Linux Malware Detect (LMD)/netofficedwins_demosession.nasl
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Linux Malware Detect (LMD)/netofficedwins_demosession.nasl
I am using Ubuntu 11.10. I installed Linux Malware Detect (LMD) v1.4.1 and ran it. It reported the following infection.
Code:
netofficedwins_demosession.nasl
I did a search for this infaction and found this info. It makes it seem pretty bad but it does not say how to get rid of it. I set LMD to clean and quarantine infections but it found this infection after two runs.
What is the best way to get rid of this infection?
I did a search for this infaction and found this info. It makes it seem pretty bad but it does not say how to get rid of it. I set LMD to clean and quarantine infections but it found this infection after two runs. What is the best way to get rid of this infection?
Unlike with the Other Platform software vulnerabilities in Linux commonly are not, and should not be made subject to, "erase and be at ease"-type of cleaning up. It's unfortunate to see LMD tries to shove such a "solution" down your throat. Software vulnerabilities in Linux commonly require you to verify software integrity and update software.
You should always inform yourself well enough to be able to assess the problem (that IMHO is "the Linux way", not "erase and be at ease") and this is best done using any CVE identifiers with which you consult:
0. your distributions security information: Ubuntu: CVE-2008-2044 and in your case upstream Debian: CVE-2008-2044,
1. the vendor site: netOffice Dwins,
2. the CVE: netOffice (or the OSVDB, NVD or Secunia) and see details at CVE security vulnerability database: CVE-2008-2044,
3. Determine if the machine you run LMD on serves web pages or web applications and if it specifically runs the vulnerable version. Only if it does, then:
- check directories and files the user the web server runs as has access to for anomalies like uploaded files,
- check your login database and system logs for anomalies and your web server logs for access where either 0) files like "projects_site/uploadfile.php" are in the URI or 1) where the "demoSession" variable is set to "1",
- know from the vendor site version 1.3.1 was released as a fix on 2008-04-22 and the current version is 1.5.
I guess your malware scanner just stubled of a detection file from nessus,
(.nasl files are just nessus detection patterns) http://www.tenable.com/products/nessus/
It's like one anti-virus regards the detection-patterns of a second one as infection in the win-world
So nothing to worry about, if you have Nessus installed
Actually the link you provided says it all:
Quote:
NASLDB: netOffice Dwins demoSession Parameter Authentication Bypass
General
So nothing to worry about, if you have Nessus installed
"I think", "don't worry" and other such fuzzy human phrasings are what we like to avoid in this particular forum. If you did actually read my reply you should dig that sharing knowledge and tools (aka giving a man a fishing rod) trumps, and should trump, "don't worry" responses (giving a man a fish) each and every time.
I just had several times already the situation, where a possible security problem turned out to be detection pattern files from different security scanner or anti-virus software, which simply played "detection ping pong" with their respective pattern files ...
I just had several times already the situation, where a possible security problem turned out to be detection pattern files from different security scanner or anti-virus software, which simply played "detection ping pong" with their respective pattern files ...
I would like to thank you both for your responses. They have been very enlightening. So far I'm liking LMD since the installation and operation is straight forward although I was fooled when it picked up the Nessus file. I guess it was more of a weakness in an older version of Nessus, in that things could get through, rather than actual Malware.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.