Hello All,

This is to the Network Security Gurus out there. We have a client that is
testing the security of their HP 3000 & we are running into a few snags. The
only services that we are running (or atleast that we know of), are Apache
and VT. They are using the Security Scanner "Nessus".

The scan that was performed completely locked up the 3000 and forced us to
restart the server. Can anyone tell me what the problem might be?

The output from Nessus follows,

Thanks,
-Pete

Nessus Scan Report
------------------

SUMMARY

 - Number of hosts which were alive during the test : 1
 - Number of security holes found : 3
 - Number of security warnings found : 0
 - Number of security notes found : 0

DETAILS
 . List of open ports :
   o www (80/tcp) (Security hole found)
   o unknown (1537/tcp)
   o general/tcp (Security hole found)

 . Vulnerability found on port www (80/tcp) :

    The remote web server crashes when it is issued a too
    long argument to the 'Host:' field of an HTTP request.

    An attacker may use this flaw to either completely prevent
    this host from serving web pages to the world, or to
    make it die by crashing several threads of the web server
    until the complete exhaustion of this host memory

    Risk factor : High
    Solution : Upgrade your web server.

 . Vulnerability found on port www (80/tcp) :

    It is possible to make the remote GroupWise server
    crash by doing the request :

         GET /servlet/AAAA...AAAA

    Risk factor : High.
    Solution :  Install GroupWise Enhancement Pack 5.5 Sp1
    CVE : CAN-2000-0146

 . Vulnerability found on port general/tcp :

    The TCP sequence numbers of the remote host
    depends on the time, so they can be
    guessed rather easily. A cracker may use
    this flaw to spoof TCP connections easily.

    Solution : contact your vendor for a patch
    Risk factor : High

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *