SOLVED PCI compliance report issues

E

ehask71

Well-Known Member
Jul 13, 2007
62
5
58
Tampa, Florida, United States
cPanel Access Level
Root Administrator
ProFTPD version 1.3.5B is vulnerable -- ProFTPD CVE-2017-7418 Local Security Bypass Vulnerability
"ProFTPD is prone to a local security-bypass vulnerability.

An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions.

ProFTPD prior to 1.3.5e and 1.3.6 prior to 1.3.6rc5 are vulnerable."

OpenSSH 7.5 is vulnerable --- CVE-2017-15906

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,260
463
Hello,

1. As I understand, the "AllowChrootSymlinks" ProFTPd configuration option is enabled by default. The report referenced on the URL below notes a bug that applies to systems where "AllowChrootSymlinks" is turned off:

CVE - CVE-2017-7418

Thus, by default, your server should not be affected by this bug. That said, I've opened internal case CPANEL-17794 to request an update to the ProFTPd version we distribute with cPanel. I'll monitor this case and update this thread with more information as it becomes available.

2. cPanel does not distribute the OpenSSH package. It's provided by your OS (e.g. CentOS). You can update your system packages to the latest versions offered by your OS with the "yum update" command, however it doesn't look like CentOS distrubutes OpenSSH 7.6 with the corresponding bug fix at this time:

Bug 1506630 – CVE-2017-15906 openssh: Improper write operations in readonly mode allow for zero-length file creation

That said, note the analysis of this bug:

Analysis:
It seems the maximum impact of this flaw is that the attacker can create an extremely large number of zero length files to fill up a harddisk on a remote server which the attacker has read-only access to.
Click to expand...
Additionally, it only applies to systems with SFTP configured in read-only mode, which isn't a default configuration.

Thank you.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,260
463
Hello,

To update, the updated version of ProFTPd is included in cPanel version 70:

Fixed case CPANEL-17794: Update proftpd to 1.3.6-1.cp1170.

Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
I Weak Ciphers - Failing Scan PCI Compliance Security 1
R Trustwave failing PCI compliance : TLSv1.0 Supported: Port: tcp/2224 Security 1
BubbaTrading Disable Weak RC4 Ciphers PCI Compliance Q2 of 2019 Security 3
B In Progress [CPANEL-26253 ] PCI compliance failure due to unsecured Horde cookies Security 15
bridgeway04 PCI Compliance Apache Global Setting Security 2
Similar threads
Weak Ciphers - Failing Scan PCI Compliance
Trustwave failing PCI compliance : TLSv1.0 Supported: Port: tcp/2224
Disable Weak RC4 Ciphers PCI Compliance Q2 of 2019
In Progress [CPANEL-26253 ] PCI compliance failure due to unsecured Horde cookies
PCI Compliance Apache Global Setting
Top Bottom