|
I did find that we were a couple of versions behind on the Liebert MultiLink software and upgraded, now I am rescanning to see if the problem is still there.
Another issues that I see is when I scan my main file and print server (Novell NetWare 6.5 sp3) is tends to reboot the server, has anyone experienced that problem?
Regards,
Dariusz Swierzewski
Sr. Systems Engineer [EMAIL PROTECTED] Home Properties of NY 850 Clinton Square Rochester, NY 14604 Tel: 585-262-9369 Fax: 585-340-5948 www.homeproperties.com >>> Steven McGrath <[EMAIL PROTECTED]> 10/13/2005 3:53 PM >>> Nessus does that a lot, its not one to really dig into the services. It's a great tool, but you really need to compare your logfiles to see if they are fals positives or not. If the Liebert Management Software package didn't do anything unusual (reset, drop out, generate some odd logs) then you shoudl be good. If the software package did, then my recommendation would be to upgrade at your earliest convenience. If you were ok, upgrading woudl also be a good idea, but not as critical. You really have to compare a couple of different sources to see if the results you get are accurate. Even grabbing the latest nmap port scanner, then running that, telling it to check for running services and stating them would help elimitate fals pos in this case. Some tools like ISS also dig into the service as well. On 10/13/05, Dariusz Swierzewski <[EMAIL PROTECTED]> wrote: > > Thank you very much, we are running Liebert Management Software on the > server. > > Dariusz Swierzewski > Sr. Systems Engineer > [EMAIL PROTECTED] > > Home Properties of NY > 850 Clinton Square > Rochester, NY 14604 > Tel: 585-262-9369 > Fax: 585-340-5948 > www.homeproperties.com > > >>> Jerry Heidtke <[EMAIL PROTECTED]> 10/13/2005 3:05 PM >>> > > Those are the IANA assigned ports for Liebert's management software. Of > course, that doesn't mean that's the service listening on that port. > > All that the alert means is that the port was open during the initial port > scan, then after sending a long string to it the port was closed. The > service name is pulled from the nessus services file, not from any > specific service identification. > > If you system is running Liebert's management software, you probably need > to upgrade it. Otherwise, use fport or a similar tool to find out what > executable is listening on those ports and take whatever action is > appropriate. > > Jerry Heidtke, CISSP > > Lead Information Security Analyst > MGIC Information Security > 414-347-6837 > > > [EMAIL PROTECTED] wrote on 10/13/2005 01:43:51 PM: > > > Good Afternoon, > > > > We are doing a quick vulnerability check on our offsite web server, > > running Windows 2000 Server and IIS. Just recently we came up with > > the following vulnerability and cannot figure out how to go about > > fixing this - any help would be greatly appreciated. > > > > > > Vulnerability > > > > LiebDevMgmt_C (3027/tcp) > > > > > > It was possible to kill the service by sending a single long > > text line. > > A cracker may be able to use this flaw to crash your software > > or even execute arbitrary code on your system. > > > > Risk factor : High > > Nessus ID : 11175 > > > > Vulnerability > > > > LiebDevMgmt_DM (3028/tcp) > > > > > > It was possible to kill the service by sending a single long > > text line. > > A cracker may be able to use this flaw to crash your software > > or even execute arbitrary code on your system. > > > > Risk factor : High > > Nessus ID : 11175 > > > > Regards > > > > Dariusz Swierzewski > > Sr. Systems Engineer > > [EMAIL PROTECTED] > > > > Home Properties of NY > > 850 Clinton Square > > Rochester, NY 14604 > > Tel: 585-262-9369 > > Fax: 585-340-5948 > > www.homeproperties.com[attachment "Dariusz > Swierzewski.vcf" deleted > > by Jerry Heidtke/MGIC] > _______________________________________________ > > Nessus mailing list > > [email protected] > > http://mail.nessus.org/mailman/listinfo/nessus > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > > > |
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
