Top 25 Remediations by Risk with Details April 26, 2018 15:38:32

Top Remediations with Details

Will Remediate

Applying 71% Affecting

25 Vulnerabilities 9
Top Remediations including: Assets
36%published 20%available
exploits malware kits

Remediated Affected
Remediations Risk
Vulns Assets

Upgrade to the latest version of PHP 168 13 0 2 67688

Upgrade to the latest version of Mozilla Firefox 97 0 0 1 44016

Upgrade to the latest version of Mozilla Firefox ESR

60 0 0 1 27665

Upgrade to the latest version of Oracle MySQL 54 3 0 1 11791

Upgrade to the latest version of Google Chrome

21 0 0 1 9423

Upgrade to the latest version of Apache HTTPD 31 3 0 2 7568

Upgrade to the latest version of PostgreSQL 21 0 0 1 5698

Upgrade to Samba 3.0.33 9 8 0 1 5454

Enable authorization for linux single user mode

6 0 0 6 5176

Disable IP source routing on Linux 6 0 0 6 4459

Configure SMB signing 6 0 0 3 4403

Upgrade xulrunner-devel 8 0 0 1 4084

Upgrade xulrunner 8 0 0 1 4084

Upgrade xulrunner-debuginfo 8 0 0 1 4084

Disable ICMP redirect support 6 0 0 6 4037

Upgrade to the latest version of BIND 12 1 0 1 3988

Download and install Microsoft patch

windowsserver2003.windowsxp-kb2508429-x64- 5 5 0 1 3804
enu.exe (1044864 bytes)
Download and install Microsoft patch windowsxp-
kb2508429-x86-enu.exe (664960 bytes) 5 5 0 1 3804
 Remediated Affected
Remediations Risk
Vulns Assets

Enable GRUB password 5 0 0 5 3614

Upgrade firefox 6 0 0 1 3439

Upgrade firefox-debuginfo 6 0 0 1 3439

Edit '/etc/securetty' entries 5 0 0 5 3203

Download and install Microsoft patch windowsxp-

kb982214-x86-custom-enu.exe (665464 bytes) 4 5 0 1 3075

Restrict User's home directory mode 6 0 0 6 3035

Upgrade java-1.6.0-openjdk-src 4 0 1 1 2617

1. Upgrade to the latest version of PHP

Remediation Steps
Download and apply the upgrade from: http://www.php.net/downloads.php

The latest version of PHP is 5.4.13

http://www.php.net/downloads.php

Affected Assets

Name IP Address Site

Unknown 10.3.60.126 Southern California Region

metasploitable.localdomain 10.3.60.126 Southern California Region

2. Upgrade to the latest version of Mozilla Firefox

Remediation Steps

Install the latest version of Mozilla Firefox from the Mozilla Products page.

Affected Assets
2 of 12
 Name IP Address Site
wsus_server.pslab.rapid7.com 10.3.60.112 Southern California Region

3. Upgrade to the latest version of Mozilla Firefox ESR

Remediation Steps

Install the latest version of Mozilla Firefox ESR from the Mozilla Products page.

Affected Assets

Name IP Address Site

wsus_server.pslab.rapid7.com 10.3.60.112 Southern California Region

4. Upgrade to the latest version of Oracle MySQL

Remediation Steps
Download and apply the upgrade from: http://dev.mysql.com/downloads/mysql

The latest version of Oracle MySQL is 5.6.11

http://dev.mysql.com/downloads/mysql

Affected Assets

Name IP Address Site

metasploitable.localdomain 10.3.60.126 Southern California Region

5. Upgrade to the latest version of Google Chrome

Remediation Steps

Install latest version of Google Chrome from the Google Chrome page.

