Hi folks,
I use openvas for a vul management, I make a scan to the entire lan, and this 're just two security issues found in Asg ('re low btw):
Low
NVT: Determine which version of BIND name daemon is running (OID: 1.3.6.1.4.1.25623.1.0.10028)
BIND 'NAMED' is an open-source DNS server from ISC.org.
Many proprietary DNS servers are based on BIND source code.
The BIND based NAMED servers (or DNS servers) allow remote users
to query for version and type information. The query of the CHAOS
TXT record 'version.bind', will typically prompt the server to send
the information back to the querying source.
The remote bind version is : 9.6-ESV-R5
Solution :
Using the 'version' directive in the 'options' section will block
the 'version.bind' query, but it will not log such attempts.
Low
NVT: NTP read variables (OID: 1.3.6.1.4.1.25623.1.0.10884)
It is possible to determine a lot of information about the remote host
by querying the NTP (Network Time Protocol) variables - these include
OS descriptor, and time settings.
It was possible to gather the following information from the remote NTP host : version='ntpd 4.2.6p1@1.2158 Tue Jul 27 15:44:01 UTC 2010 (1)',
processor='i686', system='Linux/2.6.32.42-15.g07a53b3-default', leap=0,
stratum=11, precision=-21, rootdelay=0.000, rootdisp=896.066,
refid=127.127.1.0, reftime=0xd29476cd.07080a8e,
clock=0xd294e20c.734b31b4, peer=5093, tc=15, mintc=3, offset=0.000,
frequency=0.000, sys_jitter=0.000, clk_jitter=0.000, clk_wander=0.000
Quickfix: Set NTP to restrict default access to ignore all info packets:
restrict default ignore
And for my [:O] the Os fingerprint it's 91% confidential, great work guys!
This thread was automatically locked due to age.
