Re: [Fed-Talk] Vulnerability Management (Repost)
Re: [Fed-Talk] Vulnerability Management (Repost)
- Subject: Re: [Fed-Talk] Vulnerability Management (Repost)
- From: "Marcus, Allan B" <email@hidden>
- Date: Fri, 23 Apr 2010 15:01:39 -0600
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Vulnerability Management (Repost)
Can you just search
http://web.nvd.nist.gov/view/vuln/search?execution=e2s1
for mac OS X ?
---
Thanks,
Allan Marcus
505-667-5666
On Apr 1, 2010, at 9:28 AM, David Downin wrote:
> Does anyone know if there is somewhere that I can find out of a particular CVE applies to macs?
>
> Basically, our site (NSWCCD) as well as the folks at NCDOC have been scanning our network for vulnerabilities using the Retina Network Security Scanner by eEye. I personally have been using it as well to scan the macs in our group and remediate them.
>
> I’ve noticed a lot of times, that Retina will report a vulnerability simply because of the version of something. One example:
>
> Audit ID: 8151
> Samba Daemon DOS Filemode Override ACL Bypass
> CVE-2009-1888
>
> This is reported on a machine running 10.6.3 (client) simply because Retina is running “smbd –V” and is getting “3.0.25B-apple”. Retina does note that the audit is for versions of Samba obtained from samba.org and may be a false finding on vendor specific backports. So, is there any way for me verify that this is indeed a false positive or not?
>
> I have managed to get rid of the Retina warning temporarily by changing the version number that is reported – but for some reason that I have yet to discover why it eventually reverts back to the original version (it’s not because of a software update). Below is what I am doing to change the reported version.
>
> #!/bin/bash
> sudo perl -pi.$TIME -e "s/3\.0\.28/4\.0\.28/" /usr/sbin/smbd
> _______________________________________________________
> Dave Downin
> NSWC Carderock
> Facility Engineering and Operations Department / Code 5104
> 9500 MacArthur Blvd.
> West Bethesda, MD 20817-5000
>
> (301) 227-4873 / Work
> (301) 247-3520 / Cell
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden