服务器发现安全漏洞!怎么解决?
用Xsacn扫描出来的安全漏洞,英文不大好,看不太明白!大家帮帮忙!
===================================================================
漏洞 ftp (21/tcp) The remote FTP server closes
the connection when a command is too long or is given
a too long argument.
This probably due to a buffer overflow, which
allows anyone to execute arbitrary code
on the remote host.
This problem is threatening, because
the attackers don't need an account
to exploit this flaw.
Solution : Upgrade your FTP server or change it
Risk factor : High
=========================================================================
漏洞 pop3 (110/tcp)
The remote POP3 server might be vulnerable to a buffer overflow
bug when it is issued at least one of these commands, with a too long
argument :
auth
user
pass
If confirmed, this problem might allow an attacker to execute
arbitrary code on the remote system, thus giving him an interactive
session on this host.
Solution : If you do not use POP3, disable this service in /etc/inetd.conf
and restart the inetd process. Otherwise, upgrade to a newer version.
See also : http://online.securityfocus.com/archive/1/27197
Risk factor : High
=========================================================================