This workaround provides specifics on how to configure two mail servers. This par‐
ticular system uses Postfix, which is one of the details provided. However, other mail
servers may also expose this vulnerability. If you need
help with configuration of
those servers, you will have to do additional research.
The final columns to look at are the Host column and the Location. The host tells you
which system had the vulnerability. This is important so your organization knows
which system it needs to be performing the configuration work on.
The location tells
you which port the targeted service runs on. This lets you know where you should be
targeting your additional testing. When you provide details to the organization, the
system that’s impacted is important to include. I also include
any mitigations or fixes
that may be available when I write reports for clients.
Network Device Vulnerabilities
OpenVAS is capable of testing network devices. If your network devices are accessible
over
the networks you are scanning, they can get touched by OpenVAS, which can
detect the type of device and apply the appropriate tests. However,
programs also are
included with Kali that are specific to network devices and vendors. Cisco is a com‐
mon networking equipment vendor. Unsurprisingly, various programs will perform
testing on Cisco devices.
The more targets available, the better chance that someone
will be developing tools and exploits against those targets. Cisco has majority market
share
in routing and switching, so those devices make good targets for attacks.
Network devices are often managed over networks. This can be done through web
interfaces using HTTP or they may also be done on a console through a protocol like
SSH or—far less ideal but still possible—Telnet. Once you have any device on a net‐
work, it has the potential to be exploited. Using
the tools available in Kali, you can
start to identify potential vulnerabilities in the critical network infrastructure.
