Security: Common false positive scan results

SUMMARY

Below are some common false positive results from security scans.

DESCRIPTION

Unitrends vulnerability responses for some common false positive scan results  
Short Description Severity CVE Family Unitrends Risk
Microsoft Windows SMB Guest Account Local User Access Medium CVE-1999-0505 Windows none *1
SMB Signing Disabled Medium   Misc. none *2
SSH Server CBC Mode Ciphers Enabled Low CVE-2008-5161 Misc. none *3, *4
SSH Weak MAC Algorithms Enabled Low   Misc. none *3
SSH Weak Algorithms Supported Medium   Misc. none *3
Samba Badlock Vulnerability Medium CVE-2016-2118 General none *5
Null Session/Password NetBIOS Access Medium CVE-1999-0519 Windows none *6
NetBIOS Shared Folder List Available Low   Windows none *7
NFS exports system-critical data to the world, e.g. / or a password file Medium CVE-1999-0554 Misc. none *8
Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone Low CVE-1999-0211 Misc. none *8
Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list. Low CVE-1999-0170 Misc. none *8

RESOLUTION

*1 = False positive.  This vulnerability only applies to Windows, and this system is Linux, so Windows login does not apply.
*2 = False positive.  Included in updates: Unitrends security updates enable server signing, as shown in /etc/samba/smb.conf:  'server signing = auto' and ' client signing = enabled'
*3 = False positive.  Included in updates: The Unitrends security updates configure /etc/ssh/sshd_config Ciphers for secure algorithms
*4 = False positive:  The default ssh version in RHEL6/CentOS6 is not vulnerable to this CVE, see  https://access.redhat.com/security/cve/cve-2008-5161
*5 = False positive.  Included in updates:  See Unitrends KB for CVE-2016-2118 at CVE-2016-2118: Samba Badlock vulnerability
*6 = False positive.  Only applies to Windows.  See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0519.  This would only impact a Unitrends system if it were leveraging Windows authentication/domain services on that system, which it does not.
*7 = False positive.  Only applicable to Windows servers (as described in the scan report).
*8 = False Positive.  Unitrends systems do not have any NFS exports.  Not a very common scan mistake.

Some scan engines report these false positives below for the postgresql 5432 port, for which only trusted connections are allowed after the security updates.  The 5432 port is still visible, but does not accept database connections.

SSL/TLS: Report 'Null' Cipher Suites (OID: 1.3.6.1.4.1.25623.1.0.108022) Medium 5432/tcp
SSL/TLS: 'DHE_EXPORT' Man in the Middle Security Bypass Vulnerability (LogJam) (OID: 1.3.6.1.4.1.25623.1.0.805188) Medium 5432/tcp
SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection (OID: 1.3.6.1.4.1.25623.1.0.111012) Medium 5432/tcp
SSL/TLS: RSA Temporary Key Handling 'RSA_EXPORT' Downgrade Issue (FREAK) (OID: 1.3.6.1.4.1.25623.1.0.805142) Medium 5432/tcp
SSL/TLS: Report Weak Cipher Suites (OID: 1.3.6.1.4.1.25623.1.0.103440) Medium 5432/tcp
SSL/TLS: Certificate Signed Using A Weak Signature Algorithm (OID: 1.3.6.1.4.1.25623.1.0.105880) Medium 5432/tcp
SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.106223) Medium 5432/tcp

LINK TO ADVISORIES

    Was this article helpful?
    0 out of 0 found this helpful
    Have more questions? Contact us