Couple of security issues..
Posted: 15 Jan 2006 13:02
Beside the fact that there is 8 TCP and 10 UDP ports open:
- the sendmail version allows a remote buffer overflow
http://cve.mitre.org/cgi-bin/cvename.cg ... -2002-1337
- Not that it matters, but the EXPN and VRFY commands are allowed on the mail server too
- RSH service is enabled, which allow TCP spoofing attacks
- TFTP allows unrestricted download of any file on the server
Not that this matter, because I hope all of us put the PBX on a separate VLAN so none can get into our stuff.. But if this is used in a hospital, or some kind of governmental agency, it sucks !
- the sendmail version allows a remote buffer overflow
http://cve.mitre.org/cgi-bin/cvename.cg ... -2002-1337
- Not that it matters, but the EXPN and VRFY commands are allowed on the mail server too
- RSH service is enabled, which allow TCP spoofing attacks
- TFTP allows unrestricted download of any file on the server
Not that this matter, because I hope all of us put the PBX on a separate VLAN so none can get into our stuff.. But if this is used in a hospital, or some kind of governmental agency, it sucks !