|  | 
 
  
    | RSS Feed - WebSphere MQ Support | RSS Feed - Message Broker Support |  
 
  
	|    |  |  
  
	| MQSeries Security -- Nessus vulnerability scanner question | « View previous topic :: View next topic » |  
  	| 
		
		
		  | Author | Message |  
		  | djs239 | 
			  
				|  Posted: Fri Oct 29, 2004 9:22 am    Post subject: MQSeries Security -- Nessus vulnerability scanner question |   |  |  
		  | Newbie
 
 
 Joined: 29 Oct 2004Posts: 1
 
 
 | 
			  
				| When I run the Nessus vulnerability scanner on my IBM system, I don't know how to determine if Nessus is reporting a false positive on MQSeries. Here's the Nessus report for the 'vulnerability'.
 Any help much appreciated.
 Thanks,
 
 
 Vulnerability ibm-mqseries (1414/tcp) The remote host seem to be running a version of OpenSSL which is older than 0.9.6k or 0.9.7c.
 
 There is a heap corruption bug in this version which might be exploited by an
 attacker to gain a shell on this host.
 
 Solution : If you are running OpenSSL, Upgrade to version 0.9.6k or 0.9.7c or newer
 Risk factor : High
 CVE : CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
 BID : 8732
 Other references : IAVA:2003-A-0015, RHSA:RHSA-2003:291-01, SuSE:SUSE-SA:2003:043
 Nessus ID : 11875
 |  |  
		  | Back to top |  |  
		  |  |  
		  | offshore | 
			  
				|  Posted: Fri Oct 29, 2004 12:24 pm    Post subject: |   |  |  
		  |  Master
 
 
 Joined: 20 Jun 2002Posts: 222
 
 
 | 
			  
				| I not quite sure what you're asking but here's what I suggest. 
 You should upgrade OpenSSL software, as there are some pretty big security holes in 0.9.7c and below.
 
 There isn't much you can do about the port being open on 1414, MQ needs to be listening on that port (or what ever port you decide) to accept incoming messages.
 
 If the box is behind a bunch of firewalls, or in DMZ or something isn't quite as serious, unless you're worried about your own people trying to perform a DoS attack or something.
 |  |  
		  | Back to top |  |  
		  |  |  
		  | EddieA | 
			  
				|  Posted: Fri Oct 29, 2004 2:07 pm    Post subject: |   |  |  
		  |  Jedi
 
 
 Joined: 28 Jun 2001Posts: 2453
 Location: Los Angeles
 
 | 
			  
				| My guess is that Nessus is trying to determine exactly what is listening to that port, and is confused.  It thinks MQSeries is SSL. 
 Cheers,
 _________________
 Eddie Atherton
 IBM Certified Solution Developer - WebSphere Message Broker V6.1
 IBM Certified Solution Developer - WebSphere Message Broker V7.0
 |  |  
		  | Back to top |  |  
		  |  |  
		  |  |  |  
  
	|    |  | Page 1 of 1 |  
 
 
  
  	| 
		
		  | 
 
 | You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 |  |  |  |