I'm running CiscoWorks RME4.0.5 on Solaris 9. I received the following in the security audit for CiscoWorks server. Can someone tell me if it is safe to apply the recommended changes without hurting CiscoWorks functionality?
5.6.19 Sybase Information Disclosure
Observation: The remote database server is affected by an information disclosure vulnerability.
Tool Used: ISS Internet Scanner
Risk - Medium: The remote Sybase SQL Anywhere / Adaptive Server Anywhere database is configured to listen for client connection broadcasts, which allows an attacker to see the name and port that the Sybase SQL Anywhere / Adaptive Server Anywhere server is running on.
Ease of Exploit: Medium difficulty to execute.
Recommendations: Switch off broadcast listening via the '-sb' switch when starting Sybase.