|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: how to close security holes from nessus vulnerability scan re port ?
From: Albert Saerong (asaerong
ASTAGASTAFF.COM)Date: Thu Jul 06 2000 - 21:06:12 CDT
- Next message: David Jahne: "Re: scan log and subsequent response from the host's ISP"
- Previous message: David Knaack: "Re: ftpd: the advisory version"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Here are the things that I suggest you to do :
1. Vulnerability found on port snmp (161/udp)
SNMP Agent responded as expected with community name: private\
CVE : CAN-1999-0517
TODO: Change your SNMP private community name to something unique. If
you still leave this to default, it's like leaving a writeable access
to the world, then someone via SNMP can connect and change some
things.
2. Vulnerability found on port unknown (32773/udp)
The sadmin RPC service is running.
There is a bug in Solaris versions of
this service that allow an intruder to
execute arbitrary commands on your system.
Solution : disable this service
Risk factor : High
TODO: Disable the sadmin. It use to be on /etc/inetd.conf, just put a
# infront of it. and then restart your inetd. Sadmin vulnerabilities
can be found on most security sites. If you really need this, then use
TCPWRAPPER from Wietse
(ftp://ftp.porcupine.org/pub/security/index.html).
3. Vulnerability found on port unknown (8087/tcp)
The Sambar webserver is running.
It provides a webinterface for configuration purposes.
The admin user has no password and there are some other default
users without passwords
Everyone could set the HTTP-Root to c:\ and delete your files!
Solution : Change the passwords via the webinterface or use a real
webserver like Apache.
TODO: The Nessus message is clear enough I guess ;-). Either you can
put a unique password on admin user in your webserver or change it to
Apache.
Cheers,
Albert Saerong
System Specialist
http://www.astaga.com
http://www.astagait.com
- -----Original Message-----
From: Chew Poh Chang (CAPL) [mailto:pcchewCSAH.COM]
Sent: Thursday, July 06, 2000 4:14 PM
To: INCIDENTSSECURITYFOCUS.COM
Subject: how to close security holes from nessus vulnerability scan
report ?
Importance: High
Hi,
I used nessus to scan for vulnerability on our web server from our
internal
net. Some of the extract from the report are listed below.
I would like to know how I can close the security holes presented
below.
Look forward to any comment.
Best regards,
Chew Poh Chang
- ------------------------------------------------------------------------
- ----
1. Vulnerability found on port snmp (161/udp)
SNMP Agent responded as expected with community name: private\
CVE : CAN-1999-0517
2. Vulnerability found on port unknown (32773/udp)
The sadmin RPC service is running.
There is a bug in Solaris versions of
this service that allow an intruder to
execute arbitrary commands on your system.
Solution : disable this service
Risk factor : High
3. Vulnerability found on port unknown (8087/tcp)
The Sambar webserver is running.
It provides a webinterface for configuration purposes.
The admin user has no password and there are some other default
users without
passwords
Everyone could set the HTTP-Root to c:\ and delete your files!
Solution : Change the passwords via the webinterface or use a real
webserver
like Apache.
Risk factor : High
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0.2i
iQA/AwUBOWTaSXva8tKjicTCEQI3ggCfacxsq1WLGGy8q6dP7zYYRQUAj+YAn0WA
A8KBe8ZIDHPPndNlw+ZQa1EV
=PWFG
-----END PGP SIGNATURE-----
- Next message: David Jahne: "Re: scan log and subsequent response from the host's ISP"
- Previous message: David Knaack: "Re: ftpd: the advisory version"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]