Wednesday, October 04, 2006

vulnerability assessment of Citrix Netscaler NS7000 using Nessus

I used Nessus on the latest Pentoo Linux live cd to assess the Citrix Netscaler NS7000. For the ports
  • The BGP port should really not be there, since it is not enabled. The connection was closed immediately. however, it shouldn't allow connection at all.
  • HTTPS server allows SSL V2 ciphers which can give administrators false sense of security if they happen to use aged browser.
  • UDP in general: Traceroute is enabled. bad. bad.
  • TCP in general:

The remote host does not discard TCP SYN packets which
have the FIN flag set.

Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.

See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
           http://www.kb.cert.org/vuls/id/464113
    
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487

====================================================================

The remote host accepts loose source routed IP packets.
The feature was designed for testing purpose.
An attacker may use it to circumvent poorly designed IP filtering
and exploit another flaw. However, it is not dangerous by itself.

Solution : drop source routed packets on this host or on other ingress
routers or firewalls.  


Risk factor : Low

No comments: