Recent vulnerability scanning problems and solutions for Linux servers

Source: Internet
Author: User
Tags snmp cve

Recently, the vulnerability of Linux server was scanned comprehensively, and found the following problems for peer reference:

Vulnerability description
Vulnerability Name 650) this.width=650; "src=" Https://119.254.115.119/images/vm.gif "alt=" vm.gif "/> guessed that there is a login username password for the remote SNMP service
Detailed description This scan confirms the existence of a predictable password for the SNMP service on the target host through brute-force guessing.

A remote attacker could further attack the target host by guessing the username password, which would greatly threaten the security of the target host and the target network.
Solutions It is recommended that you take the following measures to mitigate the threat:

* If the SNMP service is not required, it is recommended to stop this service.

* Modify the user's password and set a password that is strong enough.
Threat Score 5
Dangerous plugins Whether
/tr>
vulnerability name 650) this.width=65 0; "src=" Https://119.254.115.119/images/vh.gif "alt=" vh.gif "/>oracle Database Server Remote security Vulnerability (CVE-2013-3774)
oracle database server is an object-to-relational databases management system. It provides an open, comprehensive, and integrated approach to information management.

Oracle Database Server has a remote security vulnerability on the implementation of the network layer component, which can be exploited by the Oracle NET protocol, which can be exploited by an unauthenticated remote attacker to affect the confidentiality, integrity, Availability: 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3
solution oracle
------
Oracle has released a security bulletin (cpujuly2013-1899826) for this and a corresponding patch:
Cpujuly2013-1899826:oracle Critical Patch Update advisory-july
Link: http://www.oracle.com/technetwork/topics/security/ cpujuly2013-1899826.html

threat score 7
Vulnerability description
Vulnerability Name 650) this.width=650; "src=" Https://119.254.115.119/images/vh.gif "alt=" vh.gif "/>oracle Database Server Local Security Vulnerability ( cve-2013-3771)
Detailed description Oracle database server is an object-to-relational data management system. It provides an open, comprehensive, and integrated approach to information management.

Oracle Database Server has a local security vulnerability on the implementation of Oracle executable components, which can be exploited by local protocols, which can be exploited by unauthenticated remote attackers to affect the confidentiality, integrity, and availability of the following versions: 10.2.0.4 , 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3
Solutions Oracle
------
Oracle has released a security bulletin (cpujuly2013-1899826) for this and a corresponding patch:
Cpujuly2013-1899826:oracle Critical Patch Update advisory-july 2013
Links: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

Threat Score 7
vulnerability description
vulnerability name 650) this.width=650; "Src=" Https://119.254.115.119/image S/vh.gif "alt=" vh.gif "/>openssh ' schnorr.c ' Remote Memory Corruption Vulnerability (cve-2014-1692)
detailed description openssh is an open source implementation of the SSH protocol.

OpenSSH version 6.4 and earlier, Hash_buffer functions in schnorr.c do not initialize certain data structures if Makefile.inc is modified to enable the J-pake protocol. This allows a remote attacker to cause a denial of service (memory corruption).
solution

Vendor Patch:

OpenSSH
-------
Mesh Previous vendors have released upgrade patches to fix this security issue, please go to the manufacturer's homepage to download:

http://www.openssh.com/

Yum update openssh*

threat score 7
Detailed description This scan confirms the existence of a guessing password for the FTP service on the target host through brute-force guessing.

A remote attacker could further attack the target host by guessing the username password, which would greatly threaten the security of the target host and the target network.
Solutions It is recommended that you take the following measures to mitigate the threat:

* If the FTP service is not required, it is recommended to stop this service.

* Modify the user's password and set a password that is strong enough.
Threat Score 5
Detailed description An intruder can obtain an open list of TCP/UDP ports on the target host through the SNMP protocol.

These port information is generally more accurate than the information obtained through the port scan, and attackers can use these port information to identify open services on the target host, understand firewall rules, and initiate further attacks.
Solutions It is recommended that you take the following measures to mitigate the threat:

* Modify SNMP default password or disable SNMP service:

Under the Solaris system, modify the/etc/snmp/conf/snmpd.conf
In the default password, and then execute the following command to make it effective:
#/etc/init.d/init.snmpdx stop
#/etc/init.d/init.snmpdx start

Under the Solaris system, you can disable the SNMP service by executing the following command:
#/ETC/INIT.D/INIT.SNMPDX Stop
# MV/ETC/RC3.D/S76SNMPDX/ETC/RC3.D/S76SNMPDX

For Windows systems, you can turn off the SNMP service in the following ways (for example, Windows 2000):
Open Control Panel, double-click Add or Remove Programs, select Add/Remove Windows components, select management and Monitoring tools, double-click Open, cancel the Simple Network Management Protocol check box, press OK, and then follow the prompts to complete the operation.

On Cisco routers, you can modify and delete SNMP passwords in the following ways:

1. telnet or login to your Cisco router via serial port

2. Enter the Enable password:

Router>enable
Password:
router#

3. Display the current SNMP configuration on the router:

Router#show Running-config
Building configuration ...
...
...
Snmp-server Community Public RO
Snmp-server Community Private RW
....
....

4. Enter configuration mode:

Router#configure Terminal
Enter configuration commands, one per line. End with cntl/z.
Router (config) #

You can use one or both of the following three methods:

(1) If you do not need to manage through SNMP, you can disable the SNMP agent service:

After all read-only, read-write passwords are deleted, the SNMP agent service prohibits

A. Remove the read-only (RO) password:

Router (config) #no snmp-server Community public RO
......

B. Delete read-write (RW) password

Router (config) #no snmp-server Community Private RW
......


(2) If you still need to use SNMP, modify the SNMP password so that it is not easy to guess:

A. Delete the original read-only or read-write password:

Router (config) #no snmp-server Community public RO
Router (config) #no snmp-server Community Private RW

B. Set a new read-only and read-write password, the password strength should be enough, not easy to guess.

Router (config) #no snmp-server Community XXXXXXX RO
Router (config) #no snmp-server Community yyyyyyy RW

(3) Allow only trusted hosts to be accessed via SNMP password (for example, read-only password ' public ')

A. Create an Access control list (assuming the name is 66):

Router (config) #access-list

B. Prohibit anyone from accessing the public password:

Router (config) #snmp-server Community public RO 66

C. Set up a trusted host (1.2.3.4) that allows access using the public password:

Router (config) #snmp-server host 1.2.3.4 Public

Access restrictions for read and write passwords are the same as above.

After the SNMP password is modified, deleted, and so on, you need to perform the Write memory command to save the settings:

Router (config) #exit (exit Congigure mode)
Router#write memory (Save Settings)

* Filter out access to the internal network UDP 161 port on the firewall.


Threat Score 2

Recent vulnerability scanning problems and solutions for Linux servers

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.