Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Critical issues identified by Nessus

from [monali . shah] Network Security [Permanent Link]
Subject: Critical issues identified by Nessus
Date: Wed, 16 Nov 2005 13:14:04 +0530 
Hi,
        I am getting the following critical holes on my system when I scan 
it using Nessus 2.2.5:

unknown (60747/tcp)
High

It was possible to crash the remote service by flooding it with too much 
data.

An attacker may use this flaw to make this service crash continuously, 
preventing this service from working properly. It may also be possible
to exploit this flaw to execute arbitrary code on this host.


Solution : upgrade your software or contact your vendor and inform it of 
this 
vulnerability
Risk factor : High
unknown (6780/tcp)
High

It was possible to crash the remote service by flooding it with too much 
data.

An attacker may use this flaw to make this service crash continuously, 
preventing this service from working properly. It may also be possible
to exploit this flaw to execute arbitrary code on this host.


Solution : upgrade your software or contact your vendor and inform it of 
this 
vulnerability
Risk factor : High


What I would like to know over here is that :
a : Which pluggin actually identified these holes ?
b : What is the kind of data that was pumped in to crash the port , i mean 
is it some random data or some specific Packets which are being sent  ?

My system is a Sun Server  Netra 440 running Solaris 9 as OS and several 
other applications
My application actually shuts down every time I run the scan because a 
persistent process crashes.
The following is a part of the message which I get on the command prompt :

"Error at line 14 in file ipcalloc.c
Bailing out in ipc_error: Cannot perform malloc
errno=12, ipcerr=1
You are deleting a non-empty list: so I am going to crash"

Can someone tell me if this is a Solaris message which is displayed on the 
screen maybe because the unix resources are getting exhausted

Thanks,
Monali Navin Shah


Notice: The information contained in this e-mail message and/or attachments to 
it may contain confidential or privileged information. If you are not the 
intended recipient, any dissemination, use, review, distribution, printing or 
copying of the information contained in this e-mail message and/or attachments 
to it are strictly prohibited. If you have received this communication in 
error, please notify us by reply e-mail or telephone and immediately and 
permanently delete the message and any attachments. Thank you


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: some preferences not provided from the nessus daemon?, George A. Theall
Next by Date:  Re: Critical issues identified by Nessus, Josh Zlatin-Amishav
Previous by Thread:  Re: some preferences not provided from the nessus daemon?, Marcin Jakubiec
Next by Thread:  Re: Critical issues identified by Nessus, Josh Zlatin-Amishav
Indexes:  [Date] [Thread] [Top] [All Lists]