LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-03-2004, 12:30 PM   #1
mrtwice
Member
 
Registered: Feb 2002
Distribution: xubuntu 8.10
Posts: 225

Rep: Reputation: 31
Need help identifiying security vuln. w/ listed versions of software


Hi,

I recently took over programming for a semi-large website. They are currently using a web-design / hosting company to manage their server. They are running RH 7.3 and it looks like the system has not been updated in quite some time. Can you tell me how I might take the version numbers of the things listed below and find out if there are any security vulnerabilites. Thank!

The following ports are open on this webserver:

pop3
imap
http
ftp
ssh
smtp
https

I am not really familiar with ip chains, but this looks like everything is accepted:

Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT tcp -y---- anywhere anywhere any -> ssh
ACCEPT tcp -y---- anywhere anywhere any -> smtp
ACCEPT tcp -y---- anywhere anywhere any -> http
ACCEPT tcp -y---- anywhere anywhere any -> ftp
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere anywhere n/a
ACCEPT udp ------ ns.bluegrass.net anywhere domain -> any
REJECT tcp -y---- anywhere anywhere any -> any
REJECT udp ------ anywhere anywhere any -> any
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):


Here are the versions of pertinent programs:

Distro: RH 7.3
Kernel: 2.4.18-3
Apache: 1.3.28
NcFTP 3.1.3/985
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
Postfix: 1.1.12
ipopd: not sure how to find out
imapd: not sure how to find out
 
Old 09-03-2004, 09:20 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
I'd check either one of the vuln databases (securityfocus / CVE , etc) or consult the specific vendor. Most will have reasonably good security related alerts, for example here's Apaches:

http://www.apacheweek.com/features/security-13

which shows your version to have multiple vulns as does your kernel (which has some real nasty bugs like mremap and do_brk). If it's been unpatched that long, you might want to consider hosing it and installing something that can be easily updated (like fedora). I'd be too concerned about possible compromise to just try and patch and pray.
 
Old 09-03-2004, 10:22 PM   #3
mrtwice
Member
 
Registered: Feb 2002
Distribution: xubuntu 8.10
Posts: 225

Original Poster
Rep: Reputation: 31
Is it possible that these programs have been updated/patched without the version information being updated?

I just don't want to approach the ISP techs with a "this machine is a security risk" and have them laugh in my face.

Thank you for your post, you pointed me in the right direction.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Listed partition in cfdisk, but not listed in /dev? Erik_the_Red Linux - Newbie 7 08-05-2005 11:44 PM
How to determine software versions Wim Sturkenboom Linux - Software 5 01-27-2005 01:21 AM
New Webdav vuln. ? TheIrish Linux - Security 2 04-26-2004 04:45 AM
Checking software versions cav Linux - General 2 06-09-2003 01:24 PM
software security iam3 Linux - Security 3 11-01-2001 06:02 PM


All times are GMT -5. The time now is 04:07 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration