[389-users] Retna Scan Results

John Trump trumpjk at gmail.com
Thu May 29 16:21:43 UTC 2014 

Does the admin server or admin console run a webserver?
 On May 29, 2014 11:59 AM, "Noriko Hosoi" <nhosoi at redhat.com> wrote:

>  Sorry, I don't know what the tool does.  You may want to ask the tool's
> provider the question.
> Thanks.
>
> John Trump wrote:
>
> I am running RHEL 6. Why does the scan show the vulnerabilities on the
> port that directory administration server is using?
> On May 28, 2014 8:25 PM, "Noriko Hosoi" <nhosoi at redhat.com> wrote:
>
>>  Hello, as you mentioned, all of the CVEs are quite old (older than
>> RHEL-6).  For instance, the last one CVE-2009-1956 was fixed in
>> apr-util-1.2.7-7.el5_3.1.  As long as you use RHEL-6, the CVEs you listed
>> are all fixed.  Also, please note that the CVEs are all httpd related, not
>> 389-ds.
>>
>> CVE:
>> CVE-2008-0005
>> CVE-2007-6388
>> CVE-2007-6422
>> CVE-2007-6420
>> CVE-2007-5000
>> CVE-2007-6421
>> CVE-2008-1678
>>
>> CVE-2007-1862
>> CVE-2007-3847
>> CVE-2007-3304
>> CVE-2006-5752
>> CVE-2007-1863
>>
>> CVE-2009-1891
>> CVE-2009-1955
>> CVE-2009-1191
>> CVE-2009-0023
>> CVE-2009-1956
>> CVE-2009-1195
>> CVE-2009-1890
>>
>> John Trump wrote:
>>
>> I have a system running 389-ds that was scanned using retna. Retna showed
>> vulnerabilities which are fairly old. Can anyone confirm that these were
>> fixed. Only thing using port 9830 is the admin-serv. Below are the rpm
>> versions I have installed and the CVE's retna supposidly detected.
>>
>>  389-adminutil-1.1.19-1.el6.x86_64
>> 389-ds-console-doc-1.2.6-1.el6.noarch
>> 389-admin-1.1.35-1.el6.x86_64
>> 389-admin-console-1.1.8-5.fc19.noarch
>> 389-console-1.1.7-1.el6.noarch
>> 389-ds-1.2.2-1.el6.noarch
>> 389-ds-base-libs-1.2.11.25-1.el6.x86_64
>> 389-ds-base-1.2.11.25-1.el6.x86_64
>> 389-dsgw-1.1.11-1.el6.x86_64
>> 389-ds-console-1.2.6-1.el6.noarch
>> 389-admin-console-doc-1.1.8-5.fc19.noarch
>>
>>  Audit ID: 6310 Vul ID: N/A
>>  Risk Level: Medium
>> Sev Code: Category II
>> PCI Level: Medium (Fail) - CVSS Score
>> CVSS Score: 5 [AV:N/AC:L/Au:N/C:N/I:N/A:P]
>> BugTraq ID 27234,26838,27236,27237
>> CVE: CVE-2008-0005,CVE-2007-6388,CVE-2007-6422,CVE-2007-64
>> 20,CVE-2007-5000,CVE-2007-6421,CVE-2008-1678
>> CCE: N/A
>> Exploit: No
>> IAV: N/A
>> STIG:
>> Context: TCP:9830
>> Result: Success
>> Tested Value: BR T WB Server:
>>
>> (Apache(\([[]^)]*\))?/((2\.((2(\.[[]0-7])?)|(0(\.([[]1-5]?[[]0-9]|6[[]0-2]))
>>
>> ?)|(1(\..*)?)))|(1\.((3(\.([[]1-3]?[[]0-9]|40))?)|([[]0-2](\..*)?)))|(0+\..*))
>> ($|[[]^0-9.]([[]^(]*\([[]^R][[]^)]*\))*[[]^()]*$))
>> Found Value: Server: Apache/2.2##Content-Length: 301##Connection:
>> close##Content-Type: text/html;
>> charset[=]iso-8859-1####<!DOCTYPE HTML PUBLIC
>> "-//IETF//DTD HTML 2.0//EN">#<html><head>#<title>404 Not
>> Found</title>#</head><body>#<h1>Not Found</h1>
>> (truncated...)
>>
>>  Audit ID: 6059 Vul ID: N/A
>> Risk Level: Medium
>> Sev Code: Category II
>> PCI Level: Medium (Fail) - CVSS Score
>> CVSS Score: 5 [AV:N/AC:L/Au:N/C:P/I:N/A:N]
>> BugTraq ID 24215,24645,25489,24649,24553
>> CVE: CVE-2007-1862,CVE-2007-3847,CVE-2007-3304,CVE-2006-57
>> 52,CVE-2007-1863
>> CCE: N/A
>> Exploit: No
>> IAV: N/A
>> STIG:
>> Context: TCP:9830
>> Result: Success
>> Tested Value: RR T WB
>>
>> (Apache(\([[]^)]*\))?/(2\.2(\.[[]0-5])?)($|[[]^0-9.]([[]^(]*\([[]^R][[]^)]*\)
>> )*[[]^()]*$))
>> Found Value: Apache/2.2
>>
>>   Audit ID: 9820 Vul ID: N/A
>> Risk Level: Medium
>> Sev Code: Category II
>> PCI Level: High (Fail) - CVSS Score
>> CVSS Score: 7.8 [AV:N/AC:L/Au:N/C:N/I:N/A:C]
>> BugTraq ID 35565,35253,35623,35251,34663,35221,35115
>> CVE: CVE-2009-1891,CVE-2009-1955,CVE-2009-1191,CVE-2009-00
>> 23,CVE-2009-1956,CVE-2009-1195,CVE-2009-1890
>> CCE: N/A
>> Exploit: Yes
>> IAV: N/A
>> STIG:
>> Context: TCP:9830
>> Result: Success
>> Tested Value: APACHE(-ADVANCEDEXTRANETSERVER)?/2\.2(\.(1[[]01]|[[]0
>> -9])(\.[[]0-9]+)*)?($|[[]^0-9.])
>> Found Value: APACHE/2.2
>>
>>
>>
>>
>> --
>> 389 users mailing list389-users at lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
> --
> 389 users mailing list389-users at lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20140529/809c7317/attachment.html>

More information about the 389-users mailing list