Exim PCI scan false positive

Written by Jacob Nicholson

In this article we'll discuss why a PCI scan could have possibly failed as a false positive, stating an outdated version of Exim which is the service that handles sending e-mail on the server. If you have read our previous article on how to pass PCI compliance scans, the Exim service being outdated is a common false positive that we see.

The reason for this is because we run cPanel on our servers, and cPanel utilizes backporting for their software updates instead of simply installing the latest version of the service each time it's updated. So to a PCI vendor it might seem that the version is outdated and subject to a known exploit, but in reality the service is secure because it has been patched against the exploit already.

If you failed a PCI scan and the reason stated was your server was running an old version of Exim that is exploitable, you can follow these steps to report the issue as a false positive back to your PCI vendor.

  1. Login to your server via SSH
  2. Run the following command:

    rpm -q exim && rpm -q --changelog exim | head -10

    You should get back text similar to:

    exim-4.80-3.x86_64
    * Thu Oct 25 2012 brian m. carlson - 4.80-3
    - Fixes CVE-2012-5671
    - Rebuild to revert ALTPORT logic to original state.

    * Thu Oct 25 2012 brian m. carlson - 4.80-2
    - Fixes CVE-2012-5671

    * Tue Sep 11 2012 Rikus Goodell - 4.80-1
    - Remove ALTPORT logic from init script (now reverted).

    You should notice the latest patch applied to Exim was on Thu Oct 25 2012. So if your PCI scanning vendor has failed your website due to the Exim version, provide them with this information so they can mark it as a false positive.

    In this example we used head -10 to only show 10 lines from the full changelog, you can adjust that number to see updates going further back in time.

You should now understand how to retrieve the changelog of the Exim service on your server, to show a PCI vendor that it should be reported as a false positive.

Like this Article?

Login to comment.

Support Center Login

Your Opinion Matters

... but we need to know what you're thinking!

I'm Jacob Nicholson, your friendly Community Support technician, and I wrote the article you're looking at now. I like to think it's perfect, but I'm sure you have some suggestions. Please, let me know what they are!

Feedback
Your Email Address
Because we'd like to talk with you!

Latest Questions

If you need some help, submit your question to our Community!
We guarantee a response within 60 minutes (8am - 9pm EST, Monday - Friday)
Ask a Question!
Recent Questions
  1. I can't access my website
  2. we-creation.com server down
  3. How do I delete the DNS entry?
Browse other questions

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!