CA License vulnerability plugin

Wed, 23 Mar 2005 10:01:35 -0800 

Hello

I am in trouble with that plugin, as I am trying to check which machines 
are really vulnerable.

I launched it against some Unix servers and got 1 vulnerable on port 10203 
and one not vulnerable with port 10203 opened.
I checked as indicated by the CA site :
( http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp 
)

quazar# strings /opt/CA/ca_lic/licrmt | grep BUILD
LICAGENT BUILD INFO = /1.0.18/Jul 24 2003/17:52:23

frillsrm02p#  strings /opt/CA/ca_lic/licrmt | grep BUILD
LICAGENT BUILD INFO = /1.0.18/Jul 24 2003/17:52:23

I then tried a telnet on port 10203 and issued "A0 GETCONFIG SELF 0 <EOM>"
got this :

Quazar :

A0 GCR HOSTNAME<QUAZAR>
HARDWARE<Unknown>LOCALE<unknown>
IDENT1<unknown>IDENT2<unknown>IDENT3<unknown>IDENT4<unknown>
OS<SunOS 5.8>OLFFILE<0 0 0>SERVER<RMT>
VERSION<3 1.53>
NETWORK<155.132.26.73 sxb.bsf.alcatel.fr 255.255.252.0>
MACHINE<SUN_SUNW.Ultra-5.10_1_*>CHECKSUMS<0 0 0 0 0 0 0 0 0 0 0 
0>RMTV<1.00><EOM> 

Frillsrm02p :

A0 GCR HOSTNAME<FRILLSRM02P>
HARDWARE<Unknown>LOCALE<unknown>
IDENT1<unknown>IDENT2<unknown>IDENT3<unknown>IDENT4<unknown>
OS<SunOS 5.8>OLFFILE<0 0 0>SERVER<RMT>
VERSION<3 1.53>
NETWORK<155.132.24.237 sxb.bsf.alcatel.fr255.255.254.0>
MACHINE<SUN_SUNW.Sun-Fire-V440_4_*>CHECKSUMS<0 0 0 0 0 0 0 0 0 0 0 
0>RMTV<1.00><EOM>

A second nessus test on these two machines said "not vulnerable"  for 
both, with TCP 10203 port open.

According to CA the /1.0.18/ build should be vulnerable. ( 1.0.15 to 1.4.6 
) and given the date of the build, that seems normal.

I think that the Nessus plugin is baffled by the space between 3 1.53 

More, the version issued by the A0 GETCONFIG command does not seem to be 
related to the LICAGENT version.

Can you help me on determining exactly which machines are vulnerable or 
not ?

I was not able to do the same test on a window machine : the telnet did 
not answer to the request.

Cordialement / Mit freundlichen GrÃÃen / Best regards,
Patrice Arnal 
ISS - DataCenter â E&S 
Alcatel ICT Services 

1rte Dr A.Schweitzer - 67408 - ILLKIRCH - FRANCE 
Phone : +33 (0) 3 90 67 74 22 / 2187 74 22
Fax : +33 (0) 3 90 67 72 07
Mobile: +33 (0) 6 06 07 67 68 08
Mailto: [EMAIL PROTECTED] 

_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to