[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Security Audit
- Subject: [cobalt-security] Security Audit
- From: a.neeser@xxxxxxxxxxx
- Date: Wed, 5 Dec 2001 03:03:46 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Today I have downloaded a Demoversion of Retina the Network Security Scanner
from http://www.eeye.com/html/Products/Retina/index.html
The Security Audit gives following alerts on my raq3 Server:
=========================================
Mail Servers: IMAP - University of WA 12.264 overflow
Description: Vulnerabilities have been found in COPY,LSUB,RENAME and FIND
commands that could allow any attacker with a valid username/password
combination to gain command shell access to the server where IMAPD is answering
requests.
Risk Level: High
How To Fix: Upgrading to the latest version of IMAP will correct this as well
as other vulnerabilities found in IMAP.
CVE: CAN-2000-0284
BugtraqID: 1110
http://www.securityfocus.com/bid/1110
Mail Servers: Sendmail aliases Database vulnerability
Description: This version of Sendmail has a bug that allows a local user to
possibly corrupt the aliases database, causing sendmail to operate improperly or
not at all
Risk Level: High
How To Fix: Upgrade to the current version of Sendmail.
CVE: CVE-1999-0976
BugtraqID: 857
http://www.securityfocus.com/bid/857
Mail Servers: Sendmail ETRN DoS
Description: This version of Sendmail has a bug that may allow a remote user to
cause the server to use large amounts of resources by sending many ETRN commands
to it
Risk Level: High
How To Fix: Upgrade to the current version of Sendmail.
CVE: GENERIC-MAP-NOMATCH
BugtraqID: 904
http://www.securityfocus.com/bid/904
Mail Servers: Sendmail maillocal vulnerability
Description: This version of Sendmail has a bug that allows a remote or local
user to use a bug in the shipped mail.local to freeze sendmail delivery or
corrupt mailboxes. The problem exists in the LMTP handling of mail.local and
requires that mail.local be used as the default local mail delivery agent
Risk Level: High
How To Fix: Upgrade to the current version of Sendmail.
CVE: CVE-2000-0319
BugtraqID: 1146
http://www.securityfocus.com/bid/1146
=========================================
The Security Audit gives following alerts on my raq4 Server:
=========================================
Mail Servers: IMAP - University of WA 12.264 overflow
Description: Vulnerabilities have been found in COPY,LSUB,RENAME and FIND
commands that could allow any attacker with a valid username/password
combination to gain command shell access to the server where IMAPD is answering
requests.
Risk Level: High
How To Fix: Upgrading to the latest version of IMAP will correct this as well
as other vulnerabilities found in IMAP.
CVE: CAN-2000-0284
BugtraqID: 1110
http://www.securityfocus.com/bid/1110
=========================================
Both Servers are the only one from Cobalt that I have and on both Servers I have
installed all updates from Cobalts Website.
Has anyone the same vulnerabilities on his Cobalt Servers with this tool?
Is there really a risk vulnerabilities on my Cobalt raq's?
When I read the discussion from securityfocus.com, I think that!
Best regards
Allen Neeser