[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Nessus and the Raq4 [SCANNED]

Subject: Re: [cobalt-security] Nessus and the Raq4 [SCANNED]
From: Cory Hollingsworth <Cory.Hollingsworth@xxxxxxxx>
Date: Mon, 29 Mar 2004 13:24:57 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> On 3/29/04 12:55 PM, "Cory Hollingsworth" wrote:
> 
> > There are 5 Security Holes reported for http alone.  Now there is 
> a disclaimer
> > in the Nessus report that this may be a false positive for each 
> reported hole
> 
> Could you post the results? Edited of course to exclude any IP or 
> domaininfo. I would bet if you ran it against a "regular" web 
> server it would be
> similar in the holes.
> 

Okay.  Here is the text from the 5 vulnerabilities I'm talking about.  I'm suspecting that these vulnerabilities have indeed been patched but the version numbers are old due to the way Sun has been patching the Cobalts.  Then again, until I verify these vulnerabilities are indeed fixed I have to assume the worst.

<START OF TEXT>

. Vulnerability found on port http (80/tcp) : 

    The remote host appears to be running a version of Apache which is older 
    than 1.3.29
    
    There are several flaws in this version, which may allow an attacker to 
    possibly execute arbitrary code through mod_alias and mod_rewrite.
    
    You should upgrade to 1.3.29 or newer.
    
    *** Note that Nessus solely relied on the version number
    *** of the remote server to issue this warning. This might
    *** be a false positive
    
    Solution : Upgrade to version 1.3.29
    See also : http://www.apache.org/dist/httpd/Announcement.html
    Risk factor : High
    CVE : CAN-2003-0542

 . Vulnerability found on port http (80/tcp) : 

    The remote host is using a version of mod_ssl which is
    older than 2.8.7.
    
    This version is vulnerable to a buffer overflow which,
    albeit difficult to exploit, may allow an attacker
    to obtain a shell on this host.
    
    *** Some vendors patched older versions of mod_ssl, so this
    *** might be a false positive. Check with your vendor to determine
    *** if you have a version of mod_ssl that is patched for this 
    *** vulnerability
    
    
    Solution : Upgrade to version 2.8.7 or newer
    Risk factor : High
    CVE : CVE-2002-0082
    BID : 4189

. Vulnerability found on port http (80/tcp) : 


    
    The remote host appears to be running a version of
    Apache which is older than 1.3.28
    
    There are several flaws in this version, which may allow
    an attacker to disable the remote server remotely.
    You should upgrade to 1.3.28 or newer.
    
    *** Note that Nessus solely relied on the version number
    *** of the remote server to issue this warning. This might
    *** be a false positive
    
    Solution : Upgrade to version 1.3.28
    See also : http://www.apache.org/dist/httpd/Announcement.html
    Risk factor : High
    CVE : CAN-2003-0460, CAN-2002-0061
    BID : 8226

 . Vulnerability found on port http (80/tcp) : 


    
    The remote host is using a version of mod_ssl which is
    older than 2.8.10.
    
    This version is vulnerable to an off by one buffer overflow
    which may allow a user with write access to .htaccess files
    to execute arbitrary code on the system with permissions
    of the web server.
    
    *** Note that several Linux distributions (such as RedHat)
    *** patched the old version of this module. Therefore, this
    *** might be a false positive. Please check with your vendor
    *** to determine if you really are vulnerable to this flaw
    
    Solution : Upgrade to version 2.8.10 or newer
    Risk factor : High
    CVE : CVE-2002-0653
    BID : 5084
    Other references : SuSE:SUSE-SA:2002:028

 . Vulnerability found on port http (80/tcp) : 


    
    The remote host appears to be vulnerable to the Apache
    Web Server Chunk Handling Vulnerability.
    
    If Safe Checks are enabled, this may be a false positive
    since it is based on the version of Apache.  Although
    unpatched Apache versions 1.2.2 and above, 1.3 through
    1.3.24 and 2.0 through 2.0.36, the remote server may
    be running a patched version of Apache
    
    *** Note : as safe checks are enabled, Nessus solely relied on the banner to     issue this  alert
    
    
    Solution : Upgrade to version 1.3.26 or 2.0.39 or newer
    See also : http://httpd.apache.org/info/security_bulletin_20020617.txt
        http://httpd.apache.org/info/security_bulletin_20020620.txt
    Risk factor : High
    CVE : CVE-2002-0392
    BID : 5033
    Other references : IAVA:2002-A-0008

<END OF TEXT>

Prev by Date: Re: [cobalt-security] Nessus and the Raq4 [SCANNED]
Next by Date: Re: [cobalt-security] Nessus and the Raq4
Previous by thread: RE: [cobalt-security] Nessus and the Raq4
Next by thread: [cobalt-security] Open Proxy Warning...

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index