| Network Vulnerability Assessment Report |
| |
| Sorted by host names |
| |||||||||
|
| Host | Holes | Warnings | Open ports | State |
| 10.0.0.58 | 43 | 25 | 7 | Finished |
| Service | Severity | Description |
| ftp (21/tcp) | Port is open | |
| telnet (23/tcp) | Port is open | |
| www (80/tcp) | Port is open | |
| ssh (22/tcp) | Port is open | |
| snmp (161/udp) | Port is open | |
| domain (53/udp) | Port is open | |
| snmp (161/tcp) | Port is open | |
| www (80/tcp) | admin.cgi was detected on this server. Shoutcast server installs a version that is vulnerable to a buffer overflow. ** Note that Nessus did not try to exploit the flaw, ** so this might be a false alert. Solution : upgrade Shoutcast to the latest version. Risk factor : High CVE : CAN-2002-0199 BID : 3934 | |
| www (80/tcp) | There may be buffer overflow in the remote cgi win-c-sample.exe. An attacker may use this flaw to execute arbitrary commands on this host. *** Nessus reports this vulnerability using only *** information that was gathered. Use caution *** when testing without safe checks enabled. Solution : delete it Risk factor : High CVE : CVE-1999-0178 BID : 2078 | |
| www (80/tcp) | The remote host has the CGI 'hpnst.exe' installed. Older versions of this CGI (pre 5.55) are vulnerable to a denial of service attack where the user can make the CGI request itself. *** As safe checks are enabled, Nessus did not really test *** for this flaw, so this might be a false positive Solution : upgrade to version 5.55 Risk factor : High CVE : CAN-2003-0169 BID : 7246 | |
| www (80/tcp) | There may be a buffer overflow in the remote htimage.exe cgi when it is given the request : /cgi-bin/htimage.exe/AAAA[....]AAA?0,0 An attacker may use it to execute arbitrary code on this host. *** Nessus reports this vulnerability using only *** information that was gathered. Use caution *** when testing without safe checks enabled. Solution : delete it Risk factor : High CVE : CAN-2000-0256 BID : 1117 | |
| snmp (161/udp) | SNMP Agent responded as expected with community name: public CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254, CAN-1999-0516 BID : 11237, 10576, 177, 2112, 6825, 7081, 7212, 7317, 9681, 986 Other references : IAVA:2001-B-0001 | |
| www (80/tcp) | The 'webdist.cgi' cgi is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody). *** Nessus reports this vulnerability using only *** information that was gathered. Use caution *** when testing without safe checks enabled. Solution : remove it from /cgi-bin. Risk factor : High CVE : CVE-1999-0039 BID : 374 | |
| www (80/tcp) | The file ddicgi.exe exists on this webserver. Some versions of this file are vulnerable to remote exploit. An attacker may use this file to gain access to confidential data or escalate their privileges on the Web server. Solution : remove it from the cgi-bin or scripts directory. Risk factor : High CVE : CAN-2000-0826 BID : 1657 | |
| www (80/tcp) | The IIS server appears to have the .SHTML ISAPI filter mapped. At least one remote vulnerability has been discovered for the .SHTML filter. This is detailed in Microsoft Advisory MS02-018 and results in a denial of service access to the web server. It is recommended that even if you have patched this vulnerability that you unmap the .SHTML extension, and any other unused ISAPI extensions if they are not required for the operation of your site. An attacker may use this flaw to prevent the remote service from working properly. *** Nessus reports this vulnerability using only *** information that was gathered. Use caution *** when testing without safe checks enabled Solution: See http://www.microsoft.com/technet/security/bulletin/ms02-018.mspx and/or unmap the shtml/shtm isapi filters. To unmap the .shtml extension: 1.Open Internet Services Manager. 2.Right-click the Web server choose Properties from the context menu. 3.Master Properties 4.Select WWW Service -> Edit -> HomeDirectory -> Configuration and remove the reference to .shtml/shtm and sht from the list. Risk factor : Medium CVE : CAN-1999-1376, CVE-2000-0226, CVE-2002-0072 BID : 1066, 4479 Other references : IAVA:2002-A-0002 | |
| general/tcp | The remote host has predictable TCP sequence numbers. An attacker may use this flaw to establish spoofed TCP connections to this host. Solution : Contact your vendor for a patch Risk factor : High CVE : CVE-1999-0077 BID : 107, 10881, 670 | |
