|
-
November 9th, 2005, 07:37 PM
#1
NFS-CD Vulnerability Discovered by NESSUS
Hello all-
Another auditor and I are reviewing a NESSUS report from a group of *nix servers we are auditing right now, that shows a vulnerability called NFS-CD that affects various *nix variants. However, in trying to see if the vulnerability actually does what it claims from the servers it reports the vulnerability existing, it does not work; it just brings us out of the NFS mount and up to the parent directory - which to me perhaps signals a false positive. In just reading about the vulnerability causes my brain to spin-lock as it does not make sense to me - but then again - I like pictures better:
From the NESSUS plugin description: http://www.nessus.org/plugins/index....ingle&id=11357
From CVE: http://cve.mitre.org/cgi-bin/cvename...=CVE-1999-0166
As you can see, this is an older vulnerability. I am wondering if 1) I should ask the NESSUS mailing list about this - wasn't sure, as NESSUS is just reporting what it found and 2) if perhaps this is a false positive for some reason; e.g., patching 3) check to see if the servers - by checking with the SA group - have a partition setup for their NFS mounts.
The servers are running HP-UX 11.i. Also - just curious - does anyone here work with HP-UX?
Thank you in advance!
\"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote