ran this Vulnerability Scanner on my box recently and got two holes and four warnings. I am not sure what all I need to be concerned about and what is just false alarms so to speak. Can someone help me with these and let me know waht I need to do?

-----------------------------------------------------------------------------

Hole #1 at ftp(21/tcp)
The remote FTP server seems to be vulnerable to an integer
conversion bug when it receives a malformed argument to the
'REST' command.

An attacker may exploit this flaw to crash the remote FTP
daemon and possibly execute arbitary code on this host.

Solution : if the remote FTP server is HP/UX ftpd, then
apply patch PHNE_21936.

Risk Factor : High
Nessus ID : 11701

Hole #2 at ssh (22/tcp)
You are running a version of OpenSSH which is older than 3.7.1

Versions older than 3.7.1 are vulnerable to a flaw in the buffer management
functions which might allow an attacker to execute arbitrary commands on this
host.

An exploit for this issue is rumored to exist.


Note that several distribution patched this hole without changing
the version number of OpenSSH. Since Nessus solely relied on the
banner of the remote SSH server to perform this check, this might
be a false positive.

If you are running a RedHat host, make sure that the command :
rpm -q openssh-server

Returns :
openssh-server-3.1p1-13 (RedHat 7.x)
openssh-server-3.4p1-7 (RedHat 8.0)
openssh-server-3.5p1-11 (RedHat 9)

Solution : Upgrade to OpenSSH 3.7.1
See also : http://marc.theaimsgroup.com/?l=openbsd-mi...75452423794&w=2
http://marc.theaimsgroup.com/?l=openbsd-mi...75456923804&w=2
Risk factor : High
CVE : CAN-2003-0682, CAN-2003-0693, CAN-2003-0695
BID : 8628
Other references : RHSA:RHSA-2003:279, SuSE:SUSE-SA:2003:039
Nessus ID : 11837

Warnings include:
This FTP service allows anonymous logins.
The remote name server allows recursive queries to be performed
by the host running nessusd.
Your webserver supports the TRACE and/or TRACK methods.
The remote host might be vulnerable to a sequence number approximation
bug.

What OS are you running?

What FTP server are you running?

If you are running Red Hat ES, is everything up to date (up2date)?

I can't comment on #1, however #2 is probably a false positive since RedHat patches older file versions when new vulenrabilities are published, rather then publish a new version of the program.

Ya.. I would never run a standard FTP server on a machine that I was concerned with keeping (ie not getting hacked), as far as the openssh.. the scanner here is just nexxus. Its reporting based off of version numbers. Since Red hat and some other big distributions are sticking with their own distribution numbers they are patching for the old versions. As long as you keep your machine up2date with up2date then you are probably ok.

try: up2date openssh for starters, but you should make sure all your packages including and especially the gcc libs are up2date as well.. seems like that where alot of the intermitant bugs come from.

If your openssh doesnt work you will have to submit a trouble ticket. Most dont because the machines have to be registered with the redhat network by EV1 since they are their machines.

Good Luck

-Cor