Security Updates

If none of the more specific forums is the right place to ask

Security Updates

Postby mlcaffaro » 2021-04-08 13:45

Hello guys, first I'm sorry if I posted on the wrong topic but I didn't find a specific security.
I have the following doubts:
I installed a server with debian 10.9 and as soon as the installation was finished, I tried to update it.
As this server is part of a company infrastructure, I left it registered to do vulnerability scans in an automated way.

When running nmap using script, I noticed that it was with the vulnerable ssh service as shown in the text below:

root@debian:/home/slater# nmap -sV --script vulners --script-args mincvss=5.0 x.x.x.x
Starting Nmap 7.70 ( https://nmap.org ) at 2021-04-08 11:21 -03
Nmap scan report for x.x.x.x
Host is up (0.00026s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| vulners:
| cpe:/a:openbsd:openssh:7.6p1:
| EXPLOITPACK:98FE96309F9524B8C84C508837551A19 5.8 https://vulners.com/exploitpack/EXPLOIT ... 8837551A19 *EXPLOIT*
| EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 5.8 https://vulners.com/exploitpack/EXPLOIT ... DDD97F9E97 *EXPLOIT*
| EDB-ID:46516 5.8 https://vulners.com/exploitdb/EDB-ID:46516 *EXPLOIT*
| CVE-2019-6111 5.8 https://vulners.com/cve/CVE-2019-6111
| SSH_ENUM 5.0 https://vulners.com/canvas/SSH_ENUM *EXPLOIT*
| PACKETSTORM:150621 5.0 https://vulners.com/packetstorm/PACKETSTORM:150621 *EXPLOIT*
| MSF:AUXILIARY/SCANNER/SSH/SSH_ENUMUSERS 5.0 https://vulners.com/metasploit/MSF:AUXI ... _ENUMUSERS *EXPLOIT*
| EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0 5.0 https://vulners.com/exploitpack/EXPLOIT ... B764E13FB0 *EXPLOIT*
| EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283 5.0 https://vulners.com/exploitpack/EXPLOIT ... 4B75563283 *EXPLOIT*
| EDB-ID:45939 5.0 https://vulners.com/exploitdb/EDB-ID:45939 *EXPLOIT*
| CVE-2018-15919 5.0 https://vulners.com/cve/CVE-2018-15919
| CVE-2018-15473 5.0 https://vulners.com/cve/CVE-2018-15473
| 1337DAY-ID-31730 5.0 https://vulners.com/zdt/1337DAY-ID-31730 *EXPLOIT*
| EDB-ID:45233 4.6 https://vulners.com/exploitdb/EDB-ID:45233 *EXPLOIT*
| PACKETSTORM:151227 0.0 https://vulners.com/packetstorm/PACKETSTORM:151227 *EXPLOIT*
| EDB-ID:46193 0.0 https://vulners.com/exploitdb/EDB-ID:46193 *EXPLOIT*
| 1337DAY-ID-32009 0.0 https://vulners.com/zdt/1337DAY-ID-32009 *EXPLOIT*
|_ 1337DAY-ID-30937 0.0 https://vulners.com/zdt/1337DAY-ID-30937 *EXPLOIT*
MAC Address: 08:00:27:0F:EC:DA (Oracle VirtualBox virtual NIC)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 4.32 seconds


What surprised me is that there are vulnerabilities in 2018 in the text above.

Shouldn't debian have updated these packages with security holes?

Below is my sources.list to see if something is wrong.
root@debian:/home/slater# cat /etc/apt/sources.list
#

# deb cdrom:[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64 NETINST 20210327-10:38]/ buster main

#deb cdrom:[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64 NETINST 20210327-10:38]/ buster main

deb http://deb.debian.org/debian/ buster main
deb-src http://deb.debian.org/debian/ buster main

deb http://security.debian.org/debian-security buster/updates main
deb-src http://security.debian.org/debian-security buster/updates main

# buster-updates, previously known as 'volatile'
deb http://deb.debian.org/debian/ buster-updates main
deb-src http://deb.debian.org/debian/ buster-updates main

deb http://security.debian.org/debian-security buster/updates main contrib non-free
# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.


Thanks
mlcaffaro
 
Posts: 1
Joined: 2021-04-08 13:24

Re: Security Updates

Postby FreewheelinFrank » 2021-04-08 14:37

You have to look at the vulnerability reports and see what has been fixed and what hasn't and why.

For example, one link refers to CVE-2019-6110 and CVE-2019-6111. You will see that one of these has been fixed and the other is marked as unimportant, with a link to a discussion of why it's unimportant.

https://security-tracker.debian.org/tracker/CVE-2019-6110

https://security-tracker.debian.org/tracker/CVE-2019-6111

https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037475.html

It's your job to read these and evaluate them and decide if and how you are going to mitigate the unfixed ones if you don't agree they are unimportant. Have fun!
User avatar
FreewheelinFrank
 
Posts: 321
Joined: 2010-06-07 16:59


Return to General Questions

Who is online

Users browsing this forum: No registered users and 11 guests

fashionable