Affected Assets

Name IP Address Site

wsus_server.pslab.rapid7.com 10.3.60.112 Southern California Region

3 of 12
6. Upgrade to the latest version of Apache HTTPD
Remediation Steps
Download and apply the upgrade from: http://archive.apache.org/dist/httpd/httpd-2.4.4.tar.gz

The latest version of Apache HTTPD server is 2.4.4

Many platforms and distributions provide pre-built binary packages for Apache HTTP server. These pre-built
packages are usually customized and optimized for a particular distribution, therefore we recommend that you use
the packages if they are available for your operating system.
http://archive.apache.org/dist/httpd/httpd-2.4.4.tar.gz

Affected Assets

Name IP Address Site

Unknown 10.3.60.126 Southern California Region

metasploitable.localdomain 10.3.60.126 Southern California Region

7. Upgrade to the latest version of PostgreSQL

Remediation Steps
Download and apply the upgrade from: http://www.postgresql.org/download/

http://www.postgresql.org/download/

Affected Assets

Name IP Address Site

metasploitable.localdomain 10.3.60.126 Southern California Region

8. Upgrade to Samba 3.0.33

Remediation Steps
Download and apply the upgrade from: http://us1.samba.org/samba/ftp/old-versions/samba-3.0.33.tar.gz

http://us1.samba.org/samba/ftp/old-versions/samba-3.0.33.tar.gz

Affected Assets

Name IP Address Site

metasploitable.localdomain 10.3.60.126 Southern California Region

4 of 12
9. Enable authorization for linux single user mode
Remediation Steps

Refer to your vendor's documentation for exact details on enabling authorization for single user mode, however on
systems that still use /etc/inittab, this involves adding the following line:
~:S:wait:/sbin/sulogin

Affected Assets

Name IP Address Site

Unknown 10.3.60.110 Southern California Region

Unknown 10.3.60.118 Southern California Region

Unknown 10.3.60.126 Southern California Region

Unknown 10.3.60.139 Southern California Region

demo-training.pslab.rapid7.com 10.3.60.128 Southern California Region

metasploitable.localdomain 10.3.60.126 Southern California Region

10. Disable IP source routing on Linux

Remediation Steps

Linux

Source routing is disabled by default. On Linux kernel 2.2 and earlier, this setting was controlled by the contents of
the following proc file:
/proc/sys/net/ipv4/conf/all/accept_source_route
However, in more recent versions of Linux, the source route setting is controlled by several sysctl variables. Issue
the following command to drop all source routed packets:
/sbin/sysctl -w net.ipv4.conf.all.accept_source_route=0
Also, issue the following commands to disable forwarding of any frames with source routing options:
/sbin/sysctl -w net.ipv4.conf.all.forwarding=0
/sbin/sysctl -w net.ipv4.conf.all.mc_forwarding=0
These settings can be added to /etc/sysctl.conf to make them permanent.
You should also consider blocking or "scrubbing" source routed packets at your firewall (i.e. either reject
source routed packets or have the firewall remove the source routing options if possible).

Affected Assets

Name IP Address Site

5 of 12
 Name IP Address Site
Unknown 10.3.60.110 Southern California Region

Unknown 10.3.60.126 Southern California Region

Unknown 10.3.60.139 Southern California Region

demo-training.pslab.rapid7.com 10.3.60.128 Southern California Region

metasploitable.localdomain 10.3.60.126 Southern California Region

wsus_server.pslab.rapid7.com 10.3.60.112 Southern California Region

11. Configure SMB signing

Remediation Steps

Microsoft Windows

Configure the system to enable or require SMB signing as appropriate. The method and effect of doing this is system
specific so please see this TechNet article for details. Note: ensure that SMB signing configuration is done for
incoming connections (Server).

Affected Assets

Name IP Address Site

WIN2K8-MEDTRONI 10.3.60.106 Southern California Region

WINXP 10.3.60.121 Southern California Region

wsus_server.pslab.rapid7.com 10.3.60.112 Southern California Region

12. Upgrade xulrunner-devel

Remediation Steps

CentOS Linux >= 5 and < 6 (x86_64)

Update xulrunner-devel to the latest version available from CentOS, using tools like yum or up2date.

Because CentOS RPMs are built off of RedHat SRPMs, there is a delay between when a vulnerability is published and
fixed in the RedHat SRPMs and the time that CentOS in turn rebuilds and redistributes the updated RPMs. As such, there
may be cases where the updated RPM(s) listed here might not exist in the CentOS RPM repositories yet.

Affected Assets

Name IP Address Site

Unknown 10.3.60.118 Southern California Region

6 of 12
13. Upgrade xulrunner
Remediation Steps

CentOS Linux >= 5 and < 6 (x86_64)

Update xulrunner to the latest version available from CentOS, using tools like yum or up2date.

