similar to: Good vulnerability Scanner besides Nessus?

Recently, i scanned my samba4.1 server by Nessus (a vulnerability scanner tool - http://www.tenable.com/products/nessus) Nessus says that Samba4 is vulnerable to "LDAP NULL BASE Search Access" as "The remote LDAP server may disclose sensitive information." Further it says that - The remote LDAP server supports search requests with a null, or empty, base object. This allows

Good Day All Sorry if this is a repeated email, but I need some information about how to disable SSL on a Samba4.2.2 AD domain controller as the nessus scanner is reporting the POODLE vulnerability and we are not allowed to have any of that in our environment. the nessus scan reports poodle vulnerability on all these ports: 443, 636, 3269 I had a look at previous posts but couldn't find a

Hi, Can someone recommend a good vulnerability scanning service? I just need the minimum for PCI compliance (it's a sort of credit card processing certification). I got a free scan from https://www.hackerguardian.com/ and their scan reported a number of "Fail" results. I haven't checked them all yet but most seem to be things for which fixes were backported looong ago by The

I have file a bug and modified the source code to make samba4 do not use SSLV3, but I am not able to make a patch to this. https://bugzilla.samba.org/show_bug.cgi?id=11076 -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Mario Pio Russo Sent: Wednesday, July 08, 2015 4:48 PM To: samba at lists.samba.org Subject: [Samba] Samba

Hi, I'm currently at CentOS 5.8. I'm using openssl version openssl-0.9.8e-22.el5. The following vulnerability was reported by a Nessus security scan: "SSL/ TLS Renegotion Handshakes MiTm Plaintext Data Injection" As per following link, Redhat has introduced openssl-0.9.8m which fixes this specific issue:

Hi All. I am currently searching for a decent image/container/registry scanner. I would like to be able to check images for CVE, at the moment I am using rhel/centos/ubuntu/debian based images. I tried on CentOS7: - openscap (oscap-docker): needs atomic for installation, allows scanning of rhel based images only; - atomic: allows scanning of rhel based images only; - clair: usable in theory for

No patch available now. Download the source code and modified the source code yourself, and then compile it. -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Mario Pio Russo Sent: Wednesday, July 08, 2015 10:01 PM To: Kelvin Yip Cc: samba at lists.samba.org; samba-bounces at lists.samba.org Subject: Re: [Samba] Samba 4 -

Thanks Kelvin I'm a bit confised tho, is this patch already avaiable? if yes, what is the parameter that disable ssl into the smb.conf? Maybe the guys from Enterprise samba have already included the patch into their releases so it's just a maatter of enabling the flag. I'm using sernet-samba-4.2.2 Thanks!

FYI On the ISN vulnerability I found a really good article on Initial Sequence Numbers (ISN) vulnerability and according to this article all Linux Kernels after 1996 are not affected by this vulnerability. http://www.linuxsecurity.com/articles/security_sources_article-2968.html I found another article that stated : Operating systems that have been reported to be safe from practical attacks

Arg... that's a problem now.. we are not allowed to complie third party software in our dev enviroment, we are only allowed to use packages (that's why we use sernet-samba, which in fairness is great!). any plan to release a proper patch? ___________________________________________________________________________________________ Mario Pio Russo, System Admin SWG IT Services Dublin,

I'm trying to get nessus setup for doing some internal security checking. I installed the ports for nessus and nessus-plugins, and everything worked as expected. I then registered for the full feed of plugins, which got me up to over 10,000 plugins. I restarted nessus, and it didn't work at all. I am running without X11, so I'm doing batch runs. I already have nmap installed, so I

hi gurus: tried to install nessus and it would not compile: ===> Configuring for nessus-libraries-2.2.9_1 ******************************************************** * W a r n i n g * * * * Nessus needs Berkeley Packet Filter (bpf). * * To use nessus, your kernel must be rebuilt with bpf, * *

https://bugzilla.netfilter.org/show_bug.cgi?id=870 Summary: Iptables cannot block outbound packets sent by Nessus Product: iptables Version: 1.4.x Platform: x86_64 OS/Version: Ubuntu Status: NEW Severity: normal Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org

Hi, I'm currently experimenting with OpenVAS, the vulnerability scanner which was forked from Nessus. I'm reading through various HOWTOs and tutorials, and it seems like I'm stuck very early in my fiddling process. All the CentOS-based tutorials I've found mention a third-party Atomic repo, and here's how the installation usually begins. # wget -q -O -

I'm trying to get get nessus 2.2.5 to install on my centos 3.5 system. It errors out with this error: Press ENTER to continue x - Compiling the libraries x -- Configuring the sources for your system configure: error: Could not find OpenSSL and OpenSSL headers on your system **** An error occured :/ Do you want to save the compilation log to analyze what went wrong ? [y] Where should I save

Hi List, I am looking for good multifunction (fax, scanner, ..) color network laser printer for Linux, any ideas? specs: - Linux, Windows and OSX support on printer and also on scanner. - A4 papersize http://multi.gnt.lt/Pages/brochures/HP/CM2320MFP-ENG.pdf ? thanks, -- Eero

We've been struggling with a problem for the past couple of days which to this point I've only gotten to be able to boil down to this: 1. Install nessus home edition (less pluggins I assume) 2. run all scans (sequentially or in parallel, doesn't seem to matter) 3. about 3 minutes in /var/log/messages will show segfaults on imap and/or pop3 imap-login[22185]: segfault at

I run samba 2.2.8a on my openbsd 3.4 box, installed from a package. All i need is the ability to mount disks form winxp boxes so i only run smbd, at 139/tcp. I tried scanning the box with nessus, and it came up with some results that got me curious. Since i dont know very much about the smb protocol I thought i should ask here. Have searched the archives but found only old posts, concering

Paul, Are you using Samba to authenticate then? You've created user accounts on your Linux system that map to Windows accounts and built the Samba password database using 'smbpasswd'? ry -----Original Message----- From: samba-bounces+ryanfrantz=informed-llc.com@lists.samba.org [mailto:samba-bounces+ryanfrantz=informed-llc.com@lists.samba.org] On Behalf Of Paul Bradshaw Sent:

Dear All, Can anyone recommend a scanner that works well on 4.8. Thanks in advance, Regards, Dave -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20030906/4c29ef0a/attachment.bin