PCI compliance for Magento that’s running on CentOS

1145430 pts.
Tags:
CentOS
Magento
PCI compliance
Over the past few weeks, I've been trying to get PCI compliance through Trustwave's vulnerability scanner. We're using Magento that's running on CentOS. Here's the issue we have:
The version of PHP running on this host is prone to a stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c which could allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.

This vulnerability has been addressed in a soon to be released version of PHP, however, backported fixes to this issue may exist. Your vendor should be contacted to determine if a solution is currently present. 

Alternatively, removing the use of the socket_connect function from all PHP applications will also mitigate this issue.
What should we do with this issue?
0

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: