-----Ursprungliche Nachricht----- Von: Stefan Andreas Tichy [mailto:listuser@pi4tel.de] Gesendet: Montag, 6. Oktober 2003 14:42 An: suse-security@suse.com Betreff: [suse-security] Re: SSH and Apache warnings Nessus

On Mon, Oct 06, 2003 at 08:09:37AM +0100, Hollweg, Daniel wrote:

...

I have two problems with a new installed SuSe Linux Professional 8.2. All current patches are applied. Wehn I am scanning the box with the nessus I get the following warnings:

- You are running a version of OpenSSH which is older than 3.7.1

- You are running OpenSSH-portable 3.6.1p1 or older.

If possible SuSE applies fixes to software versions originally delivered with some SuSE distribution. Therefore upgrading to the newest versions is not neccessary.

...

Is this O.K. and just an Nessus Problem with the SuSe version of SSH?

Yes

...

- The remote HTTP server allows an attacker to read arbitrary files on the remote web server, simply by adding a slash in front of its name. Example: GET //etc/passwd will return /etc/passwd.

There has been a vulnerability in mod_rewrite, but it should be no problem using apache installed with SuSE 8.2. http://www.apacheweek.com/issues/00-09-22

...

I already installed the newest SuSe Apache 1.3 package. Where is the problem? Amazing is that the GET request does not return the whole passwd but only two lines.

Is this just some nessus information or did you reproduce the problem?

I tested it and it returns two lines of my /etc/passwd. Other files like /etc/inittab result in a Error 403. Here is a sample output: root:*:0:0::/:/etc/ftponly foo:x:502:503::/home/foo/public_html/./:/bin/false Regards, Daniel