Overview

Your company may have a team dedicated to identifying and fixing security issues (e.g., network security group). They might have detected OS vulnerabilities and need a remediation plan.

Information

When it comes to OS vulnerabilities, most of them can be fixed by upgrading Lithium GA to the latest version, which can be downloaded from the NewNet Download Center. After that, run the security scan again (if possible) so you can concentrate on the remaining issues.

In some cases, specific measures must be taken to remediate the vulnerability. Please refer to the list below to learn how to handle each of them:

• Deprecated SSH Cryptographic Settings
• Remote Management Service Accepting Unencrypted Credentials Detected (FTP)

• Accessible Anonymous FTP Server

• FTP Users with Blank Password Allowed

• NTP "monlist" Feature Denial of Service
• Sudo Heap-based Buffer Overflow Vulnerability (Baron Samedit) (Generic)
• OpenSSH Command Injection Vulnerability (Generic)
• EOL/Obsolete Operating System: Red Hat Enterprise Linux 6.x Detected
• Service Stopped Responding
• Red Hat Libxml2 Arbitrary Code Execution

If you are already using the latest version and the reported vulnerabilities are not listed above, please create a support ticket and attach the security scan report. It will be conveyed to the Engineering team and they might get fixed in a future version. They will provide you with more details as necessary.

<supportagent>

If the client is already on the latest version and is reporting vulnerabilities, L2 should escalate the ticket to Central Engineering as per the NewNet Routing Table.

</supportagent>