Network Vulnerability Assessment Report |
| |
Sorted by host names |
| |||||||||
|
Host | Holes | Warnings | Open ports | State |
10.0.0.99 | 0 | 1 | 3 | Finished |
Service | Severity | Description |
www (80/tcp) | Port is open | |
domain (53/udp) | Port is open | |
domain (53/tcp) | Port is open | |
domain (53/udp) | Synopsis : The remote name server allows recursive queries to be performed by the host running nessusd. Description : It is possible to query the remote name server for third party names. If this is your internal nameserver, then forget this warning. If you are probing a remote nameserver, then it allows anyone to use it to resolve third parties names (such as www.nessus.org). This allows hackers to do cache poisoning attacks against this nameserver. If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system. See also : http://www.cert.org/advisories/CA-1997-22.html Solution : Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it). If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command Then, within the options block, you can explicitly state: 'allow-recursion { hosts_defined_in_acl }' For more info on Bind 9 administration (to include recursion), see: http://www.nominum.com/content/documents/bind9arm.pdf If you are using another name server, consult its documentation. Risk factor : Medium / CVSS Base Score : 4 (AV:R/AC:L/Au:NR/C:N/A:N/I:P/B:I) CVE : CVE-1999-0024 BID : 136, 678 | |
www (80/tcp) | A web server is running on this port | |
domain (53/udp) | Synopsis : Remote DNS server is vulnerable to Cache Snooping attacks. Description : The remote DNS server answers to queries for third party domains which do not have the recursion bit set. This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited. For instance, if an attacker was interested in whether your company utilizes the online services of a particular financial institution, they would be able to use this attack to build a statistical model regarding company usage of aforementioned financial institution. Of course, the attack can also be used to find B2B partners, web-surfing patterns, external mail servers, and more... For a much more detailed discussion of the potential risks of allowing DNS cache information to be queried anonymously, please see: http://community.sidestep.pt/~luis/DNS-Cache-Snooping/DNS_Cache_Snooping_1.1.pdf Risk factor : Low / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) | |
domain (53/udp) | A DNS server is running on this port. If you do not use it, disable it. Risk factor : Low | |
domain (53/tcp) | Synopsis : It is possible to obtain the version number of the remote DNS server. Description : The remote host is running BIND, an open-source DNS server. It is possible to extract the version number of the remote installation by sending a special DNS request for the text 'version.bind' in the domain 'chaos'. Solution : It is possible to hide the version number of bind by using the 'version' directive in the 'options' section in named.conf Risk factor : None Plugin output: The version of the remote BIND server is : hidden | |
general/tcp | Nessus was not able to reliably identify the remote operating system. It might be: NetGear Router VMWare ESX Server 2.5 The fingerprint differs from these known signatures on 1 points. If you know what operating system this host is running, please send this signature to os-signatures@nessus.org : :1:1:0:255:1:255:1:0:255:1:0:255:1:>64:255:0:1:1:2:1:1:1:1:0:64:5440:MSTNW:0:1:1 ($Revision: 1.132 $) | |
www (80/tcp) | The remote web server type is : GoAhead-Webs | |
www (80/tcp) | Synopsis : The remote web server itself is prone to cross-site scripting attacks. Description : The remote host is running a web server that fails to adequately sanitize request strings of Javascript. By exploiting this flaw, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. Solution : Contact the vendor for a patch or upgrade. Risk factor : Low / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) Plugin output : The request string used to detect this flaw was: /<script>cross_site_scripting.nasl</script> CVE : CVE-2002-1060, CVE-2005-2453, CVE-2006-1681 BID : 5305, 7344, 7353, 8037, 14473, 17408 | |
domain (53/udp) | The remote name server could be fingerprinted as being : ISC BIND 9.3.0 | |
general/icmp | Synopsis : It is possible to determine the exact time set on the remote host. Description : The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentication protocols. Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Risk factor : None / CVSS Base Score : 0 (AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N) Plugin output : The difference between the local and remote clock is 57502 seconds CVE : CVE-1999-0524 | |
domain (53/tcp) | An unknown service runs on this port. It is sometimes opened by this/these Trojan horse(s): ADM worm Lion Unless you know for sure what is behind it, you'd better check your system *** Anyway, don't panic, Nessus only found an open port. It may *** have been dynamically allocated to some service (RPC...) Solution: if a trojan horse is running, run a good antivirus scanner Risk factor : Low |