topic Re: Version disclosure how to avoid it in Operating System - HP-UX

Version disclosure how to avoid it

chindi — Tue, 06 Aug 2013 08:18:56 GMT

Hi ,

Information disclosure in banner grab reveals sensitive data, such as technical details of the web server, environment, or user-specific data. This sensitive data may be used by an attacker to exploit the target web application, its hosting network, or its users. This helps an attacker to launch target specific attacks.

We need to disable telnet ad ftp verisons , how do we do it ??

Re: Version disclosure how to avoid it

Torsten. — Tue, 06 Aug 2013 09:22:06 GMT

Better to disable telnet and ftp anyway. Use ssh and scp or sftp instead.

Re: Version disclosure how to avoid it

chindi — Tue, 06 Aug 2013 10:35:00 GMT

Hi ,

We already have disabled telnet , but when we check from our local network say through telnet 10.xx.xx.xx 22 the ssh version must not be displayed .

telnet 10.xx.xx.xx 22

OpenSSH 4.5p1sdtpfilecontrol-v1.1hpn12v14

Re: Version disclosure how to avoid it

Torsten. — Tue, 06 Aug 2013 11:56:45 GMT

Look for a "banner" optin in "/etc/ssh/sshd_config".

Re: Version disclosure how to avoid it

chindi — Tue, 06 Aug 2013 12:27:54 GMT

Hi ,

Its nt working

I tried Banner /etc/issue

/etc/issue contents as "TEST"

when i took a ssh session it showed up as ;

Its not my reqmnt.

My reqmnt is when am doing telnet to check port from a machine to that particular hpux 11iv2 server ,

telnet 10.xx.xx.xx 22

It must not display ssh version , only a blank screen must appear .

Re: Version disclosure how to avoid it

Torsten. — Tue, 06 Aug 2013 12:37:43 GMT

Not /etc/issue but the ssh_config file!

Re: Version disclosure how to avoid it

chindi — Tue, 06 Aug 2013 12:53:52 GMT

Hi Torsten ,

grep "Banne" /opt/ssh/etc/sshd_config

Banner /home/test

cat /home/test

test

and again when am trying telnet 10.xx.xx.xx 22 from my local machine to this server am able to get the ssh version .

Re: Version disclosure how to avoid it

chindi — Tue, 06 Aug 2013 13:14:56 GMT

Hi ,

We need to change open ssh banner here.

Need to edit this file as ;

Read in a forum .

root #/ >vim /opt/ssh/src/ssh/version.h
/* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */

#define SSH_VERSION "OpenSSH_4.5"

#ifdef HP_SFTP_UMASK_FIX
#define SSH_PORTABLE "p1+sftpfilecontrol-v1.1"
#else
#define SSH_PORTABLE "p1"
#endif /* HP_SFTP_UMASK_FIX */

#ifdef HP_HPN_PATCH
#define SSH_HPN "-hpn12v14"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
#else
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
#endif /* HP_HPN_PATCH */

#ifdef HP_VERSION_STRING /* Here: for hp ssh version */
#include "hp_version.h"
#endif /* HP_VERSION_STRING */

Re: Version disclosure how to avoid it

chindi — Wed, 07 Aug 2013 08:19:19 GMT

How to disable SSH version and Operating System banner ?

#telnet localhost 22

OpenSSH 4.5p1sdtpfilecontrol-v1.1hpn12v14

after a lot of research i have found that we cannot and should not disbale it.

since it is reqd for clients who connect this server.

Re: Version disclosure how to avoid it

chindi — Tue, 13 Aug 2013 13:03:53 GMT

Hi Matti / Dennis ,

Waiting for your suggestions.