I believe they are false positives. I am just searching for "proof" to provide to person running sans.
On Thu, May 29, 2014 at 1:23 PM, Rob Crittenden <[email protected]> wrote: > John Trump wrote: > > In /etc/dirsrv/admin-serv there is a httpd.conf file. Does the > > admin-serv use the httpd system rpm or does it use a http server > > distributed with the admin-serv rpm? If it is distributed with the > > admin-serv rpm than I would say the scan is saying that the > > vulnerabilities exist in that http server. The httpd rpm installed on > > the system is the latest httpd-2.2.15-30 > > 389-admin runs a separate instance of the system httpd. > > I know nothing about this scanner but based on these logs it is just > doing server version string comparisons which are rather meaningless in > this context. There seems to be a lot of false-positives merely because > the Apache version is 2.2. > > rob > > > > > > > On Thu, May 29, 2014 at 12:28 PM, Noriko Hosoi <[email protected] > > <mailto:[email protected]>> wrote: > > > > John Trump wrote: > >> > >> Does the admin server or admin console run a webserver? > >> > > Yes, the admin server depends upon httpd. > > > >> On May 29, 2014 11:59 AM, "Noriko Hosoi" <[email protected] > >> <mailto:[email protected]>> wrote: > >> > >> Sorry, I don't know what the tool does. You may want to ask > >> the tool's provider the question. > >> Thanks. > >> > >> John Trump wrote: > >>> > >>> I am running RHEL 6. Why does the scan show the > >>> vulnerabilities on the port that directory administration > >>> server is using? > >>> > >>> On May 28, 2014 8:25 PM, "Noriko Hosoi" <[email protected] > >>> <mailto:[email protected]>> wrote: > >>> > >>> Hello, as you mentioned, all of the CVEs are quite old > >>> (older than RHEL-6). For instance, the last one > >>> CVE-2009-1956 was fixed in apr-util-1.2.7-7.el5_3.1. As > >>> long as you use RHEL-6, the CVEs you listed are all > >>> fixed. Also, please note that the CVEs are all httpd > >>> related, not 389-ds. > >>> > >>> CVE: > >>> CVE-2008-0005 > >>> CVE-2007-6388 > >>> CVE-2007-6422 > >>> CVE-2007-6420 > >>> CVE-2007-5000 > >>> CVE-2007-6421 > >>> CVE-2008-1678 > >>> > >>> CVE-2007-1862 > >>> CVE-2007-3847 > >>> CVE-2007-3304 > >>> CVE-2006-5752 > >>> CVE-2007-1863 > >>> > >>> CVE-2009-1891 > >>> CVE-2009-1955 > >>> CVE-2009-1191 > >>> CVE-2009-0023 > >>> CVE-2009-1956 > >>> CVE-2009-1195 > >>> CVE-2009-1890 > >>> > >>> John Trump wrote: > >>>> I have a system running 389-ds that was scanned using > >>>> retna. Retna showed vulnerabilities which are fairly > >>>> old. Can anyone confirm that these were fixed. Only > >>>> thing using port 9830 is the admin-serv. Below are the > >>>> rpm versions I have installed and the CVE's retna > >>>> supposidly detected. > >>>> > >>>> 389-adminutil-1.1.19-1.el6.x86_64 > >>>> 389-ds-console-doc-1.2.6-1.el6.noarch > >>>> 389-admin-1.1.35-1.el6.x86_64 > >>>> 389-admin-console-1.1.8-5.fc19.noarch > >>>> 389-console-1.1.7-1.el6.noarch > >>>> 389-ds-1.2.2-1.el6.noarch > >>>> 389-ds-base-libs-1.2.11.25-1.el6.x86_64 > >>>> 389-ds-base-1.2.11.25-1.el6.x86_64 > >>>> 389-dsgw-1.1.11-1.el6.x86_64 > >>>> 389-ds-console-1.2.6-1.el6.noarch > >>>> 389-admin-console-doc-1.1.8-5.fc19.noarch > >>>> > >>>> Audit ID:6310Vul ID:N/A > >>>> Risk Level:Medium > >>>> Sev Code:Category II > >>>> PCI Level:Medium (Fail) - CVSS Score > >>>> CVSS Score:5 [AV:N/AC:L/Au:N/C:N/I:N/A:P] > >>>> BugTraq ID27234,26838,27236,27237 > >>>> CVE:CVE-2008-0005,CVE-2007-6388,CVE-2007-6422,CVE-2007-64 > >>>> 20,CVE-2007-5000,CVE-2007-6421,CVE-2008-1678 > >>>> CCE:N/A > >>>> Exploit:No > >>>> IAV:N/A > >>>> STIG: > >>>> Context:TCP:9830 > >>>> Result:Success > >>>> Tested Value:BR T WB Server: > >>>> > (Apache(\([[]^)]*\))?