N
nullsystems
Guest
I just ran a scan on my PLESK 8.1 up-2-date server.
Unfortunatly, Nessus ( current ) just found:
13 Open Ports, 58 Notes, 1 Warnings, 6 Holes
I personally believe I secured the server, I have been working with PLESK now for a year and would say I know a fair ammount about security.
And of course firewalls are correctly setup.
However, heres the main problem:
"pcsync-https (8443/tcp)
The remote web server seems to be vulnerable to a format string attack
on the URI.
An attacker might use this flaw to make it crash or even execute
arbitrary code on this host.
Solution: upgrade your software or contact your vendor and inform him
of this vulnerability
Risk Factor : High
Plugin ID : 15640"
The plugin id, has a link to a piece of code which allows you to investigate further....as in, perform the vulnerability.
Sw-SOFT what is going on ?!
It appears to be correct to.
This Nessus application is free for download, i suggest anyone interested in there server to test it out and post on here with any help and suggestions, I am just about to contact sw-soft and cry out for help.
Here are some others it found:
pop3s (995/tcp) and 110
The remote POP3 server might be vulnerable to a buffer overflow
bug when it is issued at least one of these commands, with a too long
argument :
auth
user
pass
If confirmed, this problem might allow an attacker to execute
arbitrary code on the remote system, thus giving him an interactive
session on this host.
--------------------------------------
http (80/tcp)
The remote web server crashes when it is issued a too
long argument to the 'Host:' field of an HTTP request.
An attacker may use this flaw to either completely prevent
this host from serving web pages to the world, or to
make it die by crashing several threads of the web server
until the complete exhaustion of this host memory
Risk Factor : High
Solution: Upgrade your web server.
CVE : CVE-2000-0825
BID : 2011
Plugin ID : 10496
It was possible to make the remote switch reboot by requesting :
GET /cgi-bin/view-source?/
An attacker may use this flaw to prevent your network from working
properly.
---------------------------------------------
https (443/tcp)
It was possible to make the remote switch reboot by requesting :
GET /cgi-bin/view-source?/
An attacker may use this flaw to prevent your network from working
properly.
---------------------------------------------
domain (53/udp)
Synopsis :
The remote name server allows recursive queries to be performed
by the host running nessusd.
Description :
It is possible to query the remote name server for third party names.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as www.nessus.org).
This allows hackers to do cache poisoning attacks against this
nameserver.
If the host allows these recursive queries via UDP,
then the host can be used to 'bounce' Denial of Service attacks
against another network or system.
Unfortunatly, Nessus ( current ) just found:
13 Open Ports, 58 Notes, 1 Warnings, 6 Holes
I personally believe I secured the server, I have been working with PLESK now for a year and would say I know a fair ammount about security.
And of course firewalls are correctly setup.
However, heres the main problem:
"pcsync-https (8443/tcp)
The remote web server seems to be vulnerable to a format string attack
on the URI.
An attacker might use this flaw to make it crash or even execute
arbitrary code on this host.
Solution: upgrade your software or contact your vendor and inform him
of this vulnerability
Risk Factor : High
Plugin ID : 15640"
The plugin id, has a link to a piece of code which allows you to investigate further....as in, perform the vulnerability.
Sw-SOFT what is going on ?!
It appears to be correct to.
This Nessus application is free for download, i suggest anyone interested in there server to test it out and post on here with any help and suggestions, I am just about to contact sw-soft and cry out for help.
Here are some others it found:
pop3s (995/tcp) and 110
The remote POP3 server might be vulnerable to a buffer overflow
bug when it is issued at least one of these commands, with a too long
argument :
auth
user
pass
If confirmed, this problem might allow an attacker to execute
arbitrary code on the remote system, thus giving him an interactive
session on this host.
--------------------------------------
http (80/tcp)
The remote web server crashes when it is issued a too
long argument to the 'Host:' field of an HTTP request.
An attacker may use this flaw to either completely prevent
this host from serving web pages to the world, or to
make it die by crashing several threads of the web server
until the complete exhaustion of this host memory
Risk Factor : High
Solution: Upgrade your web server.
CVE : CVE-2000-0825
BID : 2011
Plugin ID : 10496
It was possible to make the remote switch reboot by requesting :
GET /cgi-bin/view-source?/
An attacker may use this flaw to prevent your network from working
properly.
---------------------------------------------
https (443/tcp)
It was possible to make the remote switch reboot by requesting :
GET /cgi-bin/view-source?/
An attacker may use this flaw to prevent your network from working
properly.
---------------------------------------------
domain (53/udp)
Synopsis :
The remote name server allows recursive queries to be performed
by the host running nessusd.
Description :
It is possible to query the remote name server for third party names.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as www.nessus.org).
This allows hackers to do cache poisoning attacks against this
nameserver.
If the host allows these recursive queries via UDP,
then the host can be used to 'bounce' Denial of Service attacks
against another network or system.