Network Vulnerability Assessment Report |
| |
Sorted by host names |
| |||||||||
|
Host | Holes | Warnings | Open ports | State |
10.0.0.34 | 3 | 2 | 5 | Finished |
Service | Severity | Description |
ftp (21/tcp) | Port is open | |
ssh (22/tcp) | Port is open | |
telnet (23/tcp) | Port is open | |
www (80/tcp) | Port is open | |
snmp (161/udp) | Port is open | |
www (80/tcp) | The following URLs seem to be vulnerable to various SQL injection techniques : /cgi-bin/webcm?var:main=' /cgi-bin/webcm?var:main='%22 /cgi-bin/webcm?var:main=9%2c+9%2c+9 /cgi-bin/webcm?var:main='bad_bad_value /cgi-bin/webcm?var:main=bad_bad_value' /cgi-bin/webcm?var:main='+OR+' /cgi-bin/webcm?var:main='WHERE /cgi-bin/webcm?var:main=%3B /cgi-bin/webcm?var:main='OR An attacker may exploit this flaws to bypass authentication or to take the control of the remote database. Solution : Modify the relevant CGIs so that they properly escape arguments Risk factor : High See also : http://www.securiteam.com/securityreviews/5DP0N1P76E.html | |
snmp (161/udp) | SNMP Agent responded as expected with community name: public CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254, CAN-1999-0516 BID : 11237, 10576, 177, 2112, 6825, 7081, 7212, 7317, 9681, 986 Other references : IAVA:2001-B-0001 | |
ssh (22/tcp) | You are running a version of OpenSSH which is older than 3.7.1 Versions older than 3.7.1 are vulnerable to a flaw in the buffer management functions which might allow an attacker to execute arbitrary commands on this host. An exploit for this issue is rumored to exist. Note that several distribution patched this hole without changing the version number of OpenSSH. Since Nessus solely relied on the banner of the remote SSH server to perform this check, this might be a false positive. If you are running a RedHat host, make sure that the command : rpm -q openssh-server Returns : openssh-server-3.1p1-13 (RedHat 7.x) openssh-server-3.4p1-7 (RedHat 8.0) openssh-server-3.5p1-11 (RedHat 9) Solution : Upgrade to OpenSSH 3.7.1 See also : http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2 http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2 Risk factor : High CVE : CAN-2003-0682, CAN-2003-0693, CAN-2003-0695 BID : 8628 Other references : RHSA:RHSA-2003:279, SuSE:SUSE-SA:2003:039 | |
ssh (22/tcp) | The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol. These protocols are not completely cryptographically safe so they should not be used. Solution : If you use OpenSSH, set the option 'Protocol' to '2' If you use SSH.com's set the option 'Ssh1Compatibility' to 'no' Risk factor : Low | |
snmp (161/udp) | A SNMP server is running on this host The following versions are supported SNMP version1 SNMP version2c | |
www (80/tcp) | A web server is running on this port | |
ftp (21/tcp) | Remote FTP server banner : 220 FTPU ready. | |
www (80/tcp) | The following directories were discovered: /cgi-bin, /html While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards Other references : OWASP:OWASP-CM-006 | |
www (80/tcp) | The following CGI have been discovered : Syntax : cginame (arguments [default value]) /cgi-bin/webcm (var:main [menu] var:style [style5] getpage [../html/defs/style5/menus/menu.html] errorpage [../html/index.html] var:pagename [home] var:errorpagename [home] var:menu [home] var:menutitle [Home] var:pagetitle [Home] var:pagemaster [home] login:command/username [] login:command/password [] ) | |
www (80/tcp) | The remote web server type is : | |
ftp (21/tcp) | An FTP server is running on this port. Here is its banner : 220 FTPU ready. | |
telnet (23/tcp) | A telnet server seems to be running on this port | |
ssh (22/tcp) | An ssh server is running on this port | |
general/udp | For your information, here is the traceroute to 10.0.0.34 : 10.0.0.59 10.0.0.34 | |
telnet (23/tcp) | Remote telnet banner : BusyBox on (none) login: | |
ssh (22/tcp) | Remote SSH version : SSH-2.0-OpenSSH_3.6p1 |