The Symantec Control Compliance Suite for Vulnerability Manager (CCS VM) is reporting Common Vulnerabilities and Exposures (CVEs) that have been patched in the latest Redhat released version of Apache.

book

Article ID: 156378

calendar_today

Updated On:

Products

Control Compliance Suite Vulnerability Manager

Issue/Introduction

The Symantec Control Compliance Suite for Vulnerability Manager (CCS VM) is reporting Common Vulnerabilities and Exposures (CVEs) that have been patched in the latest Redhat released version of Apache.

Apache vulnerabilities appear in the CCS VM Reports that are false positives.

Cause

Many "vulnerable version" false positives on Linux assets are due to backporting, which is the action of applying a certain software
modification (patch) to an older version of the software than it was initially created for.

Authenticated scan findings are more comprehensive and have fewer false positives than anonymous scans. The scanner can use SSH interactively to login
to a Linux host to run shell-level commands that would enumerate installed packages and gather other relevant data. The scanner examining a
Microsoft Windows host will usually authenticate remotely using Windows domain or local credentials to obtain patch and configuration data
from the registry and the file system. SNMP can be used to authenticate to network devices, if necessary. CCS VM can also authenticate to
databases, which might use a protocol such as SQL*Net. CCS VM will also need access to the /etc folder and all files and folders contained within.
For Sun devices CCS VM will also need access to /var/sadm/ and all files and folders within it. The following are some other commands that
CCS VM will try to run when logging into a Unix-based machine (this is not a full list, but some of the more important ones that may be restricted for some users):
lslpp -cL (AIX)ifconfig –a (*nix)showrev –p (Sun)pkginfo –x (Sun)dpkg –l (for Debian)rpm –qa (for RedHat)uname –a (*nix)

Resolution

If you provide CCS VM with valid login credentials (does not necessarily need to be root), it should be able to authenticate to the scanned
systems and obtain detailed information about installed applications, including configuration issues and missing security patches.

Lastly if valid credentials are used you can modify a scan template to correlate reliable checks, thus increasing the accuracy of your results.
To enable correlation. To do this, perform the following steps:

1. Access the scan template by clicking the Administration tab and then clicking the manage link for Scan Templates.
2. Copy the scan template that you're using.
3. Click the Vulnerability Checks link in the template configuration.
4. Select the option labeled correlate reliable checks with regular checks.


Applies To

Microsoft Windows Server 2003
Redhat Enterprise Linux 5.x