Recently, the vulnerability of Linux server was scanned comprehensively, and found the following problems for peer reference:
Vulnerability description |
Vulnerability Name |
650) this.width=650; "src=" Https://119.254.115.119/images/vm.gif "alt=" vm.gif "/> guessed that there is a login username password for the remote SNMP service |
Detailed description |
This scan confirms the existence of a predictable password for the SNMP service on the target host through brute-force guessing.
A remote attacker could further attack the target host by guessing the username password, which would greatly threaten the security of the target host and the target network. |
Solutions |
It is recommended that you take the following measures to mitigate the threat:
* If the SNMP service is not required, it is recommended to stop this service.
* Modify the user's password and set a password that is strong enough. |
Threat Score |
5 |
Dangerous plugins |
Whether |
vulnerability name |
650) this.width=65 0; "src=" Https://119.254.115.119/images/vh.gif "alt=" vh.gif "/>oracle Database Server Remote security Vulnerability (CVE-2013-3774) | /tr>
|
oracle database server is an object-to-relational databases management system. It provides an open, comprehensive, and integrated approach to information management. Oracle Database Server has a remote security vulnerability on the implementation of the network layer component, which can be exploited by the Oracle NET protocol, which can be exploited by an unauthenticated remote attacker to affect the confidentiality, integrity, Availability: 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 |
solution |
oracle ------ Oracle has released a security bulletin (cpujuly2013-1899826) for this and a corresponding patch: Cpujuly2013-1899826:oracle Critical Patch Update advisory-july Link: http://www.oracle.com/technetwork/topics/security/ cpujuly2013-1899826.html |
threat score |
7 |
Vulnerability description |
Vulnerability Name |
650) this.width=650; "src=" Https://119.254.115.119/images/vh.gif "alt=" vh.gif "/>oracle Database Server Local Security Vulnerability ( cve-2013-3771) |
Detailed description |
Oracle database server is an object-to-relational data management system. It provides an open, comprehensive, and integrated approach to information management.
Oracle Database Server has a local security vulnerability on the implementation of Oracle executable components, which can be exploited by local protocols, which can be exploited by unauthenticated remote attackers to affect the confidentiality, integrity, and availability of the following versions: 10.2.0.4 , 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 |
Solutions |
Oracle ------ Oracle has released a security bulletin (cpujuly2013-1899826) for this and a corresponding patch: Cpujuly2013-1899826:oracle Critical Patch Update advisory-july 2013 Links: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
|
Threat Score |
7 |
vulnerability description |
vulnerability name |
650) this.width=650; "Src=" Https://119.254.115.119/image S/vh.gif "alt=" vh.gif "/>openssh ' schnorr.c ' Remote Memory Corruption Vulnerability (cve-2014-1692) |
detailed description |
openssh is an open source implementation of the SSH protocol. OpenSSH version 6.4 and earlier, Hash_buffer functions in schnorr.c do not initialize certain data structures if Makefile.inc is modified to enable the J-pake protocol. This allows a remote attacker to cause a denial of service (memory corruption). |
solution |
Vendor Patch: OpenSSH ------- Mesh Previous vendors have released upgrade patches to fix this security issue, please go to the manufacturer's homepage to download: http://www.openssh.com/ Yum update openssh* |
threat score |
7 |
Detailed description |
This scan confirms the existence of a guessing password for the FTP service on the target host through brute-force guessing.
A remote attacker could further attack the target host by guessing the username password, which would greatly threaten the security of the target host and the target network. |
Solutions |
It is recommended that you take the following measures to mitigate the threat:
* If the FTP service is not required, it is recommended to stop this service.
* Modify the user's password and set a password that is strong enough. |
Threat Score |
5 |
Detailed description |
An intruder can obtain an open list of TCP/UDP ports on the target host through the SNMP protocol.
These port information is generally more accurate than the information obtained through the port scan, and attackers can use these port information to identify open services on the target host, understand firewall rules, and initiate further attacks.
|
Solutions |
It is recommended that you take the following measures to mitigate the threat:
* Modify SNMP default password or disable SNMP service:
Under the Solaris system, modify the/etc/snmp/conf/snmpd.conf In the default password, and then execute the following command to make it effective: #/etc/init.d/init.snmpdx stop #/etc/init.d/init.snmpdx start
Under the Solaris system, you can disable the SNMP service by executing the following command: #/ETC/INIT.D/INIT.SNMPDX Stop # MV/ETC/RC3.D/S76SNMPDX/ETC/RC3.D/S76SNMPDX
For Windows systems, you can turn off the SNMP service in the following ways (for example, Windows 2000): Open Control Panel, double-click Add or Remove Programs, select Add/Remove Windows components, select management and Monitoring tools, double-click Open, cancel the Simple Network Management Protocol check box, press OK, and then follow the prompts to complete the operation.
On Cisco routers, you can modify and delete SNMP passwords in the following ways:
1. telnet or login to your Cisco router via serial port
2. Enter the Enable password:
Router>enable Password: router#
3. Display the current SNMP configuration on the router:
Router#show Running-config Building configuration ... ... ... Snmp-server Community Public RO Snmp-server Community Private RW .... ....
4. Enter configuration mode:
Router#configure Terminal Enter configuration commands, one per line. End with cntl/z. Router (config) #
You can use one or both of the following three methods:
(1) If you do not need to manage through SNMP, you can disable the SNMP agent service:
After all read-only, read-write passwords are deleted, the SNMP agent service prohibits
A. Remove the read-only (RO) password:
Router (config) #no snmp-server Community public RO ......
B. Delete read-write (RW) password
Router (config) #no snmp-server Community Private RW ......
(2) If you still need to use SNMP, modify the SNMP password so that it is not easy to guess:
A. Delete the original read-only or read-write password:
Router (config) #no snmp-server Community public RO Router (config) #no snmp-server Community Private RW
B. Set a new read-only and read-write password, the password strength should be enough, not easy to guess.
Router (config) #no snmp-server Community XXXXXXX RO Router (config) #no snmp-server Community yyyyyyy RW
(3) Allow only trusted hosts to be accessed via SNMP password (for example, read-only password ' public ')
A. Create an Access control list (assuming the name is 66):
Router (config) #access-list
B. Prohibit anyone from accessing the public password:
Router (config) #snmp-server Community public RO 66
C. Set up a trusted host (1.2.3.4) that allows access using the public password:
Router (config) #snmp-server host 1.2.3.4 Public
Access restrictions for read and write passwords are the same as above.
After the SNMP password is modified, deleted, and so on, you need to perform the Write memory command to save the settings:
Router (config) #exit (exit Congigure mode) Router#write memory (Save Settings)
* Filter out access to the internal network UDP 161 port on the firewall.
|
Threat Score |
2 |
Recent vulnerability scanning problems and solutions for Linux servers