| VincentB |
09-09-2004 01:29 PM |
Mandrake 10 + Nessus
All,
I have just installed Mandrake 10 and have applied all security / corrective patches. I thought then that my computer was safe from any security holes.
In order to confirm my opinion, I have installed nessus and have decided to dubble check ...
The result scaries me ....
Code:
The Nessus Security Scanner was used to assess the security of 1 host
* 11 security holes have been found
* 19 security warnings have been found
* 41 security notes have been found
in more details, it gives this:
Code:
o ssh (22/tcp) (Security hole found)
o telnet (23/tcp) (Security warnings found)
o http (80/tcp) (Security hole found)
o sunrpc (111/tcp) (Security notes found)
o netbios-ssn (139/tcp) (Security hole found)
o https (443/tcp) (Security hole found)
o microsoft-ds (445/tcp) (Security hole found)
o nessus (1241/tcp) (Security warnings found)
o nfs (2049/tcp) (Security warnings found)
o x11 (6000/tcp) (Security warnings found)
o snet-sensor-mgmt (10000/tcp) (Security notes found)
o unknown (668/tcp) (Security notes found)
o unknown (846/tcp) (Security notes found)
o unknown (876/tcp) (Security notes found)
o unknown (32768/tcp) (Security warnings found)
o unknown (32769/tcp) (Security notes found)
o ntp (123/udp) (Security notes found)
o sunrpc (111/udp) (Security notes found)
o unknown (665/udp) (Security warnings found)
o unknown (843/udp) (Security warnings found)
o rsync (873/udp) (Security notes found)
o nfs (2049/udp) (Security warnings found)
o omad (32768/udp) (Security warnings found)
o netbios-ns (137/udp) (Security warnings found)
o general/tcp (Security notes found)
o rsync (873/tcp) (Security hole found)
I have to mention also that the firewall was off. But anyway, this kind of problem
Code:
Vulnerability found on port https (443/tcp)
The remote host is using a version of OpenSSL which is
older than 0.9.6m or 0.9.7d
There are several bug in this version of OpenSSL which may allow
an attacker to cause a denial of service against the remote host.
*** Nessus solely relied on the banner of the remote host
*** to issue this warning
Solution : Upgrade to version 0.9.6m (0.9.7d) or newer
Risk factor : Medium
CVE : CAN-2004-0079, CAN-2004-0081, CAN-2004-0112
BID : 9899
Other references : IAVA:2004-B-0006
Nessus ID : 12110
[ back to the list of ports ]
Vulnerability found on port https (443/tcp)
The remote host is using a version of mod_ssl which is
older than 2.8.18.
This version is vulnerable to a flaw which may allow an attacker to disable
the remote web site remotely, or to execute arbitrary code on the remote
host.
*** Note that several Linux distributions patched the old version of
*** this module. Therefore, this alert might be a false positive. Please
*** check with your vendor to determine if you really are vulnerable to
*** this flaw
Solution : Upgrade to version 2.8.18 or newer
Risk factor : Low
CVE : CAN-2004-0488
BID : 10355
Other references : OSVDB:6472
Nessus ID : 12255
[ back to the list of ports ]
Vulnerability found on port https (443/tcp)
The remote host is running a version of PHP 4.3 which is older or equal to
4.3.7.
PHP is a scripting language which acts as a module for Apache or as a standalone
interpreter. There is a bug in the remote version of this software which may
allow an attacker to execute arbitrary code on the remote host if the option
memory_limit is set. Another bug in the function strip_tags() may allow
an attacker to bypass content-restrictions when submitting data and may
lead to cross-site-scripting issues.
Solution : Upgrade to PHP 4.3.8
Risk factor : High
CVE : CAN-2004-0594, CAN-2004-0595
BID : 10724, 10725
Other references : OSVDB:7870, OSVDB:7871
Nessus ID : 13650
should be corrected via mandrake-update as a soluton exists, and should not be distributed in the official version.
Is it the case? What can I do to make sure my workstation is not at risk?
What do you think?
Thanks for your help ...
Vincent |
