|
Home > Archive > Netware Webserver > June 2005 > NetWare Enterprise Web Server and Nessus Scan
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
NetWare Enterprise Web Server and Nessus Scan
|
|
| Dave Brown 2005-06-22, 5:45 pm |
| When running a Nessus scan against NetWare 5.1 server I'm seeing the
following reported as a vulnerablity:
https [443/tcp]
The remote host seem to be running a version of OpenSSL which is
older than 0.9.6k or 0.9.7c.
There is a heap corruption bug in this version which might be
exploited by an
attacker to gain a shell on this host.
Solution : If you are running OpenSSL, Upgrade to version 0.9.6k
or 0.9.7c or newer
Risk factor : High
CVE : CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
BID : 8732
Other references : IAVA:2003-A-0015, RHSA:RHSA-2003:291-01,
SuSE:SUSE-SA:2003:043
False positive? The server is running: NetWare 5.1 w/SP8 and NES ver 5.19a.
Thanks in advance.
| |
| Anders Gustafsson 2005-06-23, 2:45 am |
| Dave Brown,
> False positive?
>
Yes, IMHO. 5.1 does not run openssl.
- Anders Gustafsson, Engineer, CNE6, ASE
NSC Volunteer Sysop
Pedago, The Aaland Islands (N60 E20)
Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement
Using VA 5.51 build 315 on Windows 2000 build 2195
|
|
|
|
|