Vulnerabilities found in my Fedora Core 2
Edilmar Alves - Lista
edilista at fes.br
Thu Dec 2 18:57:23 EST 2004
Hi,
I have a Fedore Core 2 Linux, with automatic update with yum all the
days. Today I point NESSUS to my server and these vulnerabilities were
found:
1) Apache 2.0.51 => better is 2.0.52
2) SSH 3.6.1 => better is 3.7.1
3) Proftpd 1.2.10
but are these problems very new? And how can I discover if, for example,
my SSH 3.6.1 is "like" 3.7.1, that Nessus alerts that it's possible the
distro doesn't update the version but solve the problem?
Other question: I have http-proxy 8080 (Tomcat 5.0.25 - one of the
latest version available). What about this message from Nessus?
Some versions of the mini-sql program comes with a
w3-msql CGI which is vulnerable to a buffer overflow.
An attacker may use it to gain a shell on this system.
I don't have w3-msql installed...
The last question: excuse me but I don't know what is omad or statd
service. Can anyone explain the needed of it? Thanks...
Vulnerability found on port omad (32768/udp)
The remote statd service may be vulnerable to a format string attack.
This means that an attacker may execute arbitrary code thanks to a bug
in this daemon.
Only older versions of statd under Linux are affected by this problem.
Thanks for any help,
More information about the Nessus
mailing list