Because CentOS RPMs are built off of RedHat SRPMs, there is a delay between when a vulnerability is published and
fixed in the RedHat SRPMs and the time that CentOS in turn rebuilds and redistributes the updated RPMs. As such, there
may be cases where the updated RPM(s) listed here might not exist in the CentOS RPM repositories yet.

Affected Assets

Name IP Address Site

Unknown 10.3.60.118 Southern California Region

14. Upgrade xulrunner-debuginfo

Remediation Steps

CentOS Linux >= 5 and < 6 (x86_64)

Update xulrunner-debuginfo to the latest version available from CentOS, using tools like yum or up2date.

Because CentOS RPMs are built off of RedHat SRPMs, there is a delay between when a vulnerability is published and
fixed in the RedHat SRPMs and the time that CentOS in turn rebuilds and redistributes the updated RPMs. As such, there
may be cases where the updated RPM(s) listed here might not exist in the CentOS RPM repositories yet.

Affected Assets

Name IP Address Site

Unknown 10.3.60.118 Southern California Region

7 of 12
15. Disable ICMP redirect support
Remediation Steps

Linux

Issue the following commands as root:

sysctl -w net.ipv4.conf.all.accept_redirects=0
sysctl -w net.ipv4.conf.default.accept_redirects=0
sysctl -w net.ipv4.conf.all.secure_redirects=0
sysctl -w net.ipv4.conf.default.secure_redirects=0
These settings can be added to /etc/sysctl.conf to make them permanent.

Affected Assets

Name IP Address Site

Unknown 10.3.60.110 Southern California Region

Unknown 10.3.60.118 Southern California Region

Unknown 10.3.60.126 Southern California Region

Unknown 10.3.60.139 Southern California Region

demo-training.pslab.rapid7.com 10.3.60.128 Southern California Region

metasploitable.localdomain 10.3.60.126 Southern California Region

16. Upgrade to the latest version of BIND

Remediation Steps
Download and apply the upgrade from: http://ftp.isc.org/isc/bind9/9.9.3-B2/9.9.3-B2.tar.gz

The latest version of BIND is version 9.9.3-B2.

http://ftp.isc.org/isc/bind9/9.9.3-B2/9.9.3-B2.tar.gz

Affected Assets

Name IP Address Site

metasploitable.localdomain 10.3.60.126 Southern California Region

8 of 12
17. Download and install Microsoft patch windowsserver2003.windowsxp-kb2508429-x64-
enu.exe (1044864 bytes)
Remediation Steps

Microsoft Windows XP Professional SP2 (x86_64)

Download and apply the patch from:
http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windowsserver2003.windowsxp-
kb2508429-x64-enu_a1ab44f33a891a3fdff7273ad240f35d5af7ce99.exe
http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windowsserver2003.windowsxp-
kb2508429-x64-enu_a1ab44f33a891a3fdff7273ad240f35d5af7ce99.exe

Affected Assets

Name IP Address Site

WINXP 10.3.60.121 Southern California Region

18. Download and install Microsoft patch windowsxp-kb2508429-x86-enu.exe (664960

bytes)
Remediation Steps

Microsoft Windows XP Professional SP3 (x86), Microsoft Windows XP Home SP3 (x86)
Download and apply the patch from:
http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windowsxp-kb2508429-x86-
enu_e0b40d81f2ecc1bad43439a6bd0a9e2a0ab7dd56.exe
http://download.windowsupdate.com/msdownload/update/software/secu/2011/03/windowsxp-kb2508429-
x86-enu_e0b40d81f2ecc1bad43439a6bd0a9e2a0ab7dd56.exe

Affected Assets

Name IP Address Site

WINXP 10.3.60.121 Southern California Region

19. Enable GRUB password

Remediation Steps

Set a password in the GRUB configuration file. This is often located in one of several locations, but can really be
anywhere:
/etc/grub.conf
/boot/grub/grub.conf
/boot/grub/menu.lst
To set a plain-text password, edit your GRUB configuration file and add the following line before the
first uncommented line:
password <password>
To set an encrypted password, run grub-md5-crypt and use its output when adding the following line before the
first uncommented line:
password --md5 <encryptedpassword>
For either approach, choose an appropriately strong password.