| www (80/tcp) | There may be a buffer overrun in the 'cgitest.exe' CGI program, which will allow anyone to execute arbitrary commands with the same privileges as the web server (root or nobody). *** Nessus reports this vulnerability using only *** information that was gathered. Use caution *** when testing without safe checks enabled. Solution : remove it from /cgi-bin Risk factor : High CVE : CVE-2002-0128 BID : 3885 | |
| snmp (161/tcp) | Using SNMP, it was possible to determine the login/password pair of what is likely to be the remote ADSL connection : 'Af'/'Ag' Solution : Filter incoming traffic to this port, and change your SNMP community name to a secret one Risk factor : High BID : 7212 | |
| www (80/tcp) | The CGI /pbserver/pbserver.dll is subject to a buffer overflow attack that allows an attacker to execute arbitrary commands on this host. *** Nessus reports this vulnerability using only *** information that was gathered. Use caution *** when testing without safe checks enabled. Solution : See http://www.microsoft.com/technet/security/bulletin/ms00-094.mspx Risk factor : High CVE : CVE-2000-1089 BID : 2048 | |
| www (80/tcp) | The 'imagemap.exe' cgi is installed. This CGI may be vulnerable to a buffer overflow that will allow a remote user to execute arbitrary commands with the privileges of your httpd server (either nobody or root). *** Nessus reports this vulnerability using only *** information that was gathered. Use caution *** when testing without safe checks enabled. Solution : remove it from /cgi-bin. Risk factor : High CVE : CVE-1999-0951 BID : 739 | |
| www (80/tcp) | The CGI 'wwwwais' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon (usually root or nobody). *** Nessus reports this vulnerability using only *** information that was gathered. Use caution *** when testing without safe checks enabled. Solution : remove it from /cgi-bin. Risk factor : High CVE : CAN-2001-0223 | |
| www (80/tcp) | Some versions of the mini-sql program comes with a w3-msql CGI which is vulnerable to a buffer overflow. An attacker may use it to gain a shell on this system. *** Nessus reports this vulnerability using only *** information that was gathered. Use caution *** when testing without safe checks enabled. Solution : contact the vendor of mini-sql (http://hugues.com.au) and ask for a patch. Meanwhile, remove w3-msql from /cgi-bin Risk factor : High CVE : CVE-2000-0012 BID : 898 | |
| www (80/tcp) | It is possible to read arbitrary files on the remote Snapstream PVS server by prepending ../../ in front on the file name. It may also be possible to read ../ssd.ini which contains many informations on the system (base directory, usernames & passwords). Solution : Upgrade your software or change it! Risk factor : High CVE : CVE-2001-1108 BID : 3100 | |
| www (80/tcp) | The 'websendmail' CGI is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon (usually root or nobody). Solution : Remove it from /cgi-bin. Risk factor : High CVE : CVE-1999-0196 BID : 2077 | |
| www (80/tcp) | The CSNews.cgi exists on this webserver. Some versions of this file are vulnerable to remote exploit. An attacker may make use of this file to gain access to confidential data or escalate their privileges on the Web server. Solution : remove it from the cgi-bin or scripts directory. Risk factor : High CVE : CAN-2002-0923 BID : 4994 | |
| www (80/tcp) | The 'get32.exe' CGI script is installed on this machine. This CGI has a well known security flaw that allows an attacker to execute arbitrary commands on the remote system with the privileges of the HTTP daemon (typically root or nobody). Solution : Remove the 'get32.exe' script from your web server's CGI directory (usually cgi-bin/).. Risk factor : High CVE : CAN-1999-0885 BID : 770 | |
| www (80/tcp) | The CGI 'cgiWebupdate.exe' exists on this webserver. Some versions of this file are vulnerable to remote exploit. An attacker can use this hole to gain access to confidential data or escalate their privileges on the web server. Solution : remove it from the cgi-bin or scripts folder. *** As Nessus solely relied on the existence of the cgiWebupdate.exe file, *** this might be a false positive Risk factor : High CVE : CAN-2001-1150 BID : 3216 | |
