Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVAS found vulnerabilities in pfSense host

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 782 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maximg
      last edited by maximg

      I recently ran a scan in my subnet using OpenVAS (https://www.openvas.org/, I used docker image from here: https://github.com/Secure-Compliance-Solutions-LLC/GVM-Docker ) and it reported some vulnerabilities on pfSense 2.4.5-RELEASE-p1 box. Since I do not know how to reproduce these vulnerabilities, I am not sure how to open the ticket. What is the best way to report these?

      1. LiteServe URL Decoding DoS OID: 1.3.6.1.4.1.25623.1.0.11155
        The remote web server dies when an URL consisting of a long invalid string of % is sent.

      Affected Software/OS: LiteServe is affected. Webseal version 3.8 and other versions and products might be affected as well.

      Impact: A attacker may use this flaw to make your server crash continually.

      Solution Type: Vendorfix

      1. HTTP 1.0 header overflow OID: 1.3.6.1.4.1.25623.1.0.11127
        It was possible to kill the web server by sending an invalid request with a too long header (From, If-Modified-Since, Referer or Content-Type)

      Impact: An attacker may exploit this vulnerability to make your web server crash continually or even execute arbitrary code on the target system.

      Solution Type: Vendorfix

      1. Crash SMC AP OID: 1.3.6.1.4.1.25623.1.0.11141
        The remote SMC 2652W Access point web server crashes when sent a specially formatted HTTP request.

      Solution Type: Vendorfix

      1. Kill service with random data OID: 1.3.6.1.4.1.25623.1.0.17296
        CVE-1999-1196
        It was possible to crash the remote service by sending it a few kilobytes of random data.

      Impact: An attacker may use this flaw to make this service crash continuously,
      preventing this service from working properly. It may also be possible
      to exploit this flaw to execute arbitrary code on this host.

      Solution Type: Vendorfix

      1. Xitami '/AUX' Request Remote Denial Of Service Vulnerability OID: 1.3.6.1.4.1.25623.1.0.100633
        Xitami is prone to a denial-of-service vulnerability.

      Affected Software/OS: Xitami 5.0a0 is vulnerable.

      Impact: Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

      Solution Type: Will not fix
      No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Most of those are not relevant since they aren't even the right OS/Platform/etc. That doesn't even mention what port the notification was triggered by, but since they appear to be HTTP, probably the GUI.

        The ones that don't mention a specific name are very old, and I find it hard to believe they are still relevant against a modern nginx or haproxy like the one used on pfSense.

        Also, depending on how you performed the scan, if you have NAT rules, you might actually be scanning a device behind pfSense and not pfSense itself.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.