Displaying 20 results from an estimated 2000 matches similar to: "3.0.2a: SID, User Enumeration"
2006 Feb 09
1
Running nessus on freebsd...
I'm trying to get nessus setup for doing some internal security
checking. I installed the ports for nessus and nessus-plugins,
and everything worked as expected. I then registered for the
full feed of plugins, which got me up to over 10,000 plugins.
I restarted nessus, and it didn't work at all. I am running
without X11, so I'm doing batch runs. I already have nmap
installed, so I
2008 Mar 05
2
update rysnc 3.0 on ubuntu 7
I am runninng rsync on Ubuntu. It was installed using apt-get install rysnc.
I note that the package has not yet been updated to rysnc 3.0.
I would like to update using the tar but I am confused how to update the
existing installation.
On this machine, I am mainly using rsync to send to a cwrsync server (which
I have updated already). Can I just overwrite the rsync executable?
Any help
2004 Jun 23
2
samba security question - samba vulnerable to any WindowsExploits?
Hi Ryan,
I am not authenticating to any Windows server, I just have the samba
server itself set up with 3 users who an login.
...Paul
Ryan Frantz wrote:
>Paul,
>
>Are you using a Windows PDC or ADS to authenticate your Samba shares?
>If so, the problem would not be with Samba, but with the authenticating
>server.
>
>Ryan
>
>-----Original Message-----
>From:
2014 Oct 04
1
LDAP NULL BASE Search Access to Samba4
Recently, i scanned my samba4.1 server by Nessus (a vulnerability scanner
tool - http://www.tenable.com/products/nessus)
Nessus says that Samba4 is vulnerable to "LDAP NULL BASE Search Access" as
"The remote LDAP server may disclose sensitive information."
Further it says that - The remote LDAP server supports search requests with
a null, or empty, base object. This allows
2005 Mar 12
4
Shorewall 2.2.1 and open ports
Hello all,
I’m running Shorewall 2.2.1 on linux kernel 2.6.10 with iptables 1.2.11. I recently ran a nessus scan of my firewall from a machine outside of the firewall and the nessus report told me that there are some ports open that I did not specify to be open. The ports are 32772/udp, 123/udp, 111/tcp, 32772/udp, and 53/udp. Why are these ports open when I did NOT specify them to be open
2004 Apr 23
3
SSL Ciphers
I have dovecot running as a pop3s server on port 995
it works great with sendmail
and
I run nessus to check security issues
nessus reports this
The SSLv2 server offers 3 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against
2003 Dec 16
3
Results of nessus scan
I run samba 2.2.8a on my openbsd 3.4 box, installed from a package.
All i need is the ability to mount disks form winxp boxes so i only run
smbd, at 139/tcp.
I tried scanning the box with nessus, and it came up with some results
that got me curious.
Since i dont know very much about the smb protocol I thought i should
ask here.
Have searched the archives but found only old posts, concering
2005 Aug 16
1
Nessus Installation Failure
I'm trying to get get nessus 2.2.5 to install on my centos 3.5 system.
It errors out with this error:
Press ENTER to continue
x - Compiling the libraries
x -- Configuring the sources for your system
configure: error: Could not find OpenSSL and OpenSSL headers on your system
**** An error occured :/
Do you want to save the compilation log to analyze what went wrong ? [y]
Where should I save
2006 Oct 18
1
Urgent - Inconsistent Inboxes
Hi,
An urgent problem that I have :
runninng dc 0.99.14 w mbox on local ext3 , nothing special, no nfs,
nothing.
For this machine we have a backup server rsyncing everything over. Now
the main server went down and we started DC on the backup machine some
day ago. Everything went well, besides one problem : people complained
about missing mails that they had seen beforehand. When looking in
2015 Jul 08
2
Samba 4 - disabling SSLv3 to mitigate POODLE effects
Good Day All
Sorry if this is a repeated email, but I need some information about how to
disable SSL on a Samba4.2.2 AD domain controller as the nessus scanner is
reporting the POODLE vulnerability and we are not allowed to have any of
that in our environment.
the nessus scan reports poodle vulnerability on all these ports:
443, 636, 3269
I had a look at previous posts but couldn't find a
2003 Oct 04
1
Security Fix Confusion
Hi,
I'm wondering if anybody could enlighten me about the effect of tracking
RELENG?