9 of 12
Affected Assets

Name IP Address Site

Unknown 10.3.60.110 Southern California Region

Unknown 10.3.60.126 Southern California Region

Unknown 10.3.60.139 Southern California Region

demo-training.pslab.rapid7.com 10.3.60.128 Southern California Region

metasploitable.localdomain 10.3.60.126 Southern California Region

20. Upgrade firefox

Remediation Steps

CentOS Linux >= 5 and < 6 (x86_64)

Update firefox to the latest version available from CentOS, using tools like yum or up2date.

Because CentOS RPMs are built off of RedHat SRPMs, there is a delay between when a vulnerability is published and
fixed in the RedHat SRPMs and the time that CentOS in turn rebuilds and redistributes the updated RPMs. As such, there
may be cases where the updated RPM(s) listed here might not exist in the CentOS RPM repositories yet.

Affected Assets

Name IP Address Site

Unknown 10.3.60.118 Southern California Region

21. Upgrade firefox-debuginfo

Remediation Steps

CentOS Linux >= 5 and < 6 (x86_64)

Update firefox-debuginfo to the latest version available from CentOS, using tools like yum or up2date.

Because CentOS RPMs are built off of RedHat SRPMs, there is a delay between when a vulnerability is published and
fixed in the RedHat SRPMs and the time that CentOS in turn rebuilds and redistributes the updated RPMs. As such, there
may be cases where the updated RPM(s) listed here might not exist in the CentOS RPM repositories yet.

Affected Assets

Name IP Address Site

Unknown 10.3.60.118 Southern California Region

10 of 12
 22. Edit '/etc/securetty' entries
Remediation Steps

Remove all the entries in /etc/securetty except console, tty[0-9]* and vc\[0-9]*
Note: ssh does not use /etc/securetty. To disable root login through ssh, use the "PermitRootLogin" setting
in /etc/ssh/sshd_config and restart the ssh daemon.

Affected Assets

Name IP Address Site

Unknown 10.3.60.110 Southern California Region

Unknown 10.3.60.126 Southern California Region

Unknown 10.3.60.139 Southern California Region

demo-training.pslab.rapid7.com 10.3.60.128 Southern California Region

metasploitable.localdomain 10.3.60.126 Southern California Region

23. Download and install Microsoft patch windowsxp-kb982214-x86-custom-enu.exe

(665464 bytes)
Remediation Steps

Microsoft Windows XP Embedded (x86)

Download and apply the patch from:
http://download.windowsupdate.com/msdownload/update/software/secu/2010/08/windowsxp-kb982214-x86-custom-
enu_f735b1ab3c9d5e2a5f853ab2c4e66b0a402c6a09.exe
http://download.windowsupdate.com/msdownload/update/software/secu/2010/08/windowsxp-kb982214-x86-custom-
enu_f735b1ab3c9d5e2a5f853ab2c4e66b0a402c6a09.exe

Affected Assets

Name IP Address Site

WINXP 10.3.60.121 Southern California Region

11 of 12
24. Restrict User's home directory mode
Remediation Steps

Restrict the user home directory mode to at most 750 using the command:
chmod 750 userDir

Affected Assets

Name IP Address Site

Unknown 10.3.60.110 Southern California Region

Unknown 10.3.60.118 Southern California Region

Unknown 10.3.60.126 Southern California Region

Unknown 10.3.60.139 Southern California Region

demo-training.pslab.rapid7.com 10.3.60.128 Southern California Region

metasploitable.localdomain 10.3.60.126 Southern California Region

25. Upgrade java-1.6.0-openjdk-src

Remediation Steps

CentOS Linux >= 5 and < 6 (x86_64)

Update java-1.6.0-openjdk-src to the latest version available from CentOS, using tools like yum or up2date.

Because CentOS RPMs are built off of RedHat SRPMs, there is a delay between when a vulnerability is published and
fixed in the RedHat SRPMs and the time that CentOS in turn rebuilds and redistributes the updated RPMs. As such, there
may be cases where the updated RPM(s) listed here might not exist in the CentOS RPM repositories yet.

Affected Assets

Name IP Address Site

Unknown 10.3.60.118 Southern California Region

12 of 12