• User

    scansione con HP WebInspect - HELP

    Ciao a tutti vi chiedo una mano a capire se questi errori rilevati da uno scan fatto dal software HP WebInspect siano effettivamente errori critici o un bug di questo programma.
    Premetto che la macchina è un server windows 2008 R2 con IIS7.5 con anche installato php e mysql.
    Se secondo voi sono problemi mi fate sapere come risolverli, possibilmente con una piccola guida.

    Critical Planet Intra Buffer Overflow
    Summary:
    Planet Intra Intranet solution is a communication and collaboration tool that tries to simplify the information-sharing process.
    A buffer overflow vulnerability in Planet Intra allows remote execution of code.
    Execution:
    Vulnerable systems:
    Planet Intra version 2.5 (for Windows, Linux and Solaris)
    A buffer overflow (at least one, possibly more) exists in 'pi' binary that allows remote user to execute commands on the target
    system. For example, a request like:
    GET /cgi-bin/pi?page=document/show_file&id=(A x 10024)
    Will trigger an overflow.
    Fix:
    Apparently a patch is available for this issue, but there was no official response or confirmation, and we are not aware if the
    current version available for download . Check at
    planetintra.com.

    File Names: tuodominio.it:80/script/pi

    *Info2www Arbitrary Command Execution *
    Summary: The info2www script allows HTTP access to information stored in GNU EMACS Info Nodes. This script fails to properly parse input and can be used to execute commands on the server with permissions of the web server, by passing commands as part
    of a variable. Potential consequences of a successful exploitation involve anything the web server process has permissions to do, including possibly web site defacement.

    Execution:
    example.com/cgi-bin/info2www?(../../../../../../../../bin/mail recipient
    Implication:
    This vulnerability allows anyone to have full access, to perform whatever function that they wished on your machine. Using this vulnerability the intruder can 'squat' on this server collecting such sensitive data as user names, logins and passwords or other types of information that could be used for more serious crimes; if you are a financial institution and you allow your clients to bank on-line, the attacker can collect passwords, logins and account numbers and then transfer money out of their accounts).
    This could also allow a malicious user or intruder to add, delete or modify user or company web pages on the web server which could include the defacement of the main website on the machine.
    It would be easy to overwrite yourcompanies.com website with one that the hacker created, thus impacting business reputation or functionality and causing loss of company revenue or reputation.
    Fix:
    Version 1.2 of the script does not suffer from this issue.

    Spero in una vostra risposta.
    Grazie
    Ciao


  • Moderatore

    Ma quei servizi che lui dice essere vulnerabili sono effettivamente installati?

    In questo caso l'unica cosa da fare è cercare su internet informazioni a riguardo e vedere se ci sono patch e installarle.


  • User

    Noooooooooo la cosa bella e' proprio questa!
    E cioe' che non trovo traccia ne nella cartella FTP dove risiede il sito ne sull'intero server web di riferimenti a: info2www * o * planet intra * o * *pi.
    Eppure questo software mi dice di aver trovato queste criticita' !


  • Moderatore

    Lui dice che si trova in tuodominio.it:80/script/pi

    Se non c'è, allora mi sa che questo software è un pò come il norton 😄