Security Incidents mailing list archives
Re: how to close security holes from nessus vulnerability scan report
From: intrusion () ENGINEER COM (J. Oquendo)
Date: Thu, 6 Jul 2000 18:32:01 -0400
1. Vulnerability found on port snmp (161/udp) SNMP Agent responded as expected with community name: private\ CVE : CAN-1999-0517
If your not using snmp then kill hup it after a ps -aef (seems like your on Solaris since your running sadmind) but if you need it running then one of the few things you might want to do is set up an access list via a firewall if your using one so no one other than an authorized host connects to it, or... If you have two nic's then configure it to listen on a 192 address and you should be fine unless you have 'e-tards' on your internal subnet in which for that matter your likely to have bigger problems than snmp altogether.
2. Vulnerability found on port unknown (32773/udp) The sadmin RPC service is running. There is a bug in Solaris versions of this service that allow an intruder to execute arbitrary commands on your system. Solution : disable this service Risk factor : High
Remove the suid bit from sadmind or chown && chgrp to an unprivy user.
3. Vulnerability found on port unknown (8087/tcp) The Sambar webserver is running. It provides a webinterface for configuration purposes. The admin user has no password and there are some other default users without passwords Everyone could set the HTTP-Root to c:\ and delete your files! Solution : Change the passwords via the webinterface or use a real webserver like Apache. Risk factor : High
Again if your not using the service then killhup it or edit apache's .htaccess file for this or better yet the htpd.conf file and only allow authorized hosts to connect. You should check out Titan by Dan Farmer and a few others if this (which is 99.99999% likely a Sol machine) is a Solaris workstation. Its pretty straightforward with the exception I had to add a couple of newer exploits to check and fix since it hasnt been updated in a while. As for firewalls well your on your own there. I use Checkpoint-1, BSD's IPF, and TRex on a slew of different machines but chances are some of these might have a bit of a steep curve with the exception of IPF. TRex is pretty good on the free side of things. www.opensourcefirewall.com or something similar... you may want to check www.obfuscation.org/ipf for the URL to dl IPF since I completely forgot it. J. Oquendo sil () antioffline com sil () deficiency org ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup
Current thread:
- Re: how to close security holes from nessus vulnerability scan report J. Oquendo (Jul 06)