| www (80/tcp) | The CGI 'CgiMail.exe' exists on this webserver. Some versions of this file are vulnerable to remote exploit. An attacker can use this flaw to gain access to confidential data or further escalate their privileges. Solution : Remove this file from your cgi-bin or scripts folder. Risk factor : High CVE : CVE-2000-0726 BID : 1623 | |
| www (80/tcp) | The CGI 'build.cgi' is installed. This CGI has a well known security flaw that lets an attacker obtain the password of the remote AdCycle database or delete databases. Solution : remove it from /cgi-bin. Risk factor : High CVE : CAN-2000-1161 BID : 1969 | |
| www (80/tcp) | The 'webgais' CGI is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon (usually root or nobody). Solution : remove it from /cgi-bin Risk factor : High CVE : CVE-1999-0176 BID : 2058 | |
| www (80/tcp) | Many Web servers ship with default CGI scripts which allow for ODBC access and configuration. Some of these test ODBC tools are present on the remote web server. These tools could allow a malicious user to hijack and redirect ODBC traffic, obtain SQL user names and passwords or write files to the local drive of a vulnerable server. Example: http://target/scripts/tools/getdrvrs.exe The following ODBC tools were found on the server: /scripts/tools/getdrvrs.exe /scripts/tools/dsnform.exeSolution : Remove the specified ODBC tools from the /scripts/tools directory. Risk factor : High | |
| www (80/tcp) | The 'windmail.exe' CGI is installed. Some versions of this CGI script have a security flaw that lets an attacker execute arbitrary commands on the remote server. To test this, make the following request : GET /cgi-bin/windmail.exe?-n%20c:\boot.ini%20you@youraddress.com (replace you@youraddress.com by your real email address). If you receive the content of the file boot.ini, then your server is vulnerable. Solution : remove it from /cgi-bin. See www.geocel.com for a new version. Risk factor : High CVE : CAN-2000-0242 BID : 1073 | |
| www (80/tcp) | The CGI 'viralator.cgi' is installed. Some versions of this CGI are don't check properly the user input and allow anyone to execute arbitrary commands with the privileges of the web server ** No flaw was tested. Your script might be a safe version. Solutions : Upgrade this script to version 0.9pre2 or newer Risk factor : High CVE : CAN-2001-0849 BID : 3495 | |
| www (80/tcp) | The 'Perl' CGI is installed and can be launched as a CGI. This is equivalent to giving a free shell to an attacker, with the http server privileges (usually root or nobody). Solution : remove it from /cgi-bin Risk factor : High CVE : CAN-1999-0509 | |
| www (80/tcp) | The executables 'redirect.exe' and/or 'changepw.exe' exist on this webserver. Some versions of these files are vulnerable to remote exploit. An attacker can use this hole to gain access to confidential data or escalate their privileges on the web server. *** As Nessus solely relied on the existence of the redirect.exe or changepw.exe files, *** this might be a false positive Solution : remove them from cgi-bin or scripts folder. Risk factor : High CVE : CAN-2000-0401 BID : 1256 | |
| www (80/tcp) | The 'uploader.exe' CGI is installed. This CGI has a well known security flaw that lets anyone upload arbitrary CGI on the server, and then execute them. Solution : remove it from /cgi-win. Risk factor : High CVE : CVE-1999-0177 | |
| www (80/tcp) | The use of /iisadmin is not limited to the loopback address. Anyone can use it to reconfigure your web server. Solution : Restrict access to /iisadmin through the IIS ISM Risk factor : High CVE : CAN-1999-1538 BID : 189 | |
| www (80/tcp) | The remote web server has one of these shells installed in /cgi-bin : ash, bash, csh, ksh, sh, tcsh, zsh Leaving executable shells in the cgi-bin directory of a web server may allow an attacker to execute arbitrary commands on the target machine with the privileges of the http daemon (usually root or nobody). Solution : Remove all the shells from /cgi-bin. Risk factor : High CVE : CAN-1999-0509 | |
| www (80/tcp) | The 'guestbook.cgi' is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody). Solution : remove it from /cgi-bin. Risk factor : High CVE : CVE-1999-0237 BID : 776 | |
