Nessus scan of a Zeroshell box

Home Page Forums Network Management ZeroShell Nessus scan of a Zeroshell box

This topic contains 4 replies, has 0 voices, and was last updated by  tphipps 11 years, 1 month ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #40925

    tphipps
    Member

    I’m running a Zeroshell box as an internal router with 1.0.beta8. Got to say I’m very happy and impressed with it so far…

    Our internal network is regularly scanned with Tenable Nessus for vulnerabilities, and the following are currently showing up as “critical” level vulnerabilities on the Zeroshell box. All relate to old software releases.

    Questions:
    1. Should I consider updating these versions myself (from updated source built on a remote machine)? And if so, is there an image of a build machine I should use, as I have read that Zeroshell is built from a custom made distribution.

    2. Is there any intentional reason that these packages are so far behind even in the January 2008 1.0.beta8 release?

    3. Could it be possible that fixes for the vulnerabilities identified have been backported into the current Zeroshell release?

    Here are the specifc vulnerabilities identified by Nessus:

    VULNERABILITY on: Port 80/tcp & 443/tcp:

    The remote host is running a version of Apache2 which is older than 2.0.51.

    It is reported that versions prior 2.0.51 are prone to a remote denial of
    service issue. An attacker may issue a specific sequence of DAV LOCK commands
    to crash the process. If Apache is configured to use threads, it may
    completely crash the Apache process.

    In addition to this, versions prior 2.0.51 are prone to a remote buffer
    overflow when parsing an URI sent over IPv6. An attacker may use this flaw
    to execute arbitrary code on the remote host or to deny service to legitimate
    users.

    See also : http://issues.apache.org/bugzilla/show_bug.cgi?id=31183
    Solution : Upgrade to Apache 2.0.51
    Risk factor : High
    CVE : CVE-2004-0786, CVE-2004-0747, CVE-2004-0751, CVE-2004-0748, CVE-2004-0809
    BID : 11185, 11187
    Other references : IAVA:2004-t-0032
    Nessus ID : 14748

    VULNERABILITY on: Port 80/tcp & 443/tcp:

    The remote host is using a version of OpenSSL which is
    older than 0.9.6m or 0.9.7d

    There are several bug in this version of OpenSSL which may allow
    an attacker to cause a denial of service against the remote host.

    *** Nessus solely relied on the banner of the remote host
    *** to issue this warning

    Solution : Upgrade to version 0.9.6m (0.9.7d) or newer
    Risk factor : High
    CVE : CVE-2004-0079, CVE-2004-0081, CVE-2004-0112
    BID : 9899
    Other references : IAVA:2004-B-0006, OSVDB:4316, OSVDB:4317, OSVDB:4318
    Nessus ID : 12110

    VULNERABILITY on: Port 443/tcp:

    Arbitrary code can be executed on the remote host

    Description :

    The remote host is using a version of mod_ssl which is
    older than 2.8.18.

    This version is vulnerable to a flaw which may allow an attacker to disable
    the remote web site remotely, or to execute arbitrary code on the remote
    host.

    *** Note that several Linux distributions patched the old version of
    *** this module. Therefore, this alert might be a false positive. Please
    *** check with your vendor to determine if you really are vulnerable to
    *** this flaw

    Solution :

    Upgrade to version 2.8.18 (Apache 1.3) or to Apache 2.0.50

    Risk factor :

    High / CVSS Base Score : 8.0
    (AV:R/AC:L/Au:NR/C:P/I:P/A:C/B:N)
    CVE : CVE-2004-0488
    BID : 10355
    Other references : OSVDB:6472
    Nessus ID : 12255

    #46184

    raymond
    Member

    I find it a pity that the author doesn’t react to this post.
    Try to contact him directly using: http://www.zeroshell.net/eng/contacts.php
    (in the past I hadn’t success)

    #46185

    Perhaps fluvio is away… My “wireless question” has ben un answerd for about two weeks now and that is not like him….

    #46186

    imported_fulvio
    Participant

    In the release 1.0.beta9 available the next week, Apache and OpenSSL have been updated.

    Regards
    Fulvio

    #46187

    OnHeL
    Member

    Any chance of a FreeRADIUS update? Version 2.02 is available now.

    #46188

    raymond
    Member

    Can you recheck the version 1.0.beta9 with nessus?

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.