Politica de Seguridad en woody.
Hola Lista :-) .
He estado juando con esto del nessus y he escaneado a un equipo que
tengo montado en casa de un amigo :-P, y me dos fallos de seguridad uno
con el sevidor ftp y otro con el ssh (el que más me preocupa), os lo
dejo abajo:
----- Mensajes.
Vulnerability found on port ftp (21/tcp)
The remote host is running a version of ProFTPd which seems
to be vulnerable to a buffer overflow when a user downloads
a malformed ASCII file.
An attacker with upload privileges on this host may abuse this
flaw to gain a root shell on this host.
*** The author of ProFTPD did not increase the version number
*** of his product when fixing this issue, so it might be false
*** positive.
Solution : Upgrade to ProFTPD 1.2.9 when available or to 1.2.8p
Risk Factor : High
BID : 8679
Nessus ID : 11849
Information found on port ftp (21/tcp)
An unknown service is running on this port.
It is usually reserved for FTP
Nessus ID : 10330
Information found on port ftp (21/tcp)
Remote FTP server banner :
220 ProFTPD 1.2.5rc1 Server (Manolo) [el_way.dnsalias.org]
Nessus ID : 10092
Information found on port ftp (21/tcp)
A FTP server seems to be running on this port
Nessus ID : 11153
Vulnerability found on port ssh (22/tcp)
You are running a version of OpenSSH which is older than 3.7.1
Versions older than 3.7.1 are vulnerable to a flaw in the buffer
management
functions which might allow an attacker to execute arbitrary
commands on this
host.
An exploit for this issue is rumored to exist.
Note that several distribution patched this hole without
changing
the version number of OpenSSH. Since Nessus solely relied on the
banner of the remote SSH server to perform this check, this
might
be a false positive.
If you are running a RedHat host, make sure that the command :
rpm -q openssh-server
Returns :
openssh-server-3.1p1-13 (RedHat 7.x)
openssh-server-3.4p1-7 (RedHat 8.0)
openssh-server-3.5p1-11 (RedHat 9)
Solution : Upgrade to OpenSSH 3.7.1
See also :
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2
Risk factor : High
CVE : CAN-2003-0682, CAN-2003-0693, CAN-2003-0695
BID : 8628
Nessus ID : 11837
Warning found on port ssh (22/tcp)
You are running OpenSSH-portable 3.6.1p1 or older.
If PAM support is enabled, an attacker may use a flaw in this
version
to determine the existence or a given login name by comparing
the times
the remote sshd daemon takes to refuse a bad password for a
non-existent
login compared to the time it takes to refuse a bad password for
a
valid login.
An attacker may use this flaw to set up a brute force attack
against
the remote host.
*** Nessus did not check whether the remote SSH daemon is
actually
*** using PAM or not, so this might be a false positive
Solution : Upgrade to OpenSSH-portable 3.6.1p2 or newer
Risk Factor : Low
CVE : CAN-2003-0190
BID : 7482, 7467, 7342
Nessus ID : 11574
Warning found on port ssh (22/tcp)
You are running OpenSSH-portable 3.6.1 or older.
There is a flaw in this version which may allow an attacker to
bypass the access controls set by the administrator of this
server.
OpenSSH features a mechanism which can restrict the list of
hosts a given user can log from by specifying a pattern
in the user key file (ie: *.mynetwork.com would let a user
connect only from the local network).
However there is a flaw in the way OpenSSH does reverse DNS
lookups.
If an attacker configures his DNS server to send a numeric IP
address
when a reverse lookup is performed, he may be able to circumvent
this mechanism.
Solution : Upgrade to OpenSSH 3.6.2 when it comes out
Risk Factor : Low
CVE : CAN-2003-0386
BID : 7831
Nessus ID : 11712
Information found on port ssh (22/tcp)
An ssh server is running on this port
Nessus ID : 10330
Information found on port ssh (22/tcp)
Remote SSH version : SSH-2.0-OpenSSH_3.4p1 Debian
1:3.4p1-1.woody.3
Nessus ID : 10267
Information found on port ssh (22/tcp)
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.99
. 2.0
Nessus ID : 10881
---- Fin mensaje
Perdonad por esto tan largo... Esta usando woody y upgradeado incluso
referenciado con security en la source.list.
¿Está comprometido el sistema?, aunque lo del ftp no me preocupa porque
se lo puedo quitar, lo que más me preocupa es lo del ssh.
¿Alguna ayuda?, gracias.
Reply to: