NESSUS scan results for ZENworks 7 Linux Management - Dell Edition

  • Document ID:3268634
  • Creation Date:17-May-2007
  • Modified Date:30-Apr-2012
    • Micro Focus Products:
      ZENworks Linux Management

Environment

Novell ZENworks
Novell ZENworks Linux Management
Novell ZENworks 7 Linux Management - ZLM7
Novell ZENworks 7 Linux Management - Dell Edition - ZLMDE

Resolution

Typical vulnerabilities reported on a NESSUS scan:
"Avenger" (ZENworks 7 Linux Management - Dell Edition) Primary (Server) - sles9sp3-64bit
Warning found on port ssh (22/tcp)

The remote SSH daemon supports connections made
using the version 1.33 and/or 1.5 of the SSH protocol.

These protocols are not completely cryptographically
safe so they should not be used.

Solution :
If you use OpenSSH, set the option'Protocol' to '2'
If you use SSH.com's set the option'Ssh1Compatibility' to 'no'

Risk factor : Low

. Information found on port ssh (22/tcp)


An ssh server is running on this port

. Information found on port ssh (22/tcp)


Remote SSH version : SSH-1.99-OpenSSH_4.1

Remote SSH supported authentication : publickey,keyboard-interactive

. Information found on port ssh (22/tcp)


The remote SSH daemon supports the following versions of the
SSH protocol :

. 1.33
. 1.5
. 1.99
. 2.0


SSHv1 host key fingerprint : 31:dc:e3:e0:d0:d0:51:91:49:35:d0:4d:d3:d9:17:6f
SSHv2 host key fingerprint : 12:90:03:0f:47:85:91:9e:90:34:38:4d:3b:fa:59:65

. Warning found on port http (80/tcp)



The remote web server seems to be vulnerable to the Cross Site Scripting
vulnerability (XSS). The vulnerability is caused
by the result returned to the user when a non-existing file is requested
(e.g. the result contains the JavaScript provided
in the request).
The vulnerability would allow an attacker to make the server present the
user with the attacker's JavaScript/HTML code.
Since the content is presented by the server, the user will give it the
trust
level of the server (for example, the trust level of banks, shopping
centers, etc. would usually be high).

Sample url :http://ipaddress:80/.jsp">http://ipaddress:8008/foo.jsp?param=.jsp

Risk factor : Medium

Solutions:
. Allaire/Macromedia Jrun:
-http://www.macromedia.com/software/jrun/download/update/
-
http://www.securiteam.com/windowsntfocus/Allaire_fixes_Cross-Site_Scripting_security_vulnerability.html
CVE : CVE-2002-1060
BID : 5305, 7344, 7353, 8037, 9245

. Warning found on port http-alt (8008/tcp)



The remote host is running UBB.threads, a bulletin board system written in
PHP.

There are various cross-site scripting issues in the remote version of this
software. An attacker may exploit them to use the remote website to conduct
attacks against third parties.

Solution : Upgrade to the latest version of this software
Risk factor : Medium
BID : 11900

. Information found on port http-alt (8008/tcp)


A web server is running on this port

. Information found on port http-alt (8008/tcp)


The remote web server type is :

DHost/9.0 HttpStk/1.0

. Information found on port sunrpc (111/udp)


RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is
running on this port

. Warning found on port general/tcp



The remote host does not discard TCP SYN packets which
have the FIN flag set.

Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.

See also :http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113

Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487

. Information found on port general/tcp


The remote host is running one of these operating systems :
Linux Kernel 2.6
Linux Kernel 2.4

. Information found on port general/tcp


Information about this scan :

Nessus version : Unknown (NASL_LEVEL=2201)
Plugin feed version : 200603171215
Type of plugin feed : GPL only
Scanner IP : 151.155.185.104
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Max hosts : 20
Max checks : 4
Scan duration : unknown (ping_host.nasl not launched?)

. Information found on port tftp (69/udp)



The remote host is running a tftpd server.

Solution : If you do not use this service, you should disable it.
Risk factor : Low

. Warning found on port general/icmp



The remote host answers to an ICMP timestamp request. This allows an
attacker
to know the date which is set on your machine.

This may help him to defeat all your time based authentication protocols.

Solution : filter out the ICMP timestamp requests (13), and the outgoing
ICMP
timestamp replies (14).

Risk factor : Low
CVE : CAN-1999-0524

. Information found on port unknown (5900/tcp)


The remote VNC server chose security type #2 (VNC authentication)

. Information found on port general/udp