Mailinglist Archive: opensuse-security (211 mails)
| < Previous | Next > |
Re: SSH and Apache warnings Nessus
- From: Stefan Andreas Tichy <listuser@xxxxxxxxx>
- Date: Mon, 6 Oct 2003 14:42:06 +0200
- Message-id: <20031006124206.GA9652@xxxxxxxxxxxxxxxx>
On Mon, Oct 06, 2003 at 08:09:37AM +0100, Hollweg, Daniel wrote:
> I have two problems with a new installed SuSe Linux Professional 8.2.
> All current patches are applied. Wehn I am scanning the box with the
> nessus I get the following warnings:
>
> - You are running a version of OpenSSH which is older than 3.7.1
>
> - You are running OpenSSH-portable 3.6.1p1 or older.
If possible SuSE applies fixes to software versions originally delivered
with some SuSE distribution. Therefore upgrading to the newest
versions is not neccessary.
> Is this O.K. and just an Nessus Problem with the SuSe version of
> SSH?
Yes
> - The remote HTTP server allows an attacker to read arbitrary files
> on the remote web server, simply by adding a slash in front of its name.
> Example: GET //etc/passwd will return /etc/passwd.
There has been a vulnerability in mod_rewrite, but it should be no
problem using apache installed with SuSE 8.2.
http://www.apacheweek.com/issues/00-09-22
> I already installed the newest SuSe Apache 1.3 package. Where is the problem?
> Amazing is that the GET request does not return the whole passwd but only two
> lines.
Is this just some nessus information or did you reproduce the
problem?
--
Stefan Tichy <listuser@xxxxxxxxx>
> I have two problems with a new installed SuSe Linux Professional 8.2.
> All current patches are applied. Wehn I am scanning the box with the
> nessus I get the following warnings:
>
> - You are running a version of OpenSSH which is older than 3.7.1
>
> - You are running OpenSSH-portable 3.6.1p1 or older.
If possible SuSE applies fixes to software versions originally delivered
with some SuSE distribution. Therefore upgrading to the newest
versions is not neccessary.
> Is this O.K. and just an Nessus Problem with the SuSe version of
> SSH?
Yes
> - The remote HTTP server allows an attacker to read arbitrary files
> on the remote web server, simply by adding a slash in front of its name.
> Example: GET //etc/passwd will return /etc/passwd.
There has been a vulnerability in mod_rewrite, but it should be no
problem using apache installed with SuSE 8.2.
http://www.apacheweek.com/issues/00-09-22
> I already installed the newest SuSe Apache 1.3 package. Where is the problem?
> Amazing is that the GET request does not return the whole passwd but only two
> lines.
Is this just some nessus information or did you reproduce the
problem?
--
Stefan Tichy <listuser@xxxxxxxxx>
| < Previous | Next > |