Re: [389-users] Retna Scan Results

Noriko Hosoi Thu, 29 May 2014 09:28:43 -0700

John Trump wrote:


Does the admin server or admin console run a webserver?

Yes, the admin server depends upon httpd.

On May 29, 2014 11:59 AM, "Noriko Hosoi" <[email protected]<mailto:[email protected]>> wrote:


    Sorry, I don't know what the tool does.  You may want to ask the
    tool's provider the question.
    Thanks.

    John Trump wrote:


    I am running RHEL 6. Why does the scan show the vulnerabilities
    on the port that directory administration server is using?

    On May 28, 2014 8:25 PM, "Noriko Hosoi" <[email protected]
    <mailto:[email protected]>> wrote:

        Hello, as you mentioned, all of the CVEs are quite old (older
        than RHEL-6).  For instance, the last one CVE-2009-1956 was
        fixed in apr-util-1.2.7-7.el5_3.1.  As long as you use
        RHEL-6, the CVEs you listed are all fixed.  Also, please note
        that the CVEs are all httpd related, not 389-ds.

        CVE:
        CVE-2008-0005
        CVE-2007-6388
        CVE-2007-6422
        CVE-2007-6420
        CVE-2007-5000
        CVE-2007-6421
        CVE-2008-1678

        CVE-2007-1862
        CVE-2007-3847
        CVE-2007-3304
        CVE-2006-5752
        CVE-2007-1863

        CVE-2009-1891
        CVE-2009-1955
        CVE-2009-1191
        CVE-2009-0023
        CVE-2009-1956
        CVE-2009-1195
        CVE-2009-1890

        John Trump wrote:

        I have a system running 389-ds that was scanned using retna.
        Retna showed vulnerabilities which are fairly old. Can
        anyone confirm that these were fixed. Only thing using port
        9830 is the admin-serv. Below are the rpm versions I have
        installed and the CVE's retna supposidly detected.

        389-adminutil-1.1.19-1.el6.x86_64
        389-ds-console-doc-1.2.6-1.el6.noarch
        389-admin-1.1.35-1.el6.x86_64
        389-admin-console-1.1.8-5.fc19.noarch
        389-console-1.1.7-1.el6.noarch
        389-ds-1.2.2-1.el6.noarch
        389-ds-base-libs-1.2.11.25-1.el6.x86_64
        389-ds-base-1.2.11.25-1.el6.x86_64
        389-dsgw-1.1.11-1.el6.x86_64
        389-ds-console-1.2.6-1.el6.noarch
        389-admin-console-doc-1.1.8-5.fc19.noarch

        Audit ID:6310Vul ID:N/A
        Risk Level:Medium
        Sev Code:Category II
        PCI Level:Medium (Fail) - CVSS Score
        CVSS Score:5 [AV:N/AC:L/Au:N/C:N/I:N/A:P]
        BugTraq ID27234,26838,27236,27237
        CVE:CVE-2008-0005,CVE-2007-6388,CVE-2007-6422,CVE-2007-64
        20,CVE-2007-5000,CVE-2007-6421,CVE-2008-1678
        CCE:N/A
        Exploit:No
        IAV:N/A
        STIG:
        Context:TCP:9830
        Result:Success
        Tested Value:BR T WB Server:
        
(Apache(\([[]^)]*\))?/((2\.((2(\.[[]0-7])?)|(0(\.([[]1-5]?[[]0-9]|6[[]0-2]))
        
?)|(1(\..*)?)))|(1\.((3(\.([[]1-3]?[[]0-9]|40))?)|([[]0-2](\..*)?)))|(0+\..*))
        ($|[[]^0-9.]([[]^(]*\([[]^R][[]^)]*\))*[[]^()]*$))
        Found Value:Server: Apache/2.2##Content-Length: 301##Connection:
        close##Content-Type: text/html;
        charset[=]iso-8859-1####<!DOCTYPE HTML PUBLIC
        "-//IETF//DTD HTML 2.0//EN">#<html><head>#<title>404 Not
        Found</title>#</head><body>#<h1>Not Found</h1>
        (truncated...)

        Audit ID:6059Vul ID:N/A
        Risk Level:Medium
        Sev Code:Category II
        PCI Level:Medium (Fail) - CVSS Score
        CVSS Score:5 [AV:N/AC:L/Au:N/C:P/I:N/A:N]
        BugTraq ID24215,24645,25489,24649,24553
        CVE:CVE-2007-1862,CVE-2007-3847,CVE-2007-3304,CVE-2006-57
        52,CVE-2007-1863
        CCE:N/A
        Exploit:No
        IAV:N/A
        STIG:
        Context:TCP:9830
        Result:Success
        Tested Value:RR T WB
        
(Apache(\([[]^)]*\))?/(2\.2(\.[[]0-5])?)($|[[]^0-9.]([[]^(]*\([[]^R][[]^)]*\)
        )*[[]^()]*$))
        Found Value:Apache/2.2

        Audit ID:9820Vul ID:N/A
        Risk Level:Medium
        Sev Code:Category II
        PCI Level:High (Fail) - CVSS Score
        CVSS Score:7.8 [AV:N/AC:L/Au:N/C:N/I:N/A:C]
        BugTraq ID35565,35253,35623,35251,34663,35221,35115
        CVE:CVE-2009-1891,CVE-2009-1955,CVE-2009-1191,CVE-2009-00
        23,CVE-2009-1956,CVE-2009-1195,CVE-2009-1890
        CCE:N/A
        Exploit:Yes
        IAV:N/A
        STIG:
        Context:TCP:9830
        Result:Success
        Tested
        Value:APACHE(-ADVANCEDEXTRANETSERVER)?/2\.2(\.(1[[]01]|[[]0
        -9])(\.[[]0-9]+)*)?($|[[]^0-9.])
        Found Value:APACHE/2.2




        --
        389 users mailing list
        [email protected]  
<mailto:[email protected]>
        https://admin.fedoraproject.org/mailman/listinfo/389-users



        --
        389 users mailing list
        [email protected]
        <mailto:[email protected]>
        https://admin.fedoraproject.org/mailman/listinfo/389-users



    --
    389 users mailing list
    [email protected]  
<mailto:[email protected]>
    https://admin.fedoraproject.org/mailman/listinfo/389-users



    --
    389 users mailing list
    [email protected]
    <mailto:[email protected]>
    https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: [389-users] Retna Scan Results

Reply via email to