Security and open port scans – Raritan Engineering Command Center CC-SG User Manual

A

PPENDIX B

:

CC

-

SG AND NETWORK CONFIGURATION

235

Security and Open Port Scans

As part of the CC-SG Quality Assurance process, several open port scanners are applied to the
product and Raritan Computer makes certain that its product is not vulnerable to these known
attacks. All the open or filtered/blocked ports are listed in the above sections. Some of the more
common exposures are:

Issue ID

3

Synopsis

Comment

CVE-1999-0517
CVE-1999-0186
CVE-1999-0254
CVE-1999-0516

snmp (161/UDP) - the community
name of the remote SNMP server can
be guessed.

Default CC-SG SNMP community name is
“public”. Users are encouraged to change this
to the site-specific value (Setup Î
Configuration Manager Î SNMP menu).
Please refer to the CC-SG Administrator
Guide for more additional information.

CVE-2000-0843 The remote telnet server shut the

connection abruptly when given a
long username followed by a
password.

Traditionally, port 23 is used for telnet services.
However, CC-SG uses this port for SSH V2
Diagnostic Console sessions. Users may change
the port and/or completely disable Diagnostic
Console from using the SSH Access method.
Please refer to the CC-SG Administrator
Guide for more additional information.

CVE-2004-0230 The remote host might be vulnerable

to a sequence number approximation
bug, which may allow an attacker to
send spoofed RST packets to the
remote host and close established
connections.

The underlying TCP/IP protocol stack used by
CC-SG has not been shown to be susceptible to
this exposure.

CVE-2004-0079
CVE-2004-0081
CVE-2004-0112

The remote host is using a version of
OpenSSL which is older than 0.9.6m
or 0.9.7d.

The following patches have been applied to
OpenSSL, therefore removing this exposure:
• RHSA-2004:120
• RHSA-2005:830.
• RHSA-2003:101-01

3

CVEs can be found on

http://cve.mitre.org

.