I did find that we were a couple of versions behind on the Liebert MultiLink
software and upgraded, now I am rescanning to see if the problem is still there.
Another issues that I see is when I scan my main file and print server (Novell
NetWare 6.5 sp3) is tends to reboot the server, has anyone experienced that
problem?
Regards,
Dariusz Swierzewski
Sr. Systems Engineer
dariuszs@homeproperties.com
Home Properties of NY
850 Clinton Square
Rochester, NY 14604
Tel: 585-262-9369
Fax: 585-340-5948
www.homeproperties.com
Steven McGrath <steven.mcgrath@gmail.com> 10/13/2005 3:53 PM >>>
Nessus does that a lot, its not one to really dig into the services.
It's a great tool, but you really need to compare your logfiles to see
if they are fals positives or not. If the Liebert Management Software
package didn't do anything unusual (reset, drop out, generate some odd
logs) then you shoudl be good. If the software package did, then my
recommendation would be to upgrade at your earliest convenience. If
you were ok, upgrading woudl also be a good idea, but not as critical.
You really have to compare a couple of different sources to see if the
results you get are accurate. Even grabbing the latest nmap port
scanner, then running that, telling it to check for running services
and stating them would help elimitate fals pos in this case. Some
tools like ISS also dig into the service as well.
On 10/13/05, Dariusz Swierzewski <DariuszS@homeproperties.com> wrote:
Thank you very much, we are running Liebert Management Software on the
server.
Dariusz Swierzewski
Sr. Systems Engineer
dariuszs@homeproperties.com
Home Properties of NY
850 Clinton Square
Rochester, NY 14604
Tel: 585-262-9369
Fax: 585-340-5948
www.homeproperties.com
Jerry Heidtke <Jerry_Heidtke@mgic.com> 10/13/2005 3:05 PM >>>
Those are the IANA assigned ports for Liebert's management software. Of
course, that doesn't mean that's the service listening on that port.
All that the alert means is that the port was open during the initial port
scan, then after sending a long string to it the port was closed. The
service name is pulled from the nessus services file, not from any
specific service identification.
If you system is running Liebert's management software, you probably need
to upgrade it. Otherwise, use fport or a similar tool to find out what
executable is listening on those ports and take whatever action is
appropriate.
Jerry Heidtke, CISSP
Lead Information Security Analyst
MGIC Information Security
414-347-6837
nessus-bounces@list.nessus.org wrote on 10/13/2005 01:43:51 PM:
Good Afternoon,
We are doing a quick vulnerability check on our offsite web server,
running Windows 2000 Server and IIS. Just recently we came up with
the following vulnerability and cannot figure out how to go about
fixing this - any help would be greatly appreciated.
Vulnerability
LiebDevMgmt_C (3027/tcp)
It was possible to kill the service by sending a single long
text line.
A cracker may be able to use this flaw to crash your software
or even execute arbitrary code on your system.
Risk factor : High
Nessus ID : 11175
Vulnerability
LiebDevMgmt_DM (3028/tcp)
It was possible to kill the service by sending a single long
text line.
A cracker may be able to use this flaw to crash your software
or even execute arbitrary code on your system.
Risk factor : High
Nessus ID : 11175
Regards
Dariusz Swierzewski
Sr. Systems Engineer
dariuszs@homeproperties.com
Home Properties of NY
850 Clinton Square
Rochester, NY 14604
Tel: 585-262-9369
Fax: 585-340-5948
www.homeproperties.com[attachment "Dariusz
Swierzewski.vcf" deleted
by Jerry Heidtke/MGIC]
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
