Security and open port scans – Raritan Computer CC-SG User Manual
Page 235
A
PPENDIX
B:
CC-SG
AND
N
ETWORK
C
ONFIGURATION
221
Security and Open Port Scans
As part of the CC-SG Quality Assurance process, several open port scanners are applied to the
product and Raritan makes certain that its product is not vulnerable to these known attacks. All
the open or filtered/blocked ports are listed in the above sections. Some of the more common
exposures are:
Issue ID
Synopsis
Comment
CVE-1999-0517
CVE-1999-0186
CVE-1999-0254
CVE-1999-0516
snmp (161/UDP) - the community
name of the remote SNMP server can
be guessed.
Default CC-SG SNMP community name is
“public”. Users are encouraged to change this to
the site-specific value (Setup Î Configuration
Manager Î SNMP menu). Please refer to the
CC-SG Administrator Guide for more
additional information.
CVE-2000-0843 The remote telnet server shut the
connection abruptly when given a
long username followed by a
password.
Traditionally, port 23 is used for telnet services.
However, CC-SG uses this port for SSH V2
Diagnostic Console sessions. Users may change
the port and/or completely disable Diagnostic
Console from using the SSH Access method.
Please refer to the CC-SG Administrator
Guide for more additional information.
CVE-2004-0230 The remote host might be vulnerable
to a sequence number approximation
bug, which may allow an attacker to
send spoofed RST packets to the
remote host and close established
connections.
The underlying TCP/IP protocol stack used by
CC-SG has not been shown to be susceptible to
this exposure.
CVE-2004-0079
CVE-2004-0081
CVE-2004-0112
The remote host is using a version of
OpenSSL which is older than 0.9.6m
or 0.9.7d.
The following patches have been applied to
OpenSSL, therefore removing this exposure:
• RHSA-2004:120
• RHSA-2005:830.
• RHSA-2003:101-01
3
CVEs can be found on
http://cve.mitre.org
.