Today I have downloaded a Demoversion of Retina the Network Security Scanner from http://www.eeye.com/html/Products/Retina/index.html
The Security Audit gives following alerts on my raq3 Server: ========================================= Mail Servers: IMAP - University of WA 12.264 overflow Description: Vulnerabilities have been found in COPY,LSUB,RENAME and FIND commands that could allow any attacker with a valid username/password combination to gain command shell access to the server where IMAPD is answering requests. Risk Level: High How To Fix: Upgrading to the latest version of IMAP will correct this as well as other vulnerabilities found in IMAP. CVE: CAN-2000-0284 BugtraqID: 1110 http://www.securityfocus.com/bid/1110 Mail Servers: Sendmail aliases Database vulnerability Description: This version of Sendmail has a bug that allows a local user to possibly corrupt the aliases database, causing sendmail to operate improperly or not at all Risk Level: High How To Fix: Upgrade to the current version of Sendmail. CVE: CVE-1999-0976 BugtraqID: 857 http://www.securityfocus.com/bid/857 Mail Servers: Sendmail ETRN DoS Description: This version of Sendmail has a bug that may allow a remote user to cause the server to use large amounts of resources by sending many ETRN commands to it Risk Level: High How To Fix: Upgrade to the current version of Sendmail. CVE: GENERIC-MAP-NOMATCH BugtraqID: 904 http://www.securityfocus.com/bid/904 Mail Servers: Sendmail maillocal vulnerability Description: This version of Sendmail has a bug that allows a remote or local user to use a bug in the shipped mail.local to freeze sendmail delivery or corrupt mailboxes. The problem exists in the LMTP handling of mail.local and requires that mail.local be used as the default local mail delivery agent Risk Level: High How To Fix: Upgrade to the current version of Sendmail. CVE: CVE-2000-0319 BugtraqID: 1146 http://www.securityfocus.com/bid/1146 ========================================= The Security Audit gives following alerts on my raq4 Server: ========================================= Mail Servers: IMAP - University of WA 12.264 overflow Description: Vulnerabilities have been found in COPY,LSUB,RENAME and FIND commands that could allow any attacker with a valid username/password combination to gain command shell access to the server where IMAPD is answering requests. Risk Level: High How To Fix: Upgrading to the latest version of IMAP will correct this as well as other vulnerabilities found in IMAP. CVE: CAN-2000-0284 BugtraqID: 1110 http://www.securityfocus.com/bid/1110 ========================================= Both Servers are the only one from Cobalt that I have and on both Servers I have installed all updates from Cobalts Website. Has anyone the same vulnerabilities on his Cobalt Servers with this tool? Is there really a risk vulnerabilities on my Cobalt raq's? When I read the discussion from securityfocus.com, I think that! Best regards Allen Neeser _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
