[389-users] Retna Scan Results

Thu May 29 17:13:59 UTC 2014

In /etc/dirsrv/admin-serv there is a httpd.conf file. Does the admin-serv
use the httpd system rpm or does it use a http server distributed with the
admin-serv rpm? If it is distributed with the admin-serv rpm than I would
say the scan is saying that the vulnerabilities exist in that http server.
The httpd rpm installed on the system is the latest httpd-2.2.15-30

On Thu, May 29, 2014 at 12:28 PM, Noriko Hosoi <nhosoi at redhat.com> wrote:

>  John Trump wrote:
>
> Does the admin server or admin console run a webserver?
>
> Yes, the admin server depends upon httpd.
>
>   On May 29, 2014 11:59 AM, "Noriko Hosoi" <nhosoi at redhat.com> wrote:
>
>>  Sorry, I don't know what the tool does.  You may want to ask the tool's
>> provider the question.
>> Thanks.
>>
>> John Trump wrote:
>>
>> I am running RHEL 6. Why does the scan show the vulnerabilities on the
>> port that directory administration server is using?
>> On May 28, 2014 8:25 PM, "Noriko Hosoi" <nhosoi at redhat.com> wrote:
>>
>>>  Hello, as you mentioned, all of the CVEs are quite old (older than
>>> RHEL-6).  For instance, the last one CVE-2009-1956 was fixed in
>>> apr-util-1.2.7-7.el5_3.1.  As long as you use RHEL-6, the CVEs you listed
>>> are all fixed.  Also, please note that the CVEs are all httpd related, not
>>> 389-ds.
>>>
>>> CVE:
>>> CVE-2008-0005
>>> CVE-2007-6388
>>> CVE-2007-6422
>>> CVE-2007-6420
>>> CVE-2007-5000
>>> CVE-2007-6421
>>> CVE-2008-1678
>>>
>>> CVE-2007-1862
>>> CVE-2007-3847
>>> CVE-2007-3304
>>> CVE-2006-5752
>>> CVE-2007-1863
>>>
>>> CVE-2009-1891
>>> CVE-2009-1955
>>> CVE-2009-1191
>>> CVE-2009-0023
>>> CVE-2009-1956
>>> CVE-2009-1195
>>> CVE-2009-1890
>>>
>>> John Trump wrote:
>>>
>>> I have a system running 389-ds that was scanned using retna. Retna
>>> showed vulnerabilities which are fairly old. Can anyone confirm that these
>>> were fixed. Only thing using port 9830 is the admin-serv. Below are the rpm
>>> versions I have installed and the CVE's retna supposidly detected.
>>>
>>>  389-adminutil-1.1.19-1.el6.x86_64
>>> 389-ds-console-doc-1.2.6-1.el6.noarch
>>> 389-admin-1.1.35-1.el6.x86_64
>>> 389-admin-console-1.1.8-5.fc19.noarch
>>> 389-console-1.1.7-1.el6.noarch
>>> 389-ds-1.2.2-1.el6.noarch
>>> 389-ds-base-libs-1.2.11.25-1.el6.x86_64
>>> 389-ds-base-1.2.11.25-1.el6.x86_64
>>> 389-dsgw-1.1.11-1.el6.x86_64
>>> 389-ds-console-1.2.6-1.el6.noarch
>>> 389-admin-console-doc-1.1.8-5.fc19.noarch
>>>
>>>  Audit ID: 6310 Vul ID: N/A
>>>  Risk Level: Medium
>>> Sev Code: Category II
>>> PCI Level: Medium (Fail) - CVSS Score
>>> CVSS Score: 5 [AV:N/AC:L/Au:N/C:N/I:N/A:P]
>>> BugTraq ID 27234,26838,27236,27237
>>> CVE: CVE-2008-0005,CVE-2007-6388,CVE-2007-6422,CVE-2007-64
>>> 20,CVE-2007-5000,CVE-2007-6421,CVE-2008-1678
>>> CCE: N/A
>>> Exploit: No
>>> IAV: N/A
>>> STIG:
>>> Context: TCP:9830
>>> Result: Success
>>> Tested Value: BR T WB Server:
>>>
>>> (Apache(\([[]^)]*\))?/((2\.((2(\.[[]0-7])?)|(0(\.([[]1-5]?[[]0-9]|6[[]0-2]))
>>>
>>> ?)|(1(\..*)?)))|(1\.((3(\.([[]1-3]?[[]0-9]|40))?)|([[]0-2](\..*)?)))|(0+\..*))
>>> ($|[[]^0-9.]([[]^(]*\([[]^R][[]^)]*\))*[[]^()]*$))
>>> Found Value: Server: Apache/2.2##Content-Length: 301##Connection:
>>> close##Content-Type: text/html;
>>> charset[=]iso-8859-1####<!DOCTYPE HTML PUBLIC
>>> "-//IETF//DTD HTML 2.0//EN">#<html><head>#<title>404 Not
>>> Found</title>#</head><body>#<h1>Not Found</h1>
>>> (truncated...)
>>>
>>>  Audit ID: 6059 Vul ID: N/A
>>> Risk Level: Medium
>>> Sev Code: Category II
>>> PCI Level: Medium (Fail) - CVSS Score
>>> CVSS Score: 5 [AV:N/AC:L/Au:N/C:P/I:N/A:N]
>>> BugTraq ID 24215,24645,25489,24649,24553
>>> CVE: CVE-2007-1862,CVE-2007-3847,CVE-2007-3304,CVE-2006-57
>>> 52,CVE-2007-1863
>>> CCE: N/A
>>> Exploit: No
>>> IAV: N/A
>>> STIG:
>>> Context: TCP:9830
>>> Result: Success
>>> Tested Value: RR T WB
>>>
>>> (Apache(\([[]^)]*\))?/(2\.2(\.[[]0-5])?)($|[[]^0-9.]([[]^(]*\([[]^R][[]^)]*\)
>>> )*[[]^()]*$))
>>> Found Value: Apache/2.2
>>>
>>>   Audit ID: 9820 Vul ID: N/A
>>> Risk Level: Medium
>>> Sev Code: Category II
>>> PCI Level: High (Fail) - CVSS Score
>>> CVSS Score: 7.8 [AV:N/AC:L/Au:N/C:N/I:N/A:C]
>>> BugTraq ID 35565,35253,35623,35251,34663,35221,35115
>>> CVE: CVE-2009-1891,CVE-2009-1955,CVE-2009-1191,CVE-2009-00
>>> 23,CVE-2009-1956,CVE-2009-1195,CVE-2009-1890
>>> CCE: N/A
>>> Exploit: Yes
>>> IAV: N/A
>>> STIG:
>>> Context: TCP:9830
>>> Result: Success
>>> Tested Value: APACHE(-ADVANCEDEXTRANETSERVER)?/2\.2(\.(1[[]01]|[[]0
>>> -9])(\.[[]0-9]+)*)?($|[[]^0-9.])
>>> Found Value: APACHE/2.2
>>>
>>>
>>>
>>>
>>> --
>>> 389 users mailing list389-users at lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>
>>
>> --
>> 389 users mailing list389-users at lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
> --
> 389 users mailing list389-users at lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20140529/77a5c26f/attachment.html>