Need help from you guys - BUGS

[yuna_admirer]

Hi AOers,

Yesterday, i purchased the Retina Scanner (newest version with full update), then I 've performed an complete scan of my system. I almost got terrify by the bugs it listed out. After recalm, i started to analyse, and fix up the problem as it has suggested. But, still some bugs i don't understand, or barely understand just by reading its recomentation sites. However, i need to be experienced of these bugs one in a real system - my system , i guess. I've settup at small simulation of my ISP system which consist Gateway (Cisco 7200), IDS and PIX firewall attached at the core switch which is Cisco4000.An Access Server 5300 accepting call from dial-up clients, authenticated via a Tacacs+ server. My security policy, configuration has balanced between user freedom and security focus. The Web server runs "Linux Kernel 2.4.0 - 2.5.20 , Linux 2.4.16 - 2.4.18 , Linux 2.4.19-pre4 on Alpha , Linux Kernel 2.4.3 SMP (RedHat)". That's it, some general background. All are configured pretty properly, and hasn't been penetrated since it started running ( was DoS, DDoS many times and DR DoS once, but it run well up till now in the real Network).

After perform and fixing up many bugs in the web server scan ( the Linux one), three more bugs left that i haven't seen. I wonder if someone here could give me some info about theses, if posible, some URL contain downloadable Softs, so that i could test its again. This is all for security purpose.


1st - CGI Scripts: TCP:80 - CGI - fpcount.exe A buffer overflow vulnerability in older versions of fpcount.exe, can be be remotely exploited to execute arbitrary commands.

http://cve.mitre.org/cgi-bin/cvename...=CAN-1999-1376

2nd - Dns Services: TCP:53 - BIND 9 resolver buffer overflow . A buffer overflow in libbind and libc can be exploited by an attacker to gain remote access to any server that uses these vulnerable resolver implimentations. BIND up to 9.2.1, Sendmail, and most a unices are vulnerable, to name a few.

http://cve.mitre.org/cgi-bin/cvename...=CAN-2002-0651

3rd - SSH Servers: TCP:22 - OpenSSH 3.3 PAMAuth Integer Overflow . Several versions of the OpenSSH sshd between 1.2.2 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation.

http://cve.mitre.org/cgi-bin/cvename...=CVE-2002-0640

4th - Web Servers: TCP:443,80 - OpenSSL ASN.1 Parsing Error Denial Of Service Vulnerability. A remotely exploitable denial of service condition has been reported in the OpenSSL ASN.1 library. This vulnerability is due to parsing errors and affects SSL, TLS, S/MIME, PKCS#7 and certificate creation routines. Using this vulnerability an attacker can disable a remote client or server by issuing a denial of service attack

http://cve.mitre.org/cgi-bin/cvename...=CAN-2002-0659

[infosecguru2]

for the first, just delete fpcount.exe out of your cgi-bin.
For the second, and third, and fourth, you would need to get the latest BIND, SSH, and OpenSSL sources and install them. Make sure that there aren't updates for these problems released by Cisco already.