When the Openssh advisory came out (SA-03:12) I allowed a few days for all
issues to get ironed out and then used CVSUP to rebuild my boxes with
RELENG_4_7 or RELENG_4_8 (as appropriate). The advisory says that the
problem with OpenSSH is fixed by 4.7-RELEASE-p16 and a 'uname -a' of one of
my 4.7
2013 Oct 31
7
[Bug 870] New: Iptables cannot block outbound packets sent by Nessus
https://bugzilla.netfilter.org/show_bug.cgi?id=870
Summary: Iptables cannot block outbound packets sent by Nessus
Product: iptables
Version: 1.4.x
Platform: x86_64
OS/Version: Ubuntu
Status: NEW
Severity: normal
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
2013 Aug 06
2
Openssl vulnerability - SSL/ TLS Renegotion Handshakes
Hi,
I'm currently at CentOS 5.8. I'm using openssl version
openssl-0.9.8e-22.el5. The following vulnerability was reported by a Nessus
security scan:
"SSL/ TLS Renegotion Handshakes MiTm Plaintext Data Injection"
As per following link, Redhat has introduced openssl-0.9.8m which fixes
this specific issue:
2004 Jan 02
1
Missing Directory Entries (SMBFS)
SuSE 9.0 Pro - Kernel 2.4.21 - Samba 2.2.8a and 3.0.1-14
Here's my problem:
On a box runninng XP, I have a shared folder which contains 130+
subdirectories. This share is mounted on my linux box from '/etc/smbfstab',
but some directories do not show up in directory listings. It's never more
than one, and which one varies, but generally seems to be in or near the
last half of the
2015 Jul 08
2
Samba 4 - disabling SSLv3 to mitigate POODLE effects
Thanks Kelvin
I'm a bit confised tho, is this patch already avaiable? if yes, what is the
parameter that disable ssl into the smb.conf? Maybe the guys from
Enterprise samba have already included the patch into their releases so
it's just a maatter of enabling the flag.
I'm using sernet-samba-4.2.2
Thanks!
2015 Apr 27
5
Centos security update
Thanks for the replies. The tool that we used for testing the security
vulnerability is "Nessus".
I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is fixed
in this version and I want to apply patch for the vulnerbailities
CVE-2015-1472 & CVE-2015-1473. Can you please help me in finding the right
version that has fixes for these?
Thanks
On Sat, Apr 25, 2015 at
2004 Nov 08
3
nessusd on shorewall
Hi,
I have shorewall version 1.4.10g on Redhat 9 Local clients are on eth1
in subnet 192.168.3.0/24. eth0 is for the outside (over xdsl with
includes a ppp0 interface).
Nessus (nessusd) is installed *on the firewall* and managed trough
nessus (the client or frontend) running on one of the internal machines.
When I was running a scan against 194.152.181.36 I observed several
entries like
2002 Nov 19
1
IPC$ share accessible with arbitrary usernames/passwords
MM = M Maki (1 Oct 2002)
AB = Andrew Bartlett (2 Oct 2002)
MM > I have a couple of Samba (2.0.7 & 2.2.0) servers I scanned with
> Nessus and they reported a security hole of "Possible to login
> to the remote host using a NULL session" I have a couple of NT
> servers I disabled with a registry edit. Is there a way to
> prevent this on the Samba
2010 Feb 19
2
segfault - (imap|pop3)-login during nessus scan
We've been struggling with a problem for the past couple of days which to this point I've only gotten to be able to boil down to this:
1. Install nessus home edition (less pluggins I assume)
2. run all scans (sequentially or in parallel, doesn't seem to matter)
3. about 3 minutes in /var/log/messages will show segfaults on imap and/or pop3
imap-login[22185]: segfault at
2011 Aug 01
2
RedHat to CentOS packages
Dear all,
We're trying to use Nessus to monitor our system and we're having a hard
time mapping the package versions from RedHat to CentOS in order to be
able to report against CVE (vulnerability reports).
After some research, we think that the mapping is as follows (using
HTTPD as the example):
CentOS httd-2.2.3-43.el5.centos.3 is equivalent to RedHat
httpd-2.2.3-43.el5_5.3
So, it