Upgrade some program, how to?

Discussion in 'Linux VPS/Dedicated - General' started by sontran, Nov 9, 2006.

  1. sontran

    sontran New Member

    Hi,
    I've a VPS on KH and today I run a Vunerability scanner to check the security and found some risk issues:

    The remote host is using a version of OpenSSL which is
    older than 0.9.6m or 0.9.7d

    Solution: Upgrade to version 0.9.6j (0.9.7b) or newer

    The remote POP3 server might be vulnerable to a buffer overflow
    bug when it is issued at least one of these commands, with a too long
    argument :

    auth
    user
    pass

    If confirmed, this problem might allow an attacker to execute
    arbitrary code on the remote system, thus giving him an interactive
    session on this host.


    Solution: If you do not use POP3, disable this service in /etc/inetd.conf
    and restart the inetd process. Otherwise, upgrade to a newer version.

    My question is: do you know how to upgrade these program? I'm just a beginer to Linux. And I use WHM/Cpanel.

    Thanks

    Son Tran
     
  2. ppc

    ppc Moderator

    ask knownhost support to upgrade it for you..they'll do it within minutes..thats what their semi-managed VPS philosophy covers.....
     
  3. mecha50

    mecha50 New Member

    I agree with ppc but if you still want to do it on your own, you can use yum to update OpenSSL.
     
  4. KH-Paul

    KH-Paul CTO Staff Member

    Regrading OpenSSL - this highly depends on how this scanner checked the OpenSSL version. CentOS is a recompilation of RedHat EL and RedHat doesn't upgrade actual software versions when they release OS updates but they backport security / stability patches to the application version which was originally released with initial OS release. This way they don't have to run lengthy and expensive QA tests and can release security updates rather quickly. You can see if you have any pending OS / OS application updates by running the following command inside your VPS:

    yum check-update

    As for pop3 server - honestly I don't believe current version of courier-imap which is shipped by cPanel is vulnerable to such an old buffer overflow bug.

    Regards,
    Paul
     

Share This Page