Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 Guia do Utilizador descarregar pdf (Página 62)

nid=10382

cve=CVE-2000-0318

bid=1144

hs_sport=143

name=Atrium Mercur Mailserver

description=The remote imap server is Mercur Mailserver 3.20. There is a flaw in this

server (present up to version 3.20.02) which allow any authenticated user to

read any file on the system. This includes other users mailboxes, or any system

file. Warning : this flaw has not been actually checked but was deduced from

the server banner

solution=There was no solution ready when this vulnerability was written; Please

contact the vendor for updates that address this vulnerability.

risk=HIGH

match=>* OK

match=MERCUR

match=IMAP4-Server

regex=^\* OK.*MERCUR IMAP4-Server.*v3\.20\..*$

Notice that the first match pattern makes use of the “>” symbol. The “>” symbol indicates that the subsequent string must

be at the beginning of the packet payload. Use of the “>” symbol is encouraged where possible as it is an inexpensive

operation.

Case Insensitive Example

There is a tool called SmartDownLoader that uploads and downloads large files. Unfortunately, versions 0.1 through 1.3

use the syntax “SmartDownloader”, versions 1.4 through 2.7 use “smartdownloader” and versions 2.8 through current

uses the syntax “SMARTdownloader”. Searching for the various combinations of this text with purely the regex command

would cause us to use a statement that looks like this:

regex=[sS][mM][aA][rR][tT][dD]own[lL]oader

However, with the regexi command, the search string is much less complex and less prone to creating an error:

regexi=smartdownloader

By using regexi, we can more quickly match on all three versions as well as future permutations of the string

“smartdownloader”. In a case such as this, regexi is the logical choice.

id=8800

dependency=1442

hs_sport=6789

name=SmartDownLoader Detection

description=The remote host is running SmartDownLoader, a tool for performing

rudimentary uploads and downloads of large binary files.

solution=Ensure that this application is in keeping with Corporate policies and

guidelines

risk=MEDIUM

family=PeerToPeer

match=ownloader

regexi=smartdownloader

A complete example PVS plugin using the regexi keyword is shown above. The use of the match keyword searching for

the string “ownloader” is not a typo. By searching for network sessions that have this string in them first, the PVS can

avoid invoking the expensive regexi search algorithm unless the “ownloader” pattern is present.

1 2 ... 57 58 59 60 61 62 63 64 65 66 67 ... 78 79

Comentários a estes Manuais

Sem comentários

Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 Guia do Utilizador Página 62

Comentários a estes Manuais

Manuais e produtos relacionados com Software Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0