Mailinglist Archive: opensuse-security (211 mails)

< Previous Next >
AW: [suse-security] Re: SSH and Apache warnings Nessus


> -----Ursprungliche Nachricht-----
> Von: Stefan Andreas Tichy [mailto:listuser@xxxxxxxxx]
> Gesendet: Montag, 6. Oktober 2003 14:42
> An: suse-security@xxxxxxxx
> Betreff: [suse-security] Re: SSH and Apache warnings Nessus
>
>
> On Mon, Oct 06, 2003 at 08:09:37AM +0100, Hollweg, Daniel wrote:
> > I have two problems with a new installed SuSe Linux
> Professional 8.2.
> > All current patches are applied. Wehn I am scanning the box
> with the
> > nessus I get the following warnings:
> >
> > - You are running a version of OpenSSH which is older than 3.7.1
> >
> > - You are running OpenSSH-portable 3.6.1p1 or older.
>
> If possible SuSE applies fixes to software versions
> originally delivered
> with some SuSE distribution. Therefore upgrading to the newest
> versions is not neccessary.
>
>
> > Is this O.K. and just an Nessus Problem with the SuSe version of
> > SSH?
>
> Yes
>
>
> > - The remote HTTP server allows an attacker to read
> arbitrary files
> > on the remote web server, simply by adding a slash in
> front of its name.
> > Example: GET //etc/passwd will return /etc/passwd.
>
> There has been a vulnerability in mod_rewrite, but it should be no
> problem using apache installed with SuSE 8.2.
> http://www.apacheweek.com/issues/00-09-22
>
> > I already installed the newest SuSe Apache 1.3 package.
> Where is the problem?
> > Amazing is that the GET request does not return the whole
> passwd but only two
> > lines.
>
> Is this just some nessus information or did you reproduce the
> problem?

I tested it and it returns two lines of my /etc/passwd. Other files
like /etc/inittab result in a Error 403.

Here is a sample output:

root:*:0:0::/:/etc/ftponly
foo:x:502:503::/home/foo/public_html/./:/bin/false

Regards,
Daniel

< Previous Next >
Follow Ups