As some of you may already be aware, Websiteforge has been audited lately for PCI compliance. The following is a list of issues and the results of our findings. Please review this when you receive test results about your site. As always, feel free to submit your test results to support@websiteforge.com so we can review them for you and advise.
REVIEW:
OpenSSH Duplicate Block Denial
of Service Vulnerability
A version of OpenSSH prior to 4.4 is running on this host. This version
is affected by a Denial of Service vulnerability. However, an attack can
only be performed if version 1 of the SSH protocol is enabled.
Note: Vulnerabilities which result only in denial of service do not affect
PCI compliance; however, they may still be critical to your systems.
Service: SSH-2.0-OpenSSH_3.9p1
CVE: CVE-2006-4924
NVD: CVE-2006-4924
Bugtraq: 20216
CERT: 787448
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:C (Base Score:7.80)
FALSE ALERT. We do not have and never had SSHv1 enabled.
ProFTPD Command Truncation
Cross-Site Request Forgery
Vulnerability
The version of ProFTPD running on the remote host splits an overly
long FTP command into a series of shorter ones and executes each in
turn. If an attacker can trick a ProFTPD administrator into accessing a
specially-formatted HTML link, he may be able to cause arbitrary FTP
commands to be executed in the context of the affected application
with the administrator's privileges.
Service: 220 WebsiteForge FTP Server (www.websiteforge.com) ready
CVE: CVE-2008-4242
NVD: CVE-2008-4242
Bugtraq: 31289
Reference: http://bugs.proftpd.org/show_bug.cgi?id=3115
CVSSv2: AV:N/AC:H/Au:N/C:P/I:P/A:P (Base Score:5.10)
Valid alert. Software upgraded and patched, issue resolved.
OpenSSH X11 Session Hijacking
Vulnerability
OpenSSH is prone to a vulnerability that allows local attackers
to hijack forwarded X connections. The system must have both
IPv4 and IPv6 enabled at the same time for this to be exploited.
Successfully exploiting this issue may allow an attacker run arbitrary
shell commands with the privileges of the user running the affected
application. This issue is known to affect OpenSSH 4.3p2, though
other versions may also be affected. This vulnerability will trigger on
any SSH banner version prior to 'openssh-5'. OpenSSH packages
shipped with Red Hat Enterprise Linux 4 and 5 are not vulnerable to
this issue. However, Red Hat Enterprise Linux 2.1 and 3 are affected.
Service: SSH-2.0-OpenSSH_3.9p1
CVE: CVE-2008-1483
NVD: CVE-2008-1483
Bugtraq: 28444
CVSSv2: AV:L/AC:H/Au:S/C:C/I:C/A:C (Base Score:6.00)
FALSE ALERT. Our systems have IPv6 disabled and therefore are not affected.
Multiple Vulnerabilities in lighttpd
Prior to 1.4.20
The version of lighttpd running on this host is prone to multiple
vulnerabilities. These include a failure to properly sanitize user input
which could lead to information disclosure, a memory leak when
processing multiple headers that could lead to denial of service
conditions, and the ability to circumvent URL rewrite and redirect
patterns using encoding. Refer to the included references for more
information.
Service: lighttpd/1.4.18
CVE: CVE-2008-1531, CVE-2008-4298, CVE-2008-4359,
CVE-2008-4360
NVD: CVE-2008-1531, CVE-2008-4298, CVE-2008-4359,
CVE-2008-4360
Bugtraq: 28489, 31434, 31599, 31600
Reference: http://trac.lighttpd.net/trac/ticket/285Reference: http://
trac.lighttpd.net/trac/ticket/1720Reference: http://trac.lighttpd.net/trac/
ticket/1589Reference: http://trac.lighttpd.net/trac/ticket/1774
CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P (Base Score:5.00)
Valid alert. Removed the software because it was installed for a customer who has left and never used it.