Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

how to close security holes from nessus vulnerability scan report ?

From: pcchew () CSAH COM (Chew Poh Chang (CAPL))
Date: Thu, 6 Jul 2000 17:13:37 +0800

Hi,

I used nessus to scan for vulnerability on our web server from our internal
net.  Some of the extract from the report are listed below.
I would like to know how I can close the security holes presented below.
Look forward to any comment.

Best regards,
Chew Poh Chang

----------------------------------------------------------------------------
-----------------------------------------
1.      Vulnerability found on port snmp (161/udp)
        SNMP Agent responded as expected with community name: private\
        CVE : CAN-1999-0517

2.      Vulnerability found on port unknown (32773/udp)
        The sadmin RPC service is running.
        There is a bug in Solaris versions of
        this service that allow an intruder to
        execute arbitrary commands on your system.
        Solution : disable this service
        Risk factor : High

3.      Vulnerability found on port unknown (8087/tcp)
        The Sambar webserver is running.
        It provides a webinterface for configuration purposes.
        The admin user has no password and there are some other default
users without
        passwords
        Everyone could set the HTTP-Root to c:\ and delete your files!
        Solution : Change the passwords via the webinterface or use a real
webserver
        like Apache.
        
        Risk factor : High
Previous By Date Next
Previous By Thread Next

Current thread: