How can we solve a vulnerability where the solution is "There are no solution available at this time"...
Your help is appreciated.
It all depends on what the vulnerability is. When a QID posts "There is no solution available..." then it's generally going to be a 0-day vulnerability with no patch.
Not having a patch available, simply means that you're going to attempt to mitigate the vulnerability by limiting access to the vulnerable component. This may mean firewalling a server (or service) off, implementing additional ACLs, removing local users, or uninstalling unnecessary client-side software.
Hope this helps,
Thanks for your reply. The issue is with QID: 38147 ...
I don't think it is a 0-day vulnerability, as it was first published in 2002 and last modified in 2009.
Thanks for your help,
This Vuln. affects a protocol (XDMCP) which is transmitted over the network in clear text.
"The host is running the XDMCP protocol. This protocol is insecure because the XDMCP data is not encrypted. By exploiting this vulnerability, an attacker with access to the XDMCP traffic can obtain the passwords of the XDMCP users."
There is no patch for the protocol. So either tunnel XDMCP through some encrypted tunnel (i.e http://tldp.org/HOWTO/XDMCP-HOWTO/ssh.html) from point to point or disable the service XDMCP on the affected host(s) if it's not used.
Retrieving data ...