[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Politica de Seguridad en woody.



Hola Lista :-) .

	He estado juando con esto del nessus y he escaneado a un equipo que
tengo montado en casa de un amigo :-P, y me dos fallos de seguridad uno
con el sevidor ftp y otro con el ssh (el que más me preocupa), os lo
dejo abajo:

----- Mensajes.
Vulnerability found on port ftp (21/tcp)

        The remote host is running a version of ProFTPd which seems
        to be vulnerable to a buffer overflow when a user downloads
        a malformed ASCII file.
        
        An attacker with upload privileges on this host may abuse this
        flaw to gain a root shell on this host.
        
        *** The author of ProFTPD did not increase the version number
        *** of his product when fixing this issue, so it might be false
        *** positive.
        
        Solution : Upgrade to ProFTPD 1.2.9 when available or to 1.2.8p
        Risk Factor : High
        BID : 8679
        Nessus ID : 11849

Information found on port ftp (21/tcp)

        An unknown service is running on this port.
        It is usually reserved for FTP
        Nessus ID : 10330
        

Information found on port ftp (21/tcp)

        Remote FTP server banner :
        220 ProFTPD 1.2.5rc1 Server (Manolo) [el_way.dnsalias.org] 
        
        Nessus ID : 10092

Information found on port ftp (21/tcp)

        A FTP server seems to be running on this port
        Nessus ID : 11153
        


Vulnerability found on port ssh (22/tcp)

        You are running a version of OpenSSH which is older than 3.7.1
        
        Versions older than 3.7.1 are vulnerable to a flaw in the buffer
        management
        functions which might allow an attacker to execute arbitrary
        commands on this 
        host.
        
        An exploit for this issue is rumored to exist.
        
        
        Note that several distribution patched this hole without
        changing
        the version number of OpenSSH. Since Nessus solely relied on the
        banner of the remote SSH server to perform this check, this
        might
        be a false positive.
        
        If you are running a RedHat host, make sure that the command :
        rpm -q openssh-server
        
        Returns :
        openssh-server-3.1p1-13 (RedHat 7.x)
        openssh-server-3.4p1-7 (RedHat 8.0)
        openssh-server-3.5p1-11 (RedHat 9)
        
        Solution : Upgrade to OpenSSH 3.7.1
        See also :
        http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2
        http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2
        Risk factor : High
        CVE : CAN-2003-0682, CAN-2003-0693, CAN-2003-0695
        BID : 8628
        Nessus ID : 11837
        
        
Warning found on port ssh (22/tcp)

        You are running OpenSSH-portable 3.6.1p1 or older.
        
        If PAM support is enabled, an attacker may use a flaw in this
        version
        to determine the existence or a given login name by comparing
        the times
        the remote sshd daemon takes to refuse a bad password for a
        non-existent
        login compared to the time it takes to refuse a bad password for
        a
        valid login.
        
        An attacker may use this flaw to set up a brute force attack
        against
        the remote host.
        
        *** Nessus did not check whether the remote SSH daemon is
        actually
        *** using PAM or not, so this might be a false positive
        
        Solution : Upgrade to OpenSSH-portable 3.6.1p2 or newer
        Risk Factor : Low
        CVE : CAN-2003-0190
        BID : 7482, 7467, 7342
        Nessus ID : 11574

Warning found on port ssh (22/tcp)

        You are running OpenSSH-portable 3.6.1 or older.
        
        There is a flaw in this version which may allow an attacker to
        bypass the access controls set by the administrator of this
        server.
        
        OpenSSH features a mechanism which can restrict the list of
        hosts a given user can log from by specifying a pattern
        in the user key file (ie: *.mynetwork.com would let a user
        connect only from the local network).
        
        However there is a flaw in the way OpenSSH does reverse DNS
        lookups.
        If an attacker configures his DNS server to send a numeric IP
        address
        when a reverse lookup is performed, he may be able to circumvent
        this mechanism.
        
        Solution : Upgrade to OpenSSH 3.6.2 when it comes out
        Risk Factor : Low
        CVE : CAN-2003-0386
        BID : 7831
        Nessus ID : 11712


Information found on port ssh (22/tcp)

        An ssh server is running on this port
        Nessus ID : 10330


Information found on port ssh (22/tcp)

        Remote SSH version : SSH-2.0-OpenSSH_3.4p1 Debian
        1:3.4p1-1.woody.3
        Nessus ID : 10267

Information found on port ssh (22/tcp)

        The remote SSH daemon supports the following versions of the
        SSH protocol :
        
        . 1.99
        . 2.0
        
        Nessus ID : 10881
        
---- Fin mensaje

	Perdonad por esto tan largo... Esta usando woody y upgradeado incluso
referenciado con security en la source.list.

	¿Está comprometido el sistema?, aunque lo del ftp no me preocupa porque
se lo puedo quitar, lo que más me preocupa es lo del ssh.

	¿Alguna ayuda?, gracias.





Reply to: