Jaap Ruijgrok wrote:
When I scan a NetWare SMTP server, Nessus reports "unknown (514/udp): port is open". Later Nessus reports a vulnerability regarding WinSyslog on this port (514).
This mailserver sits behind a firewall (Cisco PIX) and I'm sure UDP 514 is not in any of the access-lists. However the PIX has a fixup for rsh 514.
My question is: why is UDP/514 mentioned as a vulnerability?
It's flagging that based on the fact that your scanner has unrestricted access to udp/514, which is usually a Syslog server listening for network transfers. Being UDP and often having no rate limiting, syslogd is usually considered a bad thing to have wide open. If you're filtering that address/port from the Internet and only authorized clients can reach it, you can probably disregard it.
-- DS _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
