Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how to close security holes from nessus vulnerability scan report

From: intrusion () ENGINEER COM (J. Oquendo)
Date: Thu, 6 Jul 2000 18:32:01 -0400




1.      Vulnerability found on port snmp (161/udp)
        SNMP Agent responded as expected with community name: private\
        CVE : CAN-1999-0517




If your not using snmp then kill hup it after a ps -aef (seems like your on Solaris since your running sadmind) but if 
you need it running then one of the few things you might want to do is set up an access list via a firewall if your 
using one so no one other than an authorized host connects to it, or... If you have two nic's then configure it to 
listen on a 192 address and you should be fine unless you have 'e-tards' on your internal subnet in which for that 
matter your likely to have bigger problems than snmp altogether.




2.      Vulnerability found on port unknown (32773/udp)
        The sadmin RPC service is running.
        There is a bug in Solaris versions of
        this service that allow an intruder to
        execute arbitrary commands on your system.
        Solution : disable this service
        Risk factor : High




Remove the suid bit from sadmind or chown && chgrp to an unprivy user.




3.      Vulnerability found on port unknown (8087/tcp)
        The Sambar webserver is running.
        It provides a webinterface for configuration purposes.
        The admin user has no password and there are some other default
users without
        passwords
        Everyone could set the HTTP-Root to c:\ and delete your files!
        Solution : Change the passwords via the webinterface or use a real
webserver
        like Apache.
        
        Risk factor : High




Again if your not using the service then killhup it or edit apache's .htaccess file for this or better yet the 
htpd.conf file and only allow authorized hosts to connect.

You should check out Titan by Dan Farmer and a few others if this (which is 99.99999% likely a Sol machine) is a 
Solaris workstation. Its pretty straightforward with the exception I had to add a couple of newer exploits to check and 
fix since it hasnt been updated in a while.

As for firewalls well your on your own there. I use Checkpoint-1, BSD's IPF, and TRex on a slew of different machines 
but chances are some of these might have a bit of a steep curve with the exception of IPF.

TRex is pretty good on the free side of things.
www.opensourcefirewall.com or something similar... you may want to check www.obfuscation.org/ipf for the URL to dl IPF 
since I completely forgot it.

J. Oquendo
sil () antioffline com
sil () deficiency org

______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
Previous By Date Next
Previous By Thread Next

Current thread: