Hi,
I've a VPS on KH and today I run a Vunerability scanner to check the security and found some risk issues:
The remote host is using a version of OpenSSL which is
older than 0.9.6m or 0.9.7d
Solution: Upgrade to version 0.9.6j (0.9.7b) or newer
The remote POP3 server might be vulnerable to a buffer overflow
bug when it is issued at least one of these commands, with a too long
argument :
auth
user
pass
If confirmed, this problem might allow an attacker to execute
arbitrary code on the remote system, thus giving him an interactive
session on this host.
Solution: If you do not use POP3, disable this service in /etc/inetd.conf
and restart the inetd process. Otherwise, upgrade to a newer version.
My question is: do you know how to upgrade these program? I'm just a beginer to Linux. And I use WHM/Cpanel.
Thanks
Son Tran
I've a VPS on KH and today I run a Vunerability scanner to check the security and found some risk issues:
The remote host is using a version of OpenSSL which is
older than 0.9.6m or 0.9.7d
Solution: Upgrade to version 0.9.6j (0.9.7b) or newer
The remote POP3 server might be vulnerable to a buffer overflow
bug when it is issued at least one of these commands, with a too long
argument :
auth
user
pass
If confirmed, this problem might allow an attacker to execute
arbitrary code on the remote system, thus giving him an interactive
session on this host.
Solution: If you do not use POP3, disable this service in /etc/inetd.conf
and restart the inetd process. Otherwise, upgrade to a newer version.
My question is: do you know how to upgrade these program? I'm just a beginer to Linux. And I use WHM/Cpanel.
Thanks
Son Tran
