Security: False Positives from Qualsys scan engine

SUMMARY

The Qualsys security software reports more false positives than other software, so typical responses are included.

DESCRIPTION

Sample Scan Results using Qualsys scan engine against a Unitrends system are shown below.
The Qualsys scan engine includes a list of 'potential' vulnerabilities (issues that might be typical for this type of system) but these have not been detected.
Note that most of these vulnerabilities are false positives (no risk).    Any vulnerabilities of Type 'Potential' are almost always incorrect on Linux distributions.
*1= Any applicable vulnerabilities have been addressed in the security updates.
See Unitrends security KB for details at https://unitrends-support.zendesk.com/hc/en-us/articles/360013271818 
           

RESOLUTION

OS IP Status QID Type Severity Title CVE ID Unitrends Response
Ubuntu / Linux 2.6.x host scanned, found vuln 70003 Vuln 4 Null Session/Password NetBIOS Access CVE-1999-0519 False positive.  Only applies to Windows.  See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0519
Ubuntu / Linux 2.6.x host scanned, found vuln 11 Vuln 2 Hidden RPC Services   Negligible risk.  Refer to this for a good explanation  http://www.beyondsecurity.com/scan_pentest_network_vulnerabilities_rpc_portmapper
Ubuntu / Linux 2.6.x host scanned, found vuln 38172 Vuln 2 SSL Certificate - Improper Usage Vulnerability   Certificate is known, however a custom Certificate Authority may be applied.
Ubuntu / Linux 2.6.x host scanned, found vuln 38169 Vuln 2 SSL Certificate - Self-Signed Certificate   Certificate is known, however a custom Certificate Authority may be applied.
Ubuntu / Linux 2.6.x host scanned, found vuln 38173 Vuln 2 SSL Certificate - Signature Verification Failed Vulnerability   Certificate is known, however a custom Certificate Authority may be applied.
Ubuntu / Linux 2.6.x host scanned, found vuln 38170 Vuln 2 SSL Certificate - Subject Common Name Does Not Match Server FQDN   Certificate is known, however a custom Certificate Authority may be applied.
Ubuntu / Linux 2.6.x host scanned, found vuln 82024 Vuln 2 UDP Constant IP Identification Field Fingerprinting Vulnerability CVE-2002-0510 No risk.  See Red Hat statement at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0510
Ubuntu / Linux 2.6.x host scanned, found vuln 70001 Vuln 1 NetBIOS Shared Folder List Available   False positive.   Only applicable to Windows servers (as described in the scan report).
Ubuntu / Linux 2.6.x host scanned, found vuln 105666 Potential 5 EOL/Obsolete Software: Samba 3.x Detected   Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 70075 Potential 5 Samba "TALLOC_FREE" Funtion Remote Code Execution Vulnerability CVE-2015-0240 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 66040 Potential 5 Statd Format Bug Vulnerability CVE-2000-0666, CVE-2000-0800 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 86490 Potential 4 Apache HTTP Server Prior to 2.2.29 Multiple Vulnerabilities CVE-2014-0231, CVE-2013-5704, CVE-2014-0118, CVE-2014-0226 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 86490 Potential 4 Apache HTTP Server Prior to 2.2.29 Multiple Vulnerabilities CVE-2014-0231, CVE-2013-5704, CVE-2014-0118, CVE-2014-0226 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 12500 Potential 3 Apache HTTP Server APR "apr_fnmatch()" Denial of Service Vulnerability CVE-2011-0419 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 86908 Potential 3 Apache HTTP Server mod_cache and mod_dav Undisclosed DoS Vulnerability CVE-2010-1452 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 12529 Potential 3 Apache HTTP Server mod_proxy_ajp Denial of Service Vulnerability CVE-2011-3348 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 87242 Potential 3 Apache HTTP Server Multiple Denial of Service Vulnerabilities CVE-2012-4557, CVE-2012-0021 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 87242 Potential 3 Apache HTTP Server Multiple Denial of Service Vulnerabilities CVE-2012-4557, CVE-2012-0021 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 87133 Potential 3 Apache HTTP Server Prior to 2.2.23/2.4.2 Multiple Vulnerabilities CVE-2012-2687, CVE-2012-0883 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 87233 Potential 3 Apache HTTP Server Prior to 2.2.25 Multiple Vulnerabilities CVE-2013-1896, CVE-2013-1862 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 87233 Potential 3 Apache HTTP Server Prior to 2.2.25 Multiple Vulnerabilities CVE-2013-1896, CVE-2013-1862 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 86172 Potential 3 Apache HTTP Server Prior to 2.4.16/2.2.31 Multiple Vulnerabilities CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 86172 Potential 3 Apache HTTP Server Prior to 2.4.16/2.2.31 Multiple Vulnerabilities CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 87156 Potential 3 Apache Prior to 2.4.4 and 2.2.24 Multiple Vulnerabilities CVE-2012-3499, CVE-2012-4558 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 87156 Potential 3 Apache Prior to 2.4.4 and 2.2.24 Multiple Vulnerabilities CVE-2012-3499, CVE-2012-4558 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 42382 Potential 3 OpenSSH Commands Information Disclosure Vulnerability CVE-2012-0814 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 42384 Potential 3 OpenSSH J-PAKE Session Key Retrieval Vulnerability CVE-2010-4478 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 42413 Potential 3 OpenSSH LoginGraceTime Denial of Service Vulnerability CVE-2010-5107 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 38623 Potential 3 OpenSSH Xauth Command Injection Vulnerability CVE-2016-3115 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 38467 Potential 3 OpenVPN Failed Authentication Denial of Service Vulnerability CVE-2005-2531 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 38464 Potential 3 OpenVPN MAC Address Spoofing Denial of Service Vulnerability CVE-2005-2533 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 38463 Potential 3 OpenVPN Packet Decryption Failure Denial of Service Vulnerability CVE-2005-2532 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 38465 Potential 3 OpenVPN Same Client Certificate Denial of Service Vulnerability CVE-2005-2534 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 70071 Potential 3 Samba Denial of Service Vulnerabilities CVE-2014-0244, CVE-2014-3493 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 70076 Potential 3 Samba Multiple Vulnerabilities (BADLOCK) CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 86920 Potential 2 Apache HTTP Server APR-util Multiple Denial of Service Vulnerabilities CVE-2009-3560, CVE-2009-3720, CVE-2010-1623 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 19568 Potential 2 Database Instance Detected   Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 42428 Potential 2 OpenSSH "child_set_env()" Security Bypass Issue CVE-2014-2532 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 70073 Potential 2 Samba Uninitialized Memory Exposure Vulnerability CVE-2014-0178 Potential, but No risk.  See KB *1
Ubuntu / Linux 2.6.x host scanned, found vuln 90043 Potential 2 SMB Signing Disabled or SMB Signing Not Required   Potential, but No risk.  See KB *1

LINK TO ADVISORIES

    Was this article helpful?
    0 out of 0 found this helpful
    Have more questions? Contact us