| www (80/tcp) | The CGI /scripts/tools/ctss.idc is present. This CGI allows an attacker to view and modify SQL database contents. Solution : Delete the file Reference : http://online.securityfocus.com/archive/101/200779 Reference : http://online.securityfocus.com/archive/101/200615 Risk factor : High | |
| www (80/tcp) | The 'nph-publish.cgi' is installed. This CGI has a well known security flaw that lets an attacker to execute arbitrary commands with the privileges of the http daemon (usually root or nobody). Solution : remove it from /cgi-bin. Risk factor : High CVE : CVE-1999-1177, CAN-2001-0400 BID : 2563 | |
| www (80/tcp) | The 'glimpse' cgi is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody). Note that we could not actually check for the presence of this vulnerability, so you may be using a patched version. Solution : remove it from /cgi-bin. Risk factor : High CVE : CVE-1999-0147 BID : 2026 | |
| www (80/tcp) | The Cobalt 'siteUserMod' CGI is installed. Older versions of this CGI allow any user to change the administrator password. Make sure you are running the latest version. Solution : RaQ 1 Users, download : ftp://ftp.cobaltnet.com/ pub/experimental/security/siteUserMod/RaQ1-Security-3.6.pkg RaQ 2 Users, download : ftp://ftp.cobaltnet.com/ pub/experimental/security/siteUserMod/RaQ2-Security-2.94.pkg RaQ 3 Users, download : ftp://ftp.cobaltnet.com/ pub/experimental/security/siteUserMod/RaQ3-Security-2.2.pkg Risk factor : High CVE : CVE-2000-0117 BID : 951 | |
| www (80/tcp) | It is possible to read any file on the remote system by prepending several dots before the file name. Example : GET ........../config.sys Solution : Disable this service and install a real Web Server. Risk factor : High CVE : CVE-1999-0386 | |
| www (80/tcp) | The remote HTTP server allows an attacker to read arbitrary files on the remote web server, simply by adding dots in front of its name. Example: GET /../../winnt/boot.ini will return your C:\winnt\boot.ini file. Solution : Upgrade your web server to a version that solves this vulnerability, or consider changing to another web server, such as Apache (http://www.apache.org). Risk factor : High CVE : CAN-1999-0776 BID : 270 | |
| www (80/tcp) | The file ndcgi.exe exists on this webserver. Some versions of this file are vulnerable to remote exploit. Solution : remove it from /cgi-bin. More info can be found at: http://marc.theaimsgroup.com/?l=bugtraq&m=100681274915525&w=2 *** As Nessus solely relied on the existence of the ndcgi.exe file, *** this might be a false positive Risk factor : High CVE : CAN-2001-0922 | |
| www (80/tcp) | We detected a vulnerable version of the DCShop CGI. This version does not properly protect user and credit card information. It is possible to access files that contain administrative passwords, current and pending transactions and credit card information (along with name, address, etc). The following files are affected: DCShop orders file: /DCshop/Orders/orders.txt DCShop orders file: /DCshop/orders/orders.txt DCShop authentication file: /DCshop/Auth_data/auth_user_file.txt DCShop authentication file: /DCshop/auth_data/auth_user_file.txt Solution: 1. Rename following directories to something hard to guess: - Data - User_carts - Orders - Auth_data 2. Make these changes to dcshop.setup and dcshop_admin.setup. - In dcshop.setup, modify: $datadir = '$cgidir/Data' $cart_dir = '$cgidir/User_carts' $order_dir = '$cgidir/Orders' - In dcshop_admin.setup, modify: $password_file_dir = '$path/Auth_data' 3. Rename dcshop.setup and dcshop_admin.setup to something difficult to guess. For example, dcshop_4314312.setup and dcshop_admin_3124214.setup 4. Edit dcshop.cgi, dcshop_admin.cgi, and dcshop_checkout.cgi and modify the require statement for dcshop.setup and dcshop_admin.setup. That is: - In dcshop.cgi, modify require '$path/dcshop.setup' so that it uses new setup file. For example, require '$path/dcshop_4314312.setup' - In dcshop_admin.cgi, modify require '$path/dcshop.setup' require '$path/dcshop_admin.setup' so that it uses new setup file. For example, require '$path/dcshop_4314312.setup' require '$path/dcshop_admin_3124214.setup' - In dcshop_checkout.cgi, modify require '$path/dcshop.setup' so that it uses new setup file. For example, require '$path/dcshop_4314312.setup' 5. Save following file as index.html and upload it to your /cgi-bin/dcshop directory, thereby hiding directory listing. On NT servers, you may have to rename this file to default.htm. http://www.dcscripts.com/FAQ/ This page show 'Internal Server Error' so it is not an error page... it's just an index.html file to HIDE directories. 6. Replace your current files with above files Risk factor : High Additional information: http://www.securiteam.com/unixfocus/5RP0N2K4KE.html CVE : CAN-2001-0821 BID : 2889 | |
| www (80/tcp) | basilix.php3 is installed on this web server. Some versions of this webmail software allow the users to read any file on the system with the permission of the webmail software, and execute any PHP. Solution : Update Basilix or remove DUMMY from lang.inc Risk factor : Low CVE : CAN-2001-1045 BID : 2995 | |
| www (80/tcp) | The foxweb.dll or foxweb.exe CGI is installed. Versions 2.5 and below of this CGI program have a security flaw that lets an attacker execute arbitrary code on the remote server. ** Since Nessus just verified the presence of the CGI but could ** not check the version number, this might be a false alarm. Solution : remove it from /cgi-bin or upgrade it Risk factor : High | |
| www (80/tcp) | The file counter.exe seems to be present on the server As safe_checks were enabled, this may be a false positive CVE : CAN-1999-1030 BID : 267 Other references : OSVDB:9826 | |
| www (80/tcp) | The 'ibillpm.pl' CGI is installed. Some versions of this CGI use a weak password management system that can be brute-forced. ** No flaw was tested. Your script might be a safe version. Solutions : upgrade the script if possible. If not: 1) Move the script elsewhere (security through obscurity) 2) Request that iBill fix it. 3) Configure your web server so that only addreses from ibill.com may access it. Risk factor : Low BID : 3476 | |
| www (80/tcp) | The 'mailnews' cgi is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon (usually root or nobody). Solution : remove it from /cgi-bin. Risk factor : High CVE : CAN-2001-0271 BID : 2391 | |
| www (80/tcp) | The 'nph-test-cgi' CGI is installed. This CGI has a well known security flaw that lets an attacker get a listing of the /cgi-bin directory, thus discovering which CGIs are installed on the remote host. Solution : remove it from /cgi-bin. Risk factor : High CVE : CVE-1999-0045 BID : 686 | |
| www (80/tcp) | Your website allows read access to the CVS/Entries file. This exposes all file names in your CVS module on your website. Solution: Change your website permissions to deny access to your CVS directory. Entries contains the following: <html> <head> <title>SWW link</title> <script language="JavaScript"> function changeURL(strurl){ window.location.href = strurl } </script> </head> <body> <FORM METHOD="POST" ACTION="/Forms/ZSSW_1" target="_top"> <script language="JavaScript"> changeURL('/rpAuth.html') </script> Please wait..... </form> </body> </html> | |
| www (80/tcp) | /base/webmail/readmsg.php was detected. Some versions of this CGI allow remote users to read local files with the permission of the web server. Note that if the user has a shell access, this kind of attack is not interesting. *** Nessus just checked the presence of this file *** but did not try to exploit the flaw. Solution : get a newer software from Cobalt Reference : http://online.securityfocus.com/archive/1/195165 Risk factor : Low CVE : CAN-2001-1408 | |
| www (80/tcp) | The 'printenv' CGI is installed. printenv normally returns all environment variables. This gives an attacker valuable information about the configuration of your web server. Solution : Remove it from /cgi-bin. Risk factor : Medium | |
| www (80/tcp) | The 'finger' cgi is installed. It is usually not a good idea to have such a service installed, since it usually gives more troubles than anything else. Double check that you really want to have this service installed. Solution : remove it from /cgi-bin. Risk factor : High | |
| www (80/tcp) | The 'PGPMail.pl' CGI is installed. Some versions (up to v1.31 a least) of this CGI do not properly filter user input before using it inside commands. This would allow a cracker to run any command on your server. *** Note: Nessus just checked the presence of this CGI *** but did not try to exploit the flaws. Solution : remove it from /cgi-bin or upgrade it. Reference : http://online.securityfocus.com/archive/82/243262 Reference : http://online.securityfocus.com/archive/1/243408 Risk factor : High CVE : CAN-2001-0937 BID : 3605 | |
| www (80/tcp) | The CGI script ppdscgi.exe, part of the PowerPlay Web Edition package, is installed. Due to design problems as well as some potential web server misconfiguration PowerPlay Web Edition may serve up data cubes in a non-secure manner. Execution of the PowerPlay CGI pulls cube data into files in an unprotected temporary directory. Those files are then fed back to frames in the browser. In some cases it is trivial for an unauthenticated user to tap into those data files before they are purged. Solution : Cognos doesn't consider this problem as being an issue, so they do not provide any solution. Risk factor : Medium BID : 491 | |
| www (80/tcp) | The 'cgi.rb' CGI is installed. Some versions is vulnerable to remote denial of service. By sending a specially crafted HTTP POST request, a malicious user can force the remote host to consume a large amount of CPU ressources. *** Warning : Nessus solely relied on the presence of this CGI, it did not *** determine if you specific version is vulnerable to that problem Solution : Verify that your version is at least 1.8.1 or later Risk factor : High CVE : CAN-2004-0983 | |
| www (80/tcp) | The cgi 'dumpenv.pl' is installed. This CGI gives away too much information about the web server configuration, which will help an attacker. Solution : remove it from /cgi-bin. Risk factor : Low CVE : CAN-1999-1178 | |
| www (80/tcp) | The 'wrap' CGI is installed. This CGI allows anyone to get a listing for any directory with mode +755. *** Note that all implementations of 'wrap' are not *** vulnerable. See the relevant CVE entry. Solution : remove it from /cgi-bin. Risk factor : Low / Medium CVE : CVE-1999-0149 BID : 373 | |
| domain (53/udp) | The remote name server allows recursive queries to be performed by the host running nessusd. If this is your internal nameserver, then forget this warning. If you are probing a remote nameserver, then it allows anyone to use it to resolve third parties names (such as www.nessus.org). This allows hackers to do cache poisoning attacks against this nameserver. If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system. See also : http://www.cert.org/advisories/CA-1997-22.html Solution : Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it). If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command Then, within the options block, you can explicitly state: 'allow-recursion { hosts_defined_in_acl }' For more info on Bind 9 administration (to include recursion), see: http://www.nominum.com/content/documents/bind9arm.pdf If you are using another name server, consult its documentation. Risk factor : High CVE : CVE-1999-0024 BID : 136, 678 | |
| www (80/tcp) | 'cgiwrap' is installed. If you are running an unpatched Cobalt RaQ, the version of cgiwrap distributed with that system has a known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon (root or nobody). This flaw exists only on the Cobalt modified cgiwrap. Standard builds of cgiwrap are not affected. Solution : upgrade your Cobalt RaQ to apply fix Risk factor : Medium CVE : CVE-1999-1530, CVE-2000-0431 BID : 1238, 777 | |
| ssh (22/tcp) | The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol. These protocols are not completely cryptographically safe so they should not be used. Solution : If you use OpenSSH, set the option 'Protocol' to '2' If you use SSH.com's set the option 'Ssh1Compatibility' to 'no' Risk factor : Low | |
| www (80/tcp) | The '_maincfgret' cgi is installed. Some versions were vulnerable to a buffer overflow. ** This might be a false positive, no attack was performed ** and the version was not checked http://www.idefense.com/application/poi/display?id=142&type=vulnerabilities http://www.packetstormsecurity.org/0408-advisories/08.25.04.txt Solution : upgrade to Whatsup Gold 8.03 HF 1 if needed Risk factor : High CVE : CAN-2004-0798 BID : 11043 | |
| www (80/tcp) | It is possible to fill the hard disk of a server running OmniHTTPd by issuing the request : http://omni.server/cgi-bin/visadmin.exe?user=guest This allows an attacker to crash your web server. This script checks for the presence of the faulty CGI, but does not execute it. Solution : remove visadmin.exe from /cgi-bin. Risk factor : Medium / High CVE : CAN-1999-0970 BID : 1808 | |
| snmp (161/udp) | It was possible to obtain the list of SMB users of the remote host via SNMP : . An attacker may use this information to set up brute force attacks or find an unused account. Solution : disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port Risk factor : Medium | |
| www (80/tcp) | /mt/mt.cfg is installed by the Movable Type Publishing Platform and contains information that should not be exposed. Solution: Configure your web server not to serve .cfg files. Risk factor : Low | |
| www (80/tcp) | webadmin.dll was found on your web server. Old versions of this CGI suffered from numerous problems: - installation path disclosure - directory traversal, allowing anybody with administrative permission on WebAdmin to read any file - buffer overflow, allowing anybody to run arbitrary code on your server with SYSTEM privileges. *** Note that no attack was performed, and the version number was *** not checked, so this might be a false alert Solution : Upgrade to the latest version if necessary Risk factor : High CVE : CAN-2003-0471 BID : 7438, 7439, 8024 | |
| www (80/tcp) | Carello.dll was found on your web server. Versions up to 1.3 of this web shopping cart allowed anybody to run arbitrary commands on your server. *** Note that no attack was performed, and the version number was *** not checked, so this might be a false alert Solution : Upgrade to the latest version if necessary Risk factor : High | |
| snmp (161/udp) | It was possible to obtain the list of Lanman services of the remote host via SNMP : . An attacker may use this information to gain more knowledge about the target host. Solution : disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port Risk factor : Low | |
| www (80/tcp) | The rpm_query CGI is installed. This CGI allows anyone who can connect to this web server to obtain the list of the installed RPMs. This allows an attacker to determine the version number of your installed services, hence making their attacks more accurate. Solution : remove this CGI from cgi-bin/ Risk factor : Low CVE : CVE-2000-0192 BID : 1036 | |
| www (80/tcp) | Sunsolve CD CGI scripts does not validate user input. Crackers may use them to execute some commands on your system. ** Note: Nessus did not try to perform the attack. Risk factor : High CVE : CAN-2002-0436 BID : 4269 | |
| snmp (161/udp) | It was possible to obtain the list of Lanman shares of the remote host via SNMP : . An attacker may use this information to gain more knowledge about the target host. Solution : disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port Risk factor : Low CVE : CAN-1999-0499 | |
| www (80/tcp) | The Trend Micro Emanager software resides on this server. Some versions of this software have vulnerable dlls. If vulnerable, remote exploit is possible. For more info, visit: http://www.securityfocus.com/bid/3327 Solution : Remove this CGI or upgrade to the latest version of this software Risk factor : Medium CVE : CAN-2001-0958 BID : 3327 | |
| ftp (21/tcp) | Remote FTP server banner : 220 FTP version 1.0 ready at Fri Nov 18 12:50:01 2005 | |
| www (80/tcp) | A web server is running on this port | |
| general/udp | For your information, here is the traceroute to 10.0.0.58 : 10.0.0.59 10.0.0.58 | |
| ftp (21/tcp) | Remote FTP server banner : 220 FTP version 1.0 ready at Fri Nov 18 12:49:45 2005 | |
| snmp (161/udp) | Using SNMP, we could determine that the remote operating system is : ZyWALL 5 | |
| general/tcp | 10.0.0.58 resolves as Zy0013493228EF.ixbt.lab. | |
| general/tcp | Nessus was not able to reliably identify the remote operating system. It might be: Lexmark Printer Alteon Netopia Router 3Com SuperStack II The fingerprint differs from these known signatures on 2 points. If you know what operating system this host is running, please send this signature to os-signatures@nessus.org : :1:1:0:255:0:255:1:0:255:1:0:255:1:8:255:0:1:1:2:1:1:1:0:1:255:23360:M:N:N:N | |
| ssh (22/tcp) | An ssh server is running on this port | |
| ftp (21/tcp) | An FTP server is running on this port. Here is its banner : 220 FTP version 1.0 ready at Fri Nov 18 12:49