Educause Security Discussion mailing list archives
False positives scanning Red Hat servers running Apache
From: Clifford Collins <Collinsc () FRANKLIN EDU>
Date: Thu, 26 Apr 2007 10:41:23 -0400
I've recently been scanning some servers on our campus that have returned known vulnerabilities for Apache. I forwarded the results to our Linux systems administrator. He investigated the claims and declared them as false positives. His explanation was that Red Hat "backports" patches to stable versions rather than deploying the newer version because newer versions can introduce new features or changes that render an existing server non-functional. He was also critical of the scanner for failing to detect the patches and relying on the reported version number from a web query. Has anybody encountered this problem? Is there a solution or a product that can detect undeclared patches on a Red Hat server without actually doing a penetration test? Is there a query that will yield the patch level? Your suggestions and comments are welcome! Clifford A. Collins Network Security Administrator Franklin University 201 South Grant Avenue Columbus, Ohio 43215 "Security is a process, not a product"
Current thread:
- False positives scanning Red Hat servers running Apache Clifford Collins (Apr 26)
- <Possible follow-ups>
- Re: False positives scanning Red Hat servers running Apache Julian Y. Koh (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Wyman Miles (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Aaron Lafferty (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Allison Henry (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Wyman Miles (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Steve Brukbacher (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Russell Fulton (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Clifford Collins (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Bill Ogle (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Mark Rogowski (Apr 26)
(Thread continues...)