• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVAS found vulnerabilities in pfSense host

Scheduled Pinned Locked Moved General pfSense Questions
2 Posts 2 Posters 783 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    maximg
    last edited by maximg Jul 11, 2020, 6:09 PM Jul 11, 2020, 5:58 PM

    I recently ran a scan in my subnet using OpenVAS (https://www.openvas.org/, I used docker image from here: https://github.com/Secure-Compliance-Solutions-LLC/GVM-Docker ) and it reported some vulnerabilities on pfSense 2.4.5-RELEASE-p1 box. Since I do not know how to reproduce these vulnerabilities, I am not sure how to open the ticket. What is the best way to report these?

    1. LiteServe URL Decoding DoS OID: 1.3.6.1.4.1.25623.1.0.11155
      The remote web server dies when an URL consisting of a long invalid string of % is sent.

    Affected Software/OS: LiteServe is affected. Webseal version 3.8 and other versions and products might be affected as well.

    Impact: A attacker may use this flaw to make your server crash continually.

    Solution Type: Vendorfix

    1. HTTP 1.0 header overflow OID: 1.3.6.1.4.1.25623.1.0.11127
      It was possible to kill the web server by sending an invalid request with a too long header (From, If-Modified-Since, Referer or Content-Type)

    Impact: An attacker may exploit this vulnerability to make your web server crash continually or even execute arbitrary code on the target system.

    Solution Type: Vendorfix

    1. Crash SMC AP OID: 1.3.6.1.4.1.25623.1.0.11141
      The remote SMC 2652W Access point web server crashes when sent a specially formatted HTTP request.

    Solution Type: Vendorfix

    1. Kill service with random data OID: 1.3.6.1.4.1.25623.1.0.17296
      CVE-1999-1196
      It was possible to crash the remote service by sending it a few kilobytes of random data.

    Impact: An attacker may use this flaw to make this service crash continuously,
    preventing this service from working properly. It may also be possible
    to exploit this flaw to execute arbitrary code on this host.

    Solution Type: Vendorfix

    1. Xitami '/AUX' Request Remote Denial Of Service Vulnerability OID: 1.3.6.1.4.1.25623.1.0.100633
      Xitami is prone to a denial-of-service vulnerability.

    Affected Software/OS: Xitami 5.0a0 is vulnerable.

    Impact: Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

    Solution Type: Will not fix
    No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Jul 13, 2020, 3:47 PM

      Most of those are not relevant since they aren't even the right OS/Platform/etc. That doesn't even mention what port the notification was triggered by, but since they appear to be HTTP, probably the GUI.

      The ones that don't mention a specific name are very old, and I find it hard to believe they are still relevant against a modern nginx or haproxy like the one used on pfSense.

      Also, depending on how you performed the scan, if you have NAT rules, you might actually be scanning a device behind pfSense and not pfSense itself.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received