port: 3306 | Program: N/A | Score: 4.0
Summary:
Title: Possible internet facing database on port 3306 Impact: Attackers could gain access to the database.
Resolution: Ensure that you absolutely need this available to the internet, or that the service is not available over the internet. Make sure the software is up to date.
---------------------------------------
Many thanks in advance to anyone who can help
