RE: Multiple CGI warnings on NetWare 6.5 SP3

Thu, 10 Nov 2005 10:48:34 -0800 

        Can't say that we've seen that on our Novell servers.  ...and we
have quite a few with Apache installed.  All are 6.5 SP3.

        Its odd that it picks up on having a web server installed on 443
without Apache running.

Justin Doles
Liberty Savings Bank
www.LibertySavingsBank.com


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Joel Elwell
Sent: Thursday, November 10, 2005 9:25 AM
To: [email protected]
Subject: Multiple CGI warnings on NetWare 6.5 SP3


Has anyone run into the probable false positives below? 
The only cgi folder existing on the server is in Apache2. It contains none
of the indicated CGI's. 
Apache, Perl and Tomcat where not loaded at the time of the scan. What is
keying Nessus to indicate these warnings?

NetWare 6.5 SP3, NetMail 3.10h
Nessus scan found these and other cgi's:

Vulnerability
https (443/tcp)
The 'plusmail' CGI is installed. Some
versions of this CGI have a well known security flaw that 
lets an attacker read arbitrary
file with the privileges of the http daemon 
(usually root or nobody).

Solution : remove it from /cgi-bin. No patch yet

Risk factor : High
CVE : CAN-2000-0074
BID : 2653
Nessus ID : 10181 
This is a false positive.  is not installed on this server. A file search of
the Netware volumes could not locate a cgi of this name.  


Vulnerability
https (443/tcp)
The 'webgais' CGI is installed. This CGI has
a well known security flaw that lets an attacker execute arbitrary commands
with the privileges of the http daemon (usually root or nobody).

Solution : remove it from /cgi-bin

Risk factor : High
CVE : CVE-1999-0176
BID : 2058
Nessus ID : 10300 
Vulnerability
https (443/tcp)
The 'websendmail' CGI is installed. This CGI has
a well known security flaw that lets an attacker execute arbitrary commands
with the privileges of the http daemon (usually root or nobody).

Solution : Remove it from /cgi-bin.

Risk factor : High
CVE : CVE-1999-0196
BID : 2077
Nessus ID : 10301 
Vulnerability
https (443/tcp)
The 'Perl' CGI is installed and can be launched
as a CGI. This is equivalent to giving a free shell to an attacker, with the
http server privileges (usually root or nobody).

Solution : remove it from /cgi-bin

Risk factor : High
CVE : CAN-1999-0509
Nessus ID : 10173 




_______________________________________________
Nessus mailing list
[email protected] http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to