Network Vulnerability Assessment Report
16.01.2007
Sorted by host names

Session name: acorp-lan422Start Time:16.01.2007 16:28:19
Finish Time:16.01.2007 16:45:58
Elapsed:0 day(s) 00:17:39
Total records generated:17
high severity:0
Medium severity:1
informational:16


Summary of scanned hosts

HostHolesWarningsOpen portsState
10.0.0.87016Finished


10.0.0.87

ServiceSeverityDescription
ftp (21/tcp)
Info
Port is open
ssh (22/tcp)
Info
Port is open
telnet (23/tcp)
Info
Port is open
www (80/tcp)
Info
Port is open
domain (53/tcp)
Info
Port is open
domain (53/udp)
Info
Port is open
telnet (23/tcp)
Medium

Synopsis :

A telnet server is listening on the remote port

Description :

The remote host is running a telnet server.
Using telnet is not recommended as logins, passwords and commands
are transferred in clear text.

An attacker may eavesdrop on a telnet session and obtain the
credentials of other users.

Solution :

Disable this service and use SSH instead

Risk factor :

Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)

Plugin output:

Remote telnet banner:


BusyBox on localhost login:
domain (53/tcp)
Info

Synopsis :

It is possible to obtain the version number of the remote DNS server.

Description :

The remote host is running BIND, an open-source DNS server. It is possible
to extract the version number of the remote installation by sending
a special DNS request for the text 'version.bind' in the domain 'chaos'.

Solution :

It is possible to hide the version number of bind by using the 'version'
directive in the 'options' section in named.conf

Risk factor :

None

Plugin output:

The version of the remote BIND server is : hidden
Other references : OSVDB:23
domain (53/udp)
Info

A DNS server is running on this port. If you do not use it, disable it.

Risk factor : Low
domain (53/udp)
Info

Nessus was not able to reliable identify the remote DNS server type.
It might be :
dnsmasq 2.27
ISC BIND 9.3.0
The fingerprint differs from these known signatures on 7 points.
If you know which DNS server this host is actually running, please send this signature to
dns-signatures@nessus.org :
2:2:2:1q:1:1q:2q:1q:2:0X:0AAX:0X:0X:0X:0X:0X:2:2:t:0X:0X:2:0AAXD:
ssh (22/tcp)
Info
An ssh server is running on this port
general/icmp
Info

Synopsis :

It is possible to determine the exact time set on the remote host.

Description :

The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.

This may help him to defeat all your time based authentication protocols.

Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).

Risk factor :

None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)

Plugin output :

The difference between the local and remote clocks is -715 seconds

CVE : CVE-1999-0524
telnet (23/tcp)
Info
A telnet server seems to be running on this port
www (80/tcp)
Info
A web server is running on this port
ftp (21/tcp)
Info
The service closed the connection after 0 seconds without sending any data
It might be protected by some TCP wrapper

ssh (22/tcp)
Info
Remote SSH version : SSH-2.0-OpenSSH_3.6p1


www (80/tcp)
Info
The following CGI have been discovered :

Syntax : cginame (arguments [default value])

/cgi-bin/webcm (var:main [menu] var:style [style5] getpage [/usr/www_safe/html/defs/style5/menus/menu.html] errorpage [/usr/www_safe/html/index.html] var:pagename [home] var:errorpagename [home] var:menu [home] var:menutitle [Home] var:pagetitle [Home] var:pagemaster [home] login:command/username [] login:command/password [] )