Results 1 to 4 of 4

Thread: Possible security issues

  1. #1
    Registered Member
    Join Date
    May 2003
    Posts
    9

    Post Possible security issues

    Sorry, I hate to bring this up but a user on our shared hosting network brought some security information to my attention, nothing that's going to cause any severe problems within minutes of it being posted as far as I can see and pretty readily available, but I just wanted to check and see if these could be genuine security issues and if so when we can expect to see them fixed. Thanks for your help

    Hey, here is the audit I got while using "Nessus" aginst your server. Just foward this to your admin if you have no clue on where most of these files are. These are mostly cgi-scripts that can be used to "Get" information like "Password list", "User Lists", "E-mail lists", "Account Information", and "Server configuration Information". These are very serious security factors that can affect you. If someone can get your "user name" then all they need is your password. Some of these require a account or root privilage to work also. So if I was under your account in the server then I can pretend im you to help gain access to the root account and basicly take the server. Some of the "Buffer Overflows" might be honeypots. Like I said a "honepot" is a daemon that is runned to help gain information on how a "Cracker" cracks into a server. So admins can get better info on how a thief steals.

    These are with port "80" of your server.

    Count.cgi and Guestbook.cgi - Both of these can be used to execute commands with "Get" to get information about the server/files ect. Labeled very SERIOUS.

    These are WARNINGS with port "2084"

    Robot.txt - This contains "Session ID" information as well other key information about the server. Someone can "Hijack" the session with info on correct "Session ID". This is just a medium warning.

    Webdriver - This is installed in the CGI-BIN and could be vuln. Being I am not "ROOT" I can not tell the version. But it can be vuln to someone getting information on "informix Databases" and the HOSTS that run it.

    Vpasswd.cgi - Same as Webdriver. I can't tell the version but none the less someting to look into or check to make sure it's secure.

    Pagelog.cgi - This is a serious flaw that allows attackers to create files ending in .txt.

    Nph-test.cgi - This allows a attacker to get a list of whats in the cgi-bin thus leading the apocolypse

    Mailnews - This has many vulns to run commands and ect.

    Finger - Typical on most servers but should be removed

    Pgpmail.pl - Need to upgrade this to v1.31 right away. This is a HIGH factor.


    These are HOLES with port "2084"

    The remote HTTP server allows attackers to read arbitrary files with adding simple dots inf front of the name "Get /../../winnt/boot.ini" as an example. Should update or change this.

    /wwwboard/passwd.txt exsists. Use wwwadmin.pl to configure this CORRECTLY!

    Ping.asp - Should be removed.

    It is possiable to read arbitrary files on the remote server by using "../../" or "..\..\" Should use another webserver all together. It is also possible with "%252e/.%252e"

    Check out Quicktime/Darwin Streaming Admin server that it is fixed.

    Check out BizDB with Bizdb-Serch.cgi it is a serious vuln that has had other scriptkiddies using it to help take down servers. Make sure the admin knows about it and has fixed or removed it.

    On port 6666 there is a IRC server running. It isn't being used and can be used to suffer IRC based worms and ect. Should be disabled if not being used. I can log into this fine.

    General TCP - DCSHOP CGI - This version does not properly protect a user and credit card information. It is possiable to access admin passwords, current pending transactions, and credit card information. Def needs a reminder to be looked into with "orders.txt".

  2. #2
    Registered Member This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,499

    Default

    Some of those are false-positives (port 6666 for example). The others are either false-positives or are specific to your users site or customers scripts that they have installed. Nessus, while it has its place in vulnerability testing, is pretty stupid, as any remote testing tools is, and the results have to be filtered through your knowledge and investigation of its reports.
    Jonathan Michaelson

    cPanel Server Configuration, Security and Antivirus/AntiSpam Services
    http://www.configserver.com

  3. #3
    cPanel Product Evangelist Infopro's Avatar
    Join Date
    May 2003
    Location
    Pennsylvania
    Posts
    11,505
    cPanel Access Level

    Root Administrator

    Exclamation

    I just wanted to check and see if these could be genuine security issues and if so when we can expect to see them fixed.
    It's your server you fix them.
    Last I looked cPanel doesn't do IRC. (to name one of your problems not belonging to cpanel.)

  4. #4
    Registered Member
    Join Date
    May 2003
    Posts
    112

    Default

    looks like a few false positives..... but some of those scritps should be checked....

    this site is a vulnerability database based on nessus, so you can search and find the specifics of each one...

    http://www.vulnerabilityscanning.com/


    .

Similar Threads

  1. Security Issues
    By Ferocious in forum Security
    Replies: 3
    Last Post: 08-02-2005, 12:58 PM
  2. phpMyAdmin security issues
    By speckados in forum Security
    Replies: 0
    Last Post: 11-26-2004, 05:45 AM
  3. Possible Security Issues
    By Weed in forum Security
    Replies: 1
    Last Post: 03-15-2004, 09:50 AM
  4. Security issues and others
    By SupermanInNY in forum Security
    Replies: 8
    Last Post: 08-14-2003, 04:52 PM
  5. privacy/ security issues.
    By visiondream3 in forum Security
    Replies: 0
    Last Post: 03-14-2003, 09:06 PM
bargain