Hi List! I have two problems with a new installed SuSe Linux Professional 8.2. All current patches are applied. Wehn I am scanning the box with the nessus I get the following warnings: - You are running a version of OpenSSH which is older than 3.7.1 - You are running OpenSSH-portable 3.6.1p1 or older. As I wrote before I installed the latest SSH Version from SuSe. Is this O.K. and just an Nessus Problem with the SuSe version of SSH? - The remote HTTP server allows an attacker to read arbitrary files on the remote web server, simply by adding a slash in front of its name. Example: GET //etc/passwd will return /etc/passwd. I already installed the newest SuSe Apache 1.3 package. Where is the problem? Amazing is that the GET request does not return the whole passwd but only two lines. Any suggestions? Thanks, Daniel
On Mon, Oct 06, 2003 at 08:09:37AM +0100, Hollweg, Daniel wrote:
Hi List!
I have two problems with a new installed SuSe Linux Professional 8.2. All current patches are applied. Wehn I am scanning the box with the nessus I get the following warnings:
- You are running a version of OpenSSH which is older than 3.7.1
- You are running OpenSSH-portable 3.6.1p1 or older.
As I wrote before I installed the latest SSH Version from SuSe. Is this O.K. and just an Nessus Problem with the SuSe version of SSH?
it is. This is a FAQ and a common misunderstanding, which probably should be mentioned on www.suse.com/security :-) SuSE doesn't bump up the packages to the latest version if there is a security problem, instead they backport the patches to the Version which was shipped. This can be considered a good thing, since you get less compatibility issues. But it is not easily detected by simple scanners like nessus.
- The remote HTTP server allows an attacker to read arbitrary files on the remote web server, simply by adding a slash in front of its name. Example: GET //etc/passwd will return /etc/passwd.
probably a configuration problem on your side, cant verify this here. regards, Stefan -- Stefan Seyfried Senior Consultant community4you GmbH, Chemnitz, Germany. http://www.community4you.de http://www.open-eis.com
On Mon, Oct 06, 2003 at 08:09:37AM +0100, Hollweg, Daniel wrote:
I have two problems with a new installed SuSe Linux Professional 8.2. All current patches are applied. Wehn I am scanning the box with the nessus I get the following warnings:
- You are running a version of OpenSSH which is older than 3.7.1
- You are running OpenSSH-portable 3.6.1p1 or older.
If possible SuSE applies fixes to software versions originally delivered with some SuSE distribution. Therefore upgrading to the newest versions is not neccessary.
Is this O.K. and just an Nessus Problem with the SuSe version of SSH?
Yes
- The remote HTTP server allows an attacker to read arbitrary files on the remote web server, simply by adding a slash in front of its name. Example: GET //etc/passwd will return /etc/passwd.
There has been a vulnerability in mod_rewrite, but it should be no problem using apache installed with SuSE 8.2. http://www.apacheweek.com/issues/00-09-22
I already installed the newest SuSe Apache 1.3 package. Where is the problem? Amazing is that the GET request does not return the whole passwd but only two lines.
Is this just some nessus information or did you reproduce the problem? -- Stefan Tichy <listuser@pi4tel.de>
participants (3)
-
Hollweg, Daniel -
Stefan Andreas Tichy -
Stefan Seyfried