DCO vulnerabilities SERVER: MiniServ/1.820

DCIM_Support · ‎2020-07-05

This question was originally posted on DCIM Support by Andres Cordero on 2018-11-23

Hi Support,

We require your assistance with this matter.

Preview:

- one of the biggest national banks in our country has the DCO running in a virtual server

- Our customer used a third party utility to detect vulnerabilities. They use “QRadar”

- The DCO is running in version 8.0.3

Vulnerabilities:

The customer is using the QRadar utility and they want to solve the vulnerability below:

CVE ID: 2017-15645,2007-5066
Vulnerability ID: Webmin create_job.cgi cross-site request forgery
Vulnerability Description: SERVER: MiniServ/1.820
Port: 10000
Concern: This application is prone to this vulnerability because of an unknown reason, allowing an attacker to execute arbitrary commands and escalate privileges.
Solution: No remedy available as of October 16, 2017.

DCIM_Support · ‎2020-07-05

This answer was originally posted on DCIM Support by Greg Sterling on 2018-11-27

Hello Andres.

The above DCO release you mention is quite old. Current DCO release is 8.2.12. Each of the DCO releases since the mentioned 8.0.3 release include patches/updates to address security and vulnerabilities. We scan/verify known vulnerabilities against each new release before it becomes available to the public.

We would recommend you consider upgrading your DCO 8.0.3 installation to a more current release.

Regards

Greg Sterling

DCIM_Support · ‎2020-07-05

This comment was originally posted on DCIM Support by Andres Cordero on 2019-01-03

Hi Greg,

We upgraded the DCO software as you requested, but the vulnerability persist.

CVE ID: 2017-15645,2007-5066
Vulnerability ID: Webmin unspecified URL command execution
Vulnerability Description: SERVER: MiniServ/1.820
Port: 10000
Concern: This application is prone to this vulnerability because of an unknown reason, allowing an attacker to execute arbitrary commands and escalate privileges.
Solution: Upgrade to the latest version of Webmin (1.370 or later), available from the Webmin Web site: Security Alerts. See References.

Please help!!

DCIM_Support · ‎2020-07-05

This comment was originally posted on DCIM Support by Greg Sterling on 2019-01-03

We'll ask development to comment further, but when I look at these CVE definitions (CVE ID: 2017-15645,2007-5066) they state these vulnerabilities are addressed by webmin versions 1850 and 1370 respectively.

If you upgraded to DCO 8.2.12 then your webmin version should be 1890. If you logon to your webmin gui (https://dco-server-ip:10000/) the webmin version should be visible on the system information page when you login.

Regards

Greg Sterling

DCIM_Support · ‎2020-07-05

This comment was originally posted on DCIM Support by Andres Cordero on 2019-01-17

Hi Greg,
We performed the webmin upgrade as you mentioned.
The webmin works in version 1.900

But now we have more vulnerabilities.
Please check the attached image.

We need to purge this list.
We appreciate all your help.

DCIM_Support · ‎2020-07-05

This comment was originally posted on DCIM Support by Greg Sterling on 2019-01-17

Hello Andres

Did you update webmin only or both DCO and webmin?

Regards

Greg Sterling

DCIM_Support · ‎2020-07-05

This comment was originally posted on DCIM Support by Andres Cordero on 2019-02-15

Hello Greg,

Both at the same time.

The resolution instructions for many of the vulnerabilities are to upgrate the webmin versión to a newest versión. (Please check atached file = Vulnerabilidades DCO.xlsx)

The webmin is aleady in versión 1900.

Could this be managed as a false -positive?

Vulnerabilidades DCO.xlsx

DCIM_Support · ‎2020-07-05

This comment was originally posted on DCIM Support by Greg Sterling on 2019-02-18

Hello Andres. I have asked our dev team to comment on your recent response.

Regards

Greg Sterling

DCIM_Support · ‎2020-07-05

This comment was originally posted on DCIM Support by Andres Cordero on 2019-03-07

Hello Greg,

Any update?

DCIM_Support · ‎2020-07-05

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.