Re: We Found the Vulnerabilities, so What Next ?!!

Dear chmod077,

I'm not saying this is an nessus issues, I post my question her because I
think some of you face this issues.

Yes that right, hardening the system is the best solution, but if we talk
about the case in general, should the system have 0 vulnerability ? I mean
is it an important to patch the system even if this vulnerability can't be
exploited remotely ?

Lets say we have a web server, and it is in zone with only port 80 is
opened. So, when we scan the system we found a lot of vulnerabilities, but
there is 0 vulnerability related to the web service.
The only way to reach the system is be using port 80, even the Administrator
should go to the system (physically) and do his job. and we trust the admin
:-).

Is it important (in this case) to patch the system? is the high
vulnerabilities that we discovered is really a high ? can we say its medium
or low now, since it not related to port 80 service ?

Regards,


On 2/17/06, chmod077@gmx.de <chmod077@gmx.de> wrote:
> Dear Mansour,
> in my opinion the easiest way to solve your problem is
> something like
> rpm -e "unused package"
>
> The other thing is:
> It is an administrators task to decide to patch
> or to patch not the special vulnerability .....
> If in doubt : patch.
>
> If there are some problems concerning rpms and unsolved dependencies:
> It is not a nessus problem.
> Please, read about installing packages using rpm....
>
>
>
>
> regards
> chmod077.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus