False positives with BIND 8.4.1-REL?
Manuel Kiessling
manuel at kiessling.net
Wed Sep 24 10:04:49 EDT 2003
Hello,
Renaud Deraison wrote:
> Fixed in CVS - thanks for the initial report !
No problem, maybe I have another one, but this time it doesn't seem so
easy to say where the problem is. I will try an educated guess.
Plugin #10498 (Test HTTP dangerous methods) reported:
"We could DELETE the file '/'on your web server
This allows an attacker to destroy some of your pages
Solution : disable this method
Risk factor : Serious"
That really made me nervous of course, but I could not quite believe
that this should really work. After all I did not enable DELETE, nor did
I install Apache mods that have it enabled.
I played around with telnet:
xxx at hal > telnet xxx 80
Trying xxx...
Connected to xxx
Escape character is '^]'.
DELETE / HTTP/1.1
Host: xxx
HTTP/1.1 200 OK
Date: Wed, 24 Sep 2003 13:56:27 GMT
Server: Apache/1.3.28 (Unix) PHP/4.3.3
X-Powered-By: PHP/4.3.3
Transfer-Encoding: chunked
Content-Type: text/html
59f
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/REC-html40/loose.dtd">
<html>
<head>
and so on (showing me the default index page).
[I hope you folks don't mind the xxx]
My server says "HTTP/1.1 200 OK", but the file is not deleted. Is that a
false positive?
P.S.: Maybe that's a good place and time to thank the authors of Nessus
- I'm using it for about one week now, and although it already caused me
a lot of overtime (fixing holes of course), I really cannot believe I
lived without it for so long. Great piece of work! Thanks!
--
Manuel Kiessling
More information about the Nessus
mailing list