社區
Netserver/Proliant 伺服器
1752800 會員
5696 線上
108789 解決方案
發表新文章

CompaqDL380G2 2381port漏洞處理方式

 
watermelonyu
教授

‎02-16-2006 04:00 PM

‎02-16-2006 04:00 PM

CompaqDL380G2 2381port漏洞處理方式

Server:Compaq ProLiant DL380 G2(235438-AA1)

偵測到2381 port的漏洞

我該如何修補,軟件下載位置,謝謝。



Vulnerability found on port unknown (2381/tcp)



The remote host seems to be using a version of OpenSSL which is

older than 0.9.6e or 0.9.7-beta3



This version is vulnerable to a buffer overflow which,

may allow an attacker to obtain a shell on this host.



*** Note that since safe checks are enabled, this check

*** might be fooled by non-openssl implementations and

*** produce a false positive.

*** In doubt, re-execute the scan without the safe checks





Solution : Upgrade to version 0.9.6e (0.9.7beta3) or newer

Risk factor : High

CVE : CVE-2002-0656, CVE-2002-0655, CVE-2002-0657, CVE-2002-0659, CVE-2001-1141

BID : 3004, 4316, 5363

Other references : IAVA:2002-A-0009, SuSE:SUSE-SA:2002:033

Nessus ID : 11060





Information found on port unknown (2381/tcp)







Synopsis :



The remote service encrypts traffic using a protocol with known

weaknesses.



Description :



The remote service accepts connections encrypted using SSL 2.0, which

reportedly suffers from several cryptographic flaws and has been

deprecated for several years. An attacker may be able to exploit these

issues to conduct man-in-the-middle attacks or decrypt communications

between the affected service and clients.



See also :



http://www.schneier.com/paper-ssl.pdf



Solution :



Consult the application's documentation to disable SSL 2.0 and use SSL

3.0 or TLS 1.0 instead.



Risk factor :



Low / CVSS Base Score : 2

(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)

Nessus ID : 20007

0 積分
回覆
1則回覆 1
tkuturtle
兼職顧問

‎07-27-2011 11:26 AM

‎07-27-2011 11:26 AM

回應: CompaqDL380G2 2381port漏洞處理方式

TCP Port 2381 是 HP System Management Homepage 走的 Port 封起來就不能用 SMH了唷

0 積分
回覆
以上表述為作者個人觀點,不代表惠普公司,使用本網站,請遵守網站使用規則和條款