OpenVAS found vulnerabilities in pfSense host



  • I recently ran a scan in my subnet using OpenVAS (https://www.openvas.org/, I used docker image from here: https://github.com/Secure-Compliance-Solutions-LLC/GVM-Docker ) and it reported some vulnerabilities on pfSense 2.4.5-RELEASE-p1 box. Since I do not know how to reproduce these vulnerabilities, I am not sure how to open the ticket. What is the best way to report these?

    1. LiteServe URL Decoding DoS OID: 1.3.6.1.4.1.25623.1.0.11155
      The remote web server dies when an URL consisting of a long invalid string of % is sent.

    Affected Software/OS: LiteServe is affected. Webseal version 3.8 and other versions and products might be affected as well.

    Impact: A attacker may use this flaw to make your server crash continually.

    Solution Type: Vendorfix

    1. HTTP 1.0 header overflow OID: 1.3.6.1.4.1.25623.1.0.11127
      It was possible to kill the web server by sending an invalid request with a too long header (From, If-Modified-Since, Referer or Content-Type)

    Impact: An attacker may exploit this vulnerability to make your web server crash continually or even execute arbitrary code on the target system.

    Solution Type: Vendorfix

    1. Crash SMC AP OID: 1.3.6.1.4.1.25623.1.0.11141
      The remote SMC 2652W Access point web server crashes when sent a specially formatted HTTP request.

    Solution Type: Vendorfix

    1. Kill service with random data OID: 1.3.6.1.4.1.25623.1.0.17296
      CVE-1999-1196
      It was possible to crash the remote service by sending it a few kilobytes of random data.

    Impact: An attacker may use this flaw to make this service crash continuously,
    preventing this service from working properly. It may also be possible
    to exploit this flaw to execute arbitrary code on this host.

    Solution Type: Vendorfix

    1. Xitami '/AUX' Request Remote Denial Of Service Vulnerability OID: 1.3.6.1.4.1.25623.1.0.100633
      Xitami is prone to a denial-of-service vulnerability.

    Affected Software/OS: Xitami 5.0a0 is vulnerable.

    Impact: Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

    Solution Type: Will not fix
    No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.


  • Rebel Alliance Developer Netgate

    Most of those are not relevant since they aren't even the right OS/Platform/etc. That doesn't even mention what port the notification was triggered by, but since they appear to be HTTP, probably the GUI.

    The ones that don't mention a specific name are very old, and I find it hard to believe they are still relevant against a modern nginx or haproxy like the one used on pfSense.

    Also, depending on how you performed the scan, if you have NAT rules, you might actually be scanning a device behind pfSense and not pfSense itself.


Log in to reply