RE: Nessus

To: kleber_leal@ig.com.br, hackers-l@yahoogrupos.com.br, debian-user-portuguese@lists.debian.org
Subject: RE: Nessus
From: madourado1973mt@netscape.net (Marcus Aurélio Dourado))
Date: Sat, 13 Mar 2004 20:50:26 -0500
Message-id: <[🔎] 4B96E54B.1A2C6CD9.BE1B025D@netscape.net>

vc utilizou o apt-get assim:

apt-get update
apt-get dist-upgrade

né?
pq a maneira como vc colocou no email está incompleta.
---

kleber_leal@ig.com.br wrote:

>Estive verificando minha máquina com o Nessus e não fiquei muito satisfeito
>com os resultados, não pela segurança da máquina, mas pelo metodo utilizado
>para a checagem. O nessus verifica simplesmente a versão dos aplicativos?
>O que pude perceber foi isto, pois ele indica uma vunerabilidade no meu
>servidor ssh e justifica que o problema é a versão, mas acredito que a
>correção foi feita no Debian. Uso o woody e meu sistema esta 100% atualizado
>com apt-get update;apt-get update
>Segue o log do nessus:
>
>
> . List of open ports :
>   o discard (9/tcp)
>   o ssh (22/tcp) (Security hole found)
>   o smtp (25/tcp) (Security hole found)
>   o time (37/tcp)
>   o pop3 (110/tcp) (Security notes found)
>   o sunrpc (111/tcp)
>   o ipp (631/tcp) (Security warnings found)
>   o unknown (848/tcp)
>   o unknown (2049/tcp) (Security warnings found)
>   o postgres (5432/tcp)
>   o general/tcp (Security notes found)
>   o general/udp (Security notes found)
>   o unknown (2049/udp) (Security warnings found)
>
>
>
> . Vulnerability found on port ssh (22/tcp) :
>
>
>
>    You are running a version of OpenSSH which is older than 3.0.2.
>
>    Versions prior than 3.0.2 are vulnerable to an enviroment
>    variables export that can allow a local user to execute
>    command with root privileges.
>    This problem affect only versions prior than 3.0.2, and when
>    the UseLogin feature is enabled (usually disabled by default)
>
>    Solution : Upgrade to OpenSSH 3.0.2 or apply the patch for prior
>    versions. (Available at: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH)
>
>    Risk factor : High (If UseLogin is enabled, and
>     locally)
>
>
> . Information found on port ssh (22/tcp)
>
>
>    Remote SSH version : ssh-2.0-openssh_3.4p1 debian
>     1:3.4p1-1.woody.3
>
>Kléber
>
>_________________________________________________________
>Voce quer um iGMail protegido contra vírus e spams?
>Clique aqui: http://www.igmailseguro.ig.com.br
>
>


-- 
Marcus Dourado
Rondonópolis/MT - Brasil
Sistema: Debian 3.0r2
Núcleo.: 2.4.18-bf24
---


__________________________________________________________________
Introducing the New Netscape Internet Service. 
Only $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need. 

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp

Reply to:

Prev by Date: Re: Dúvida - Falha ao iniciar o Debian
Next by Date: Re: Nessus
Previous by thread: Re: Nessus
Next by thread: Re: Nessus
Index(es):
- Date
- Thread