/((2\.((2(\.[[]0-7])?)|(0(\.([[]1-5]?[[]0-9]|6[[]0-2])) > >>>> > ?)|(1(\..*)?)))|(1\.((3(\.([[]1-3]?[[]0-9]|40))?)|([[]0-2](\..*)?)))|(0+\..*)) > >>>> ($|[[]^0-9.]([[]^(]*\([[]^R][[]^)]*\))*[[]^()]*$)) > >>>> Found Value:Server: Apache/2.2##Content-Length: > >>>> 301##Connection: > >>>> close##Content-Type: text/html; > >>>> charset[=]iso-8859-1####<!DOCTYPE HTML PUBLIC > >>>> "-//IETF//DTD HTML 2.0//EN">#<html><head>#<title>404 Not > >>>> Found</title>#</head><body>#<h1>Not Found</h1> > >>>> (truncated...) > >>>> > >>>> Audit ID:6059Vul ID:N/A > >>>> Risk Level:Medium > >>>> Sev Code:Category II > >>>> PCI Level:Medium (Fail) - CVSS Score > >>>> CVSS Score:5 [AV:N/AC:L/Au:N/C:P/I:N/A:N] > >>>> BugTraq ID24215,24645,25489,24649,24553 > >>>> CVE:CVE-2007-1862,CVE-2007-3847,CVE-2007-3304,CVE-2006-57 > >>>> 52,CVE-2007-1863 > >>>> CCE:N/A > >>>> Exploit:No > >>>> IAV:N/A > >>>> STIG: > >>>> Context:TCP:9830 > >>>> Result:Success > >>>> Tested Value:RR T WB > >>>> > (Apache(\([[]^)]*\))?/(2\.2(\.[[]0-5])?)($|[[]^0-9.]([[]^(]*\([[]^R][[]^)]*\) > >>>> )*[[]^()]*$)) > >>>> Found Value:Apache/2.2 > >>>> > >>>> Audit ID:9820Vul ID:N/A > >>>> Risk Level:Medium > >>>> Sev Code:Category II > >>>> PCI Level:High (Fail) - CVSS Score > >>>> CVSS Score:7.8 [AV:N/AC:L/Au:N/C:N/I:N/A:C] > >>>> BugTraq ID35565,35253,35623,35251,34663,35221,35115 > >>>> CVE:CVE-2009-1891,CVE-2009-1955,CVE-2009-1191,CVE-2009-00 > >>>> 23,CVE-2009-1956,CVE-2009-1195,CVE-2009-1890 > >>>> CCE:N/A > >>>> Exploit:Yes > >>>> IAV:N/A > >>>> STIG: > >>>> Context:TCP:9830 > >>>> Result:Success > >>>> Tested > >>>> > Value:APACHE(-ADVANCEDEXTRANETSERVER)?/2\.2(\.(1[[]01]|[[]0 > >>>> -9])(\.[[]0-9]+)*)?($|[[]^0-9.]) > >>>> Found Value:APACHE/2.2 > >>>> > >>>> > >>>> > >>>> > >>>> -- > >>>> 389 users mailing list > >>>> [email protected] <mailto: > [email protected]> > >>>> > https://admin.fedoraproject.org/mailman/listinfo/389-users > >>> > >>> > >>> -- > >>> 389 users mailing list > >>> [email protected] > >>> <mailto:[email protected]> > >>> https://admin.fedoraproject.org/mailman/listinfo/389-users > >>> > >>> > >>> > >>> -- > >>> 389 users mailing list > >>> [email protected] <mailto: > [email protected]> > >>> https://admin.fedoraproject.org/mailman/listinfo/389-users > >> > >> > >> -- > >> 389 users mailing list > >> [email protected] > >> <mailto:[email protected]> > >> https://admin.fedoraproject.org/mailman/listinfo/389-users > >> > >> > >> > >> -- > >> 389 users mailing list > >> [email protected] <mailto: > [email protected]> > >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > > -- > > 389 users mailing list > > [email protected] > > <mailto:[email protected]> > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > > > > > > -- > > 389 users mailing list > > [email protected] > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
