Re: Co otwiera 1720/tcp H.323/Q.931
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dnia 07/07/2004 12:13 AM, Mateusz Kurleto napisał(a):
| Odrobina paranoi nigdy nikomu nie zaszkodzi, a przykoazji zobaczy jak tam
| wyglada bezpieczenstwo na reszcie portow...
Warningi:
~ The remote host appears to be running a version of
~ Apache which is older than 1.3.27
~ There are several flaws in this version, you should
~ upgrade to 1.3.27 or newer.
~ *** Note that Nessus solely relied on the version number
~ *** of the remote server to issue this warning. This might
~ *** be a false positive
~ The remote host is running a version of PHP earlier than 4.2.2.
~ The mail() function does not properly sanitize user input.
~ This allows users to forge email to make it look like it is
~ coming from a different source other than the server.
~ Users can exploit this even if SAFE_MODE is enabled.
~ Solution : Contact your vendor for the latest PHP release.
~ The remote qpopper server, according to its banner, is
~ vulnerable to a one-byte overflow it its function
~ Qvsnprintf().
~ An attacker may use this flaw to gain a (non-root)
~ shell on this host, provided that he has a valid
~ POP account to log in with.
~ *** This test could not confirm the existence of the
~ *** problem - it relied on the banner being returned.
~ Solution : Upgrade to version 4.0.5 or newer
... wynikające raczej z informacji o wersjach ale apt-get
update/dist-upgrade robione natychmiast po otrzymaniu listu debian-security.
Poza tym jedynie informacje o bannerach ssh, apacza i qmaila.
Nadal jestem głupi z tym 1720 ...
Tepsiany modem DSL ?
VNC na winstacjach w LAN'ie ?
Czy jeśli jakaś winda złapała trojana to wystawiłaby port na bramce ?
- --
Pozdrawiam
Krzysztof Jastrzębski <><
Jotka Usługi Informatyczne http://free.polbox.pl/j/jotkajot/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA6zmpmvT0Ae5DtH4RAtkgAJ9J5xefU/y8nRjF4EBhMmJQmEqxQQCdFig1
gCzKWNf2N/nqwCiXZU+OuU8=
=Y+2W
-----END PGP SIGNATURE-----
Reply to: