Hey guys, I have tried allowing the scanners IP to be accepted through IPTABLES into the SMTP port, but the scan still fails.
This is the error: The remote SMTP server is vulnerable to a buffer overflow.
The SMTP server doesn't even crash. I have tried white listing the IP in Exim but the scanner still gives the server and says the server is vulnerable to open relay. This is on a CentOS cPanel/WHM server. I have also enabled the SMTP tweak.
Does anyone know how to fix this?
Thanks
Best Answer
The result from your PCI scanning service is likely a false positive, though it can be hard to tell. Chances are they matched the version number of your SMTP program, it usually is announced on connection to port 25, and checked that product and version number against a list of known-vulnerable software. And found a match.
Since you are on Centos, the thing you need to do is go through the entire revision history of the SMTP service's RPM releases looking for a changelog that specifies security fixes. Chances are very good that RedHat has backported the buffer overflow vulnerability into the older revision, but you need to backtrack to be certain. Once that's done, you can flag this as a false positive.
Backporting of security patches is one of the main benefits of using a Linux with a support contract. Centos is the same thing, but you don't get to call in about anything you just get security patches.