On Sat, Oct 04, 2003 at 02:25:26AM +0200, Francesco Lamonica wrote: > Vulnerability found on port general/icmp > The remote host is vulnerable to an 'icmp leak' - > when it receive a packet that raise an ICMP error packet > (except ICMP destination unreachable), the ICMP packet is > supposed to contain the original message. > Due to a bug in the remote TCP/IP stack, it will also contain fragments > of the content of the remote kernel memory. > An attacker may use this flaw to remotely sniff what is going on into > the host's memory, especially network packets that it sees, and > obtain useful information such as POP passwords, HTTP authentication > fields, and so on. > > Solution : Contact your vendor for a fix. If the remote host is running > Linux 2.0, upgrade to Linux 2.0.40. > > but i am running linux 2.4.22 (plain vanilla kernel compiled from sources)
This is not a false positive. Contact the maintainer of the driver of your NIC, and have him investigate the issue. > Hole #2 > > Vulnerability found on port cvspserver (2401/tcp) > The remote CVS server, according to its version number, > is vulnerable to a double free() bug which may allow an > attacker to gain a shell on this host. > > Solution : Upgrade to CVS 1.11.5 > > but i am running cvs 1.11.5 Doubtful as well. If you enabled KB saving in your client, what does the entriy "cvs/2401/version" in /usr/local/var/nessus/users/<login>/kb/<ip> looks like ? > Warning #1 > > Warning found on port https (443/tcp) > Your webserver supports the TRACE and/or TRACK methods. It has been > shown that servers supporting this method are subject [..] > but i do have those lines in my httpd.conf file (running apache 2.0.47) Did you restart httpd ? None of these seem to be false positives to me.
