[mdk-re] Nessus results
Dmitry V. Levin
=?iso-8859-1?q?ldv_=CE=C1_alt-linux=2Eorg?=
Пт Июн 22 13:19:01 MSD 2001
Greetings!
On Fri, Jun 22, 2001 at 12:29:24PM +0400, Artem Pastuchov wrote:
> Я тут прошелся сабжем по свежепоставленному спрингу ,
> и ему очень не понравился postfix :
<skip>
> The remote SMTP server did not complain when issued the
> command :
> MAIL FROM: root на this_host
> RCPT TO: |testing
>
> This probably means that it is possible to send mail directly
> to programs, which is a serious threat, since this allows
> anyone to execute arbitrary command on this host.
>
> NOTE : ** This security hole might be a false positive, since
> some MTAs will not complain to this test, and instead will
> just drop the message silently **
date server postfix/local[pid]: id: to=<|testing на server>, relay=local, delay=1, status=bounced (unknown user: "|testing")
> The remote SMTP server did not complain when issued the
> command :
> MAIL FROM: |testing
>
> This probably means that it is possible to send mail
> that will be bounced to a program, which is
> a serious threat, since this allows anyone to execute
> arbitrary command on this host.
>
> NOTE : ** This security hole might be a false positive, since
> some MTAs will not complain to this test, but instead
> just drop the message silently **
см. предыдущий лог.
> The remote SMTP server did not complain when issued the
> command :
> MAIL FROM: root на this_host
> RCPT TO: /tmp/nessus_test
>
> This probably means that it is possible to send mail directly
> to files, which is a serious threat, since this allows
> anyone to overwrite any file on the remote server.
>
> NOTE : ** This security hole might be a false positive, since
> some MTAs will not complain to this test and will
> just drop the message silently. Check for the presence
> of file 'nessus_test' in /tmp ! **
date server postfix/local[pid]: id: to=</tmp/nessus_test на server>, relay=local, delay=1, status=bounced (unknown user: "/tmp/nessus_test")
> The remote STMP server seems to allow remote users to
> send mail anonymously by providing a too long argument
> to the HELO command (more than 1024 chars).
>
> This problem may allow bad guys to send hate
> mail, or threatening mail using your server
> and keep their anonymity.
> Насколько это опасно ?
Resume: Неумение пользоваться security scaner'aми.
Risk factor : High.
Solution : Учиться, учиться, учиться, ... :)
> P.s.
>
> В сегодняшнем bugtraq был найден баг
> fetchmail buffer owerflow
Последние сообщения в BUGTRAQ про fetchmail касались довольно старых
версий, более старых, чем та, которая вошла в Spring. Впрочем, за
последние 10 дней вышло уже 3 версии fetchmail, исправляющие разные
buffer overrun'ы. Боюсь, что на этом история не
закончилась. :(
Так что проявляйте осторожность в использовании fetchmail.
Никогда не запускайте его под рутом.
Как только ситуация устаканится, будет обновление в updates.
Regards,
Dmitry
+-------------------------------------------------------------------------+
Dmitry V. Levin mailto://ldv@alt-linux.org
ALT Linux Team http://www.altlinux.ru/
Fandra Project http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя : =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Тип : application/pgp-signature
Размер : 232 байтов
Описание: =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Url : <http://lists.altlinux.org/pipermail/community/attachments/20010622/1cc27c72/attachment-0011.bin>
Подробная информация о списке рассылки community