<div dir="ltr">I have a system running 389-ds that was scanned using retna. Retna showed vulnerabilities which are fairly old. Can anyone confirm that these were fixed. Only thing using port 9830 is the admin-serv. Below are the rpm versions I have installed and the CVE's retna supposidly detected.<div>
<br></div><div><div>389-adminutil-1.1.19-1.el6.x86_64</div><div>389-ds-console-doc-1.2.6-1.el6.noarch</div><div>389-admin-1.1.35-1.el6.x86_64</div><div>389-admin-console-1.1.8-5.fc19.noarch</div><div>389-console-1.1.7-1.el6.noarch</div>
<div>389-ds-1.2.2-1.el6.noarch</div><div>389-ds-base-libs-1.2.11.25-1.el6.x86_64</div><div>389-ds-base-1.2.11.25-1.el6.x86_64</div><div>389-dsgw-1.1.11-1.el6.x86_64</div><div>389-ds-console-1.2.6-1.el6.noarch</div><div>389-admin-console-doc-1.1.8-5.fc19.noarch</div>
</div><div><br></div><div>Audit ID:<span class="" style="white-space:pre"> </span>6310<span class="" style="white-space:pre"> </span>Vul ID:<span class="" style="white-space:pre"> </span>N/A<br></div><div><div>Risk Level:<span class="" style="white-space:pre"> </span>Medium</div>
<div>Sev Code:<span class="" style="white-space:pre"> </span>Category II</div><div>PCI Level:<span class="" style="white-space:pre"> </span>Medium (Fail) - CVSS Score</div><div>CVSS Score:<span class="" style="white-space:pre"> </span>5 [AV:N/AC:L/Au:N/C:N/I:N/A:P]</div>
<div>BugTraq ID<span class="" style="white-space:pre"> </span>27234,26838,27236,27237</div><div>CVE:<span class="" style="white-space:pre"> </span>CVE-2008-0005,CVE-2007-6388,CVE-2007-6422,CVE-2007-64</div><div>20,CVE-2007-5000,CVE-2007-6421,CVE-2008-1678</div>
<div>CCE:<span class="" style="white-space:pre"> </span>N/A</div><div>Exploit:<span class="" style="white-space:pre"> </span>No</div><div>IAV:<span class="" style="white-space:pre"> </span>N/A</div><div>STIG:</div><div>Context:<span class="" style="white-space:pre"> </span>TCP:9830</div>
<div>Result:<span class="" style="white-space:pre"> </span>Success</div><div>Tested Value:<span class="" style="white-space:pre"> </span>BR T WB Server:</div><div>(Apache(\([[]^)]*\))?/((2\.((2(\.[[]0-7])?)|(0(\.([[]1-5]?[[]0-9]|6[[]0-2]))</div>
<div>?)|(1(\..*)?)))|(1\.((3(\.([[]1-3]?[[]0-9]|40))?)|([[]0-2](\..*)?)))|(0+\..*))</div><div>($|[[]^0-9.]([[]^(]*\([[]^R][[]^)]*\))*[[]^()]*$))</div><div>Found Value:<span class="" style="white-space:pre"> </span>Server: Apache/2.2##Content-Length: 301##Connection:</div>
<div>close##Content-Type: text/html;</div><div>charset[=]iso-8859-1####<!DOCTYPE HTML PUBLIC</div><div>"-//IETF//DTD HTML 2.0//EN">#<html><head>#<title>404 Not</div><div>Found</title>#</head><body>#<h1>Not Found</h1> </div>
<div>(truncated...)</div></div><div><br></div><div><div>Audit ID:<span class="" style="white-space:pre"> </span>6059<span class="" style="white-space:pre"> </span>Vul ID:<span class="" style="white-space:pre"> </span>N/A</div>
<div>Risk Level:<span class="" style="white-space:pre"> </span>Medium</div><div>Sev Code:<span class="" style="white-space:pre"> </span>Category II</div><div>PCI Level:<span class="" style="white-space:pre"> </span>Medium (Fail) - CVSS Score</div>
<div>CVSS Score:<span class="" style="white-space:pre"> </span>5 [AV:N/AC:L/Au:N/C:P/I:N/A:N]</div><div>BugTraq ID<span class="" style="white-space:pre"> </span>24215,24645,25489,24649,24553</div><div>CVE:<span class="" style="white-space:pre"> </span>CVE-2007-1862,CVE-2007-3847,CVE-2007-3304,CVE-2006-57</div>
<div>52,CVE-2007-1863</div><div>CCE:<span class="" style="white-space:pre"> </span>N/A</div><div>Exploit:<span class="" style="white-space:pre"> </span>No</div><div>IAV:<span class="" style="white-space:pre"> </span>N/A</div>
<div>STIG:</div><div>Context:<span class="" style="white-space:pre"> </span>TCP:9830</div><div>Result:<span class="" style="white-space:pre"> </span>Success</div><div>Tested Value:<span class="" style="white-space:pre"> </span>RR T WB</div>
<div>(Apache(\([[]^)]*\))?/(2\.2(\.[[]0-5])?)($|[[]^0-9.]([[]^(]*\([[]^R][[]^)]*\)</div><div>)*[[]^()]*$))</div><div>Found Value:<span class="" style="white-space:pre"> </span>Apache/2.2</div></div><div><br></div><div><div>
Audit ID:<span class="" style="white-space:pre"> </span>9820<span class="" style="white-space:pre"> </span>Vul ID:<span class="" style="white-space:pre"> </span>N/A</div><div>Risk Level:<span class="" style="white-space:pre"> </span>Medium</div>
<div>Sev Code:<span class="" style="white-space:pre"> </span>Category II</div><div>PCI Level:<span class="" style="white-space:pre"> </span>High (Fail) - CVSS Score</div><div>CVSS Score:<span class="" style="white-space:pre"> </span>7.8 [AV:N/AC:L/Au:N/C:N/I:N/A:C]</div>
<div>BugTraq ID<span class="" style="white-space:pre"> </span>35565,35253,35623,35251,34663,35221,35115</div><div>CVE:<span class="" style="white-space:pre"> </span>CVE-2009-1891,CVE-2009-1955,CVE-2009-1191,CVE-2009-00</div>
<div>23,CVE-2009-1956,CVE-2009-1195,CVE-2009-1890</div><div>CCE:<span class="" style="white-space:pre"> </span>N/A</div><div>Exploit:<span class="" style="white-space:pre"> </span>Yes</div><div>IAV:<span class="" style="white-space:pre"> </span>N/A</div>
<div>STIG:</div><div>Context:<span class="" style="white-space:pre"> </span>TCP:9830</div><div>Result:<span class="" style="white-space:pre"> </span>Success</div><div>Tested Value:<span class="" style="white-space:pre"> </span>APACHE(-ADVANCEDEXTRANETSERVER)?/2\.2(\.(1[[]01]|[[]0</div>
<div>-9])(\.[[]0-9]+)*)?($|[[]^0-9.])</div><div>Found Value:<span class="" style="white-space:pre"> </span>APACHE/2.2</div></div><div><br></div><div><br></div></div>