Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Security Updates

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
mlcaffaro
Posts: 1
Joined: 2021-04-08 13:24

Security Updates

#1 Post by mlcaffaro »

Hello guys, first I'm sorry if I posted on the wrong topic but I didn't find a specific security.
I have the following doubts:
I installed a server with debian 10.9 and as soon as the installation was finished, I tried to update it.
As this server is part of a company infrastructure, I left it registered to do vulnerability scans in an automated way.

When running nmap using script, I noticed that it was with the vulnerable ssh service as shown in the text below:

root@debian:/home/slater# nmap -sV --script vulners --script-args mincvss=5.0 x.x.x.x
Starting Nmap 7.70 ( https://nmap.org ) at 2021-04-08 11:21 -03
Nmap scan report for x.x.x.x
Host is up (0.00026s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| vulners:
| cpe:/a:openbsd:openssh:7.6p1:
| EXPLOITPACK:98FE96309F9524B8C84C508837551A19 5.8 https://vulners.com/exploitpack/EXPLOIT ... 8837551A19 *EXPLOIT*
| EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 5.8 https://vulners.com/exploitpack/EXPLOIT ... DDD97F9E97 *EXPLOIT*
| EDB-ID:46516 5.8 https://vulners.com/exploitdb/EDB-ID:46516 *EXPLOIT*
| CVE-2019-6111 5.8 https://vulners.com/cve/CVE-2019-6111
| SSH_ENUM 5.0 https://vulners.com/canvas/SSH_ENUM *EXPLOIT*
| PACKETSTORM:150621 5.0 https://vulners.com/packetstorm/PACKETSTORM:150621 *EXPLOIT*
| MSF:AUXILIARY/SCANNER/SSH/SSH_ENUMUSERS 5.0 https://vulners.com/metasploit/MSF:AUXI ... _ENUMUSERS *EXPLOIT*
| EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0 5.0 https://vulners.com/exploitpack/EXPLOIT ... B764E13FB0 *EXPLOIT*
| EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283 5.0 https://vulners.com/exploitpack/EXPLOIT ... 4B75563283 *EXPLOIT*
| EDB-ID:45939 5.0 https://vulners.com/exploitdb/EDB-ID:45939 *EXPLOIT*
| CVE-2018-15919 5.0 https://vulners.com/cve/CVE-2018-15919
| CVE-2018-15473 5.0 https://vulners.com/cve/CVE-2018-15473
| 1337DAY-ID-31730 5.0 https://vulners.com/zdt/1337DAY-ID-31730 *EXPLOIT*
| EDB-ID:45233 4.6 https://vulners.com/exploitdb/EDB-ID:45233 *EXPLOIT*
| PACKETSTORM:151227 0.0 https://vulners.com/packetstorm/PACKETSTORM:151227 *EXPLOIT*
| EDB-ID:46193 0.0 https://vulners.com/exploitdb/EDB-ID:46193 *EXPLOIT*
| 1337DAY-ID-32009 0.0 https://vulners.com/zdt/1337DAY-ID-32009 *EXPLOIT*
|_ 1337DAY-ID-30937 0.0 https://vulners.com/zdt/1337DAY-ID-30937 *EXPLOIT*
MAC Address: 08:00:27:0F:EC:DA (Oracle VirtualBox virtual NIC)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 4.32 seconds


What surprised me is that there are vulnerabilities in 2018 in the text above.

Shouldn't debian have updated these packages with security holes?

Below is my sources.list to see if something is wrong.
root@debian:/home/slater# cat /etc/apt/sources.list
#

# deb cdrom:[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64 NETINST 20210327-10:38]/ buster main

#deb cdrom:[Debian GNU/Linux 10.9.0 _Buster_ - Official amd64 NETINST 20210327-10:38]/ buster main

deb http://deb.debian.org/debian/ buster main
deb-src http://deb.debian.org/debian/ buster main

deb http://security.debian.org/debian-security buster/updates main
deb-src http://security.debian.org/debian-security buster/updates main

# buster-updates, previously known as 'volatile'
deb http://deb.debian.org/debian/ buster-updates main
deb-src http://deb.debian.org/debian/ buster-updates main

deb http://security.debian.org/debian-security buster/updates main contrib non-free
# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.


Thanks

User avatar
FreewheelinFrank
Global Moderator
Global Moderator
Posts: 2082
Joined: 2010-06-07 16:59
Has thanked: 38 times
Been thanked: 225 times

Re: Security Updates

#2 Post by FreewheelinFrank »

You have to look at the vulnerability reports and see what has been fixed and what hasn't and why.

For example, one link refers to CVE-2019-6110 and CVE-2019-6111. You will see that one of these has been fixed and the other is marked as unimportant, with a link to a discussion of why it's unimportant.

https://security-tracker.debian.org/tra ... -2019-6110

https://security-tracker.debian.org/tra ... -2019-6111

https://lists.mindrot.org/pipermail/ope ... 37475.html

It's your job to read these and evaluate them and decide if and how you are going to mitigate the unfixed ones if you don't agree they are unimportant. Have fun!

Post Reply