Topic: rootkit hunter 1.1.15 output

[Denbert]

Hi there,

When I run RootKit Hunter I get this answer:

* Application version scan
   - ClamAV 0.65   [ Vulnerable ]
   - GnuPG 1.0.7   [ Vulnerable ]
   - Apache 1.3.27   [ Vulnerable ]
   - Bind DNS [unknown]   [ OK ]
   - OpenSSL 0.9.6b   [ Unknown ]
   - PHP 4.3.6   [ Vulnerable ]
   - Procmail MTA 3.22   [ OK ]
   - ProFTPd 1.2.9   [ Vulnerable ]
   - OpenSSH 3.8p1   [ OK ]

Shouldn’t these applications be updated or are they safe in the SME 6.0.1 Server-gateway configuration?

Furthermore there should be a forum called security for these issues.

[mbachmann]

Switch off ssh and ftp access or allow only from local networks. Close down apache. That's the price for security.

[GetRighT]

Switch off ssh and ftp access or allow only from local networks. Close down apache. That's the price for security.

Erhmm... then why have a server connected to the internet... doh?  

[Denbert]

You took the words right out of my mouth. It’s no solution to “unplug” the server.

I’m looking forward to follow the work from the new security team. And hope that they will deal more serious about security issues.

Cheers.

[guest22]

Is this report based on THE standard SME Server 6.0.1-1 or did you install 3rd party contribs?

If you did install 3rd party contribs, please contact the author of that specific contrib to ask him/her about the messages.

If the messages are about a DEFAULT installation of SME Server 6.0.1-1 please report them in the bug tracker 1 at a time so seperate issues can be tracked in seperate bugreports.

Thanks,
RequestedDeletion

[Denbert]

Is this report based on THE standard SME Server 6.0.1-1 or did you install 3rd party contribs?

RequestedDeletion

Ok, I have some contribs installed – I’ll setup at clean testbox and make a new report one of these days.

Cheers,

[byte]

I'd Say with the Exception of CLAM rest are DEFAULT...

Is'nt it a security related problem? not a bug!

[Denbert]

Is'nt it a security related problem? not a bug!

You are quite right – But there isn’t a forum called Security?

That’s why I placed the thread in here.

I’ll be back

[sqlerror]

Hi there,

When I run RootKit Hunter I get this answer:

* Application version scan
   - ClamAV 0.65   [ Vulnerable ]
   - GnuPG 1.0.7   [ Vulnerable ]
   - Apache 1.3.27   [ Vulnerable ]
   - Bind DNS [unknown]   [ OK ]
   - OpenSSL 0.9.6b   [ Unknown ]
   - PHP 4.3.6   [ Vulnerable ]
   - Procmail MTA 3.22   [ OK ]
   - ProFTPd 1.2.9   [ Vulnerable ]
   - OpenSSH 3.8p1   [ OK ]

See my post on the same subject with a solution in the form of updated rpm's to address these vulnerabilities:
http://forums.contribs.org/index.php?topic=24329.0
Sqlerror

[sqlerror]

Hi there,

When I run RootKit Hunter I get this answer:

* Application version scan
   - ClamAV 0.65   [ Vulnerable ]
   - GnuPG 1.0.7   [ Vulnerable ]
   - Apache 1.3.27   [ Vulnerable ]
   - Bind DNS [unknown]   [ OK ]
   - OpenSSL 0.9.6b   [ Unknown ]
   - PHP 4.3.6   [ Vulnerable ]
   - Procmail MTA 3.22   [ OK ]
   - ProFTPd 1.2.9   [ Vulnerable ]
   - OpenSSH 3.8p1   [ OK ]

See my post on the same subject with a solution in the form of updated rpm's to address these vulnerabilities:
http://forums.contribs.org/index.php?topic=23241.0
Sqlerror