False positives with BIND 8.4.1-REL?
Manuel Kiessling
manuel at kiessling.net
Wed Sep 24 10:43:27 EDT 2003
Oh, and yet another one:
Plugin #11704 says:
"The remote host is vulnerable to an 'icmp leak' -
when it receive a packet that raise an ICMP error packet
(except ICMP destination unreachable), the ICMP packet is
supposed to contain the original message.
Due to a bug in the remote TCP/IP stack, it will also contain fragments
of the content of the remote kernel memory.
An attacker may use this flaw to remotely sniff what is going on into
the host's memory, especially network packets that it sees, and
obtain useful information such as POP passwords, HTTP authentication
fields, and so on.
Solution : Contact your vendor for a fix. If the remote host is running
Linux 2.0, upgrade to Linux 2.0.40.
See also :
http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak
http://www.kb.cert.org/vuls/id/471084
Risk factor : High"
But this server is running Linux 2.4.19-64GB-SMP #1 SMP!
And plugin #11268 correctly says:
"Remote OS guess : Linux Kernel 2.4.0 - 2.5.20
CVE : CAN-1999-0454"
The really strange thing is that it occurs only on one of my servers,
while on all other 11, which are all similar installations, it doesn't
occur.
--
Manuel Kiessling
More information about the Nessus
mailing list