search for: nessus

I'm trying to get nessus setup for doing some internal security checking. I installed the ports for nessus and nessus-plugins, and everything worked as expected. I then registered for the full feed of plugins, which got me up to over 10,000 plugins. I restarted nessus, and it didn't work at all. I am running without...

hi gurus: tried to install nessus and it would not compile: ===> Configuring for nessus-libraries-2.2.9_1 ******************************************************** * W a r n i n g * * * * Nessus needs Berkeley Packet Filter (bpf)....

...er the 'guest' access > >To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and >Q246261 (Windows 2000). >Note that this won't completely disable null sessions, but will >prevent them from connecting to IPC$ >Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html > >The remote host defaults to guest when a user logs in using an invalid >login. For instance, we could log in using the account 'nessus/nessus' > > >All the smb tests will be done as ''/'whatever' in domain ALUMNI_HOUSE >CVE : CAN-1999-0...

I'm trying to get get nessus 2.2.5 to install on my centos 3.5 system. It errors out with this error: Press ENTER to continue x - Compiling the libraries x -- Configuring the sources for your system configure: error: Could not find OpenSSL and OpenSSL headers on your system **** An error occured :/ Do you want to save the...

Hello all, I’m running Shorewall 2.2.1 on linux kernel 2.6.10 with iptables 1.2.11. I recently ran a nessus scan of my firewall from a machine outside of the firewall and the nessus report told me that there are some ports open that I did not specify to be open. The ports are 32772/udp, 123/udp, 111/tcp, 32772/udp, and 53/udp. Why are these ports open when I did NOT specify them to be open in the rules...

I run samba 2.2.8a on my openbsd 3.4 box, installed from a package. All i need is the ability to mount disks form winxp boxes so i only run smbd, at 139/tcp. I tried scanning the box with nessus, and it came up with some results that got me curious. Since i dont know very much about the smb protocol I thought i should ask here. Have searched the archives but found only old posts, concering older versions. Whats a NULL session? what are domain and host SID? Nessus also suggests i'd...

Recently, i scanned my samba4.1 server by Nessus (a vulnerability scanner tool - http://www.tenable.com/products/nessus) Nessus says that Samba4 is vulnerable to "LDAP NULL BASE Search Access" as "The remote LDAP server may disclose sensitive information." Further it says that - The remote LDAP server supports search request...

Anyone know of a good vulnerability scanner they would recommend besides Nessus? Been googling, but a recommendation is preferred. Looking for another to run and compare the results I get with Nessus. Thanks, James

Hi all, I think I've found a Bug in current rc2 (same occours with rc1 and 0.99.9.1). I'am running dovecot with imap, pop3 and the ssl equivalents, after a nessus scan of my host with Bruteforce checks on IMAP, imap-login eats up lots of cpu. Before the scan: dovecot 22342 0.0 0.1 2320 636 ? SN Jun18 0:00 imap-login dovecot 5841 0.0 0.1 2320 692 ? SN Jun21 0:00 imap-login dovecot 5852 0.0 0.1 2320 692 ? SN Jun21 0:0...

Hi, My name is Joseph Villa, I'm new to the message boards and I'm also new to Samba. I just got an e-mail back on our Nessus scans.. Here are the 2 that are relivant.. 1.) The remote host has accessible LOGS$ share. ScriptLogic creates this share to store the logs, but does not properly set the permissions on it. As a result, anyone can use it to read the remote logs. Solution: Limit access to this share to the b...

We've been struggling with a problem for the past couple of days which to this point I've only gotten to be able to boil down to this: 1. Install nessus home edition (less pluggins I assume) 2. run all scans (sequentially or in parallel, doesn't seem to matter) 3. about 3 minutes in /var/log/messages will show segfaults on imap and/or pop3 imap-login[22185]: segfault at 000000000000000c rip 0000003c7de610a2 rsp 00007fffa2342068 error 4 or some...

I have dovecot running as a pop3s server on port 995 it works great with sendmail and I run nessus to check security issues nessus reports this The SSLv2 server offers 3 strong ciphers, but also 0 medium strength and 2 weak "export class" ciphers. The weak/medium ciphers may be chosen by an export-grade or badly configured client software. They only offer a limited protection against...

https://bugzilla.netfilter.org/show_bug.cgi?id=870 Summary: Iptables cannot block outbound packets sent by Nessus Product: iptables Version: 1.4.x Platform: x86_64 OS/Version: Ubuntu Status: NEW Severity: normal Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: Mitsuak...

Hi! Our computer center is currently examining registered servers (offering services passing the firewall) using Nessus. Yesterday I had a ssh-connection closing on one host. Today I have seen serv01 155: channel 0: istate 4 != open channel 0: ostate 64 != open popping up, the connection survived however... In both cases the client host was not scanned but the server host (one was Linux, one was HP-UX). Any ide...

...83.24.239) by lists.redhat.com with SMTP; 5 Sep 1999 00:06:25 -0000 Received: from paris.laroche.org (e017.paris-14.cybercable.fr [212.198.14.17]) by mail.redhat.com (8.8.7/8.8.7) with ESMTP id UAA29010 for <linux-security@redhat.com>; Sat, 4 Sep 1999 20:06:24 -0400 Received: from prof.fr.nessus.org (d026.paris-77.cybercable.fr [212.198.77.26]) by paris.laroche.org (8.9.2/8.9.1) with ESMTP id CAA65486 for <linux-security@redhat.com>; Sun, 5 Sep 1999 02:14:29 +0200 (CEST) (envelope-from deraison@cvs.nessus.org) Date: Sun, 5 Sep 1999 02:08:29 +0200 (CEST) From: Renaud Deraison <d...

...ord, which grants the user the 'guest' access To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and Q246261 (Windows 2000). Note that this won't completely disable null sessions, but will prevent them from connecting to IPC$ Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html The remote host defaults to guest when a user logs in using an invalid login. For instance, we could log in using the account 'nessus/nessus' All the smb tests will be done as ''/'whatever' in domain ALUMNI_HOUSE CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000...

Good Day All Sorry if this is a repeated email, but I need some information about how to disable SSL on a Samba4.2.2 AD domain controller as the nessus scanner is reporting the POODLE vulnerability and we are not allowed to have any of that in our environment. the nessus scan reports poodle vulnerability on all these ports: 443, 636, 3269 I had a look at previous posts but couldn't find a definitive answer any help is highly appreciated....

Thanks for the replies. The tool that we used for testing the security vulnerability is "Nessus". I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is fixed in this version and I want to apply patch for the vulnerbailities CVE-2015-1472 & CVE-2015-1473. Can you please help me in finding the right version that has fixes for these? Thanks On Sat, Apr 25, 2015 at 1:0...

...er the 'guest' access > >To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and >Q246261 (Windows 2000). >Note that this won't completely disable null sessions, but will >prevent them from connecting to IPC$ >Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html > >The remote host defaults to guest when a user logs in using an invalid >login. For instance, we could log in using the account 'nessus/nessus' > > >All the smb tests will be done as ''/'whatever' in domain ALUMNI_HOUSE >CVE : CAN-1999-0...

I'm runninng samba 3.0.2a on a few machines, ADS security mode, domain member roles. I throw nessus at it, and it can fetch the SID and then list all of the users on the system. I view this as a security problem, is there a way to prevent this?