Menu
▾
▴
[webmin-l] Nessus finds remote Webmin web server vulnerabilities
|
From: Georgi L. <g....@we...> - 2005-10-08 09:41:08
|
Hey, all Yesterday I did a thorough nessus scan on a second box of mine, running Debian 3.0 with the latest updates and Webmin 1.230 (I installed some older version through apt-get first, then updated it through the webmin interface.) This is what nessus found: --- Vulnerability snet-sensor-mgmt (10000/tcp)=20 The remote web server crashes when it receives a too long URL. It might be possible to make it execute arbitrary code through this flaw. Solution : Contact your vendor for a patch Risk factor : High Solution : Upgrade your web server. CVE : CVE-2000-0002, CVE-2000-0065, CAN-2001-1250, CAN-2003-0833 BID : 2979, 1423, 6994, 7067, 7280, 8726, 889 Nessus ID : 10320 --- Vulnerability snet-sensor-mgmt (10000/tcp)=20 The remote web server seems to be vulnerable to a format string attack on HTTP 1.0 header value. An attacker might use this flaw to make it crash or even execute=20 arbitrary code on this host. Solution : upgrade your software or contact your vendor and inform him of this vulnerability Risk factor : High Nessus ID : 15642 --- Vulnerability snet-sensor-mgmt (10000/tcp)=20 The remote web server seems to be vulnerable to a format string attack on the URI. An attacker might use this flaw to make it crash or even execute=20 arbitrary code on this host. Solution : upgrade your software or contact your vendor and inform him of this vulnerability Risk factor : High Nessus ID : 15640 --- Warning snet-sensor-mgmt (10000/tcp)=20 The remote host appears to be running a version of Apache 2.x which is older than 2.0.46 This version is vulnerable to various flaws : - There is a denial of service vulnerability which may allow an attacker to disable basic authentication on this host - There is a denial of service vulnerability in the mod_dav module which may allow an attacker to crash this service remotely Solution : Upgrade to version 2.0.46 See also : http://www.apache.org/dist/httpd/CHANGES_2.0 Risk factor : Medium CVE : CAN-2003-0245, CAN-2003-0189 BID : 7723, 7725 Other references : RHSA:RHSA-2003:186-01 Nessus ID : 11665 ----------------------------------------------- Can anyone confirm this? Regards Georgi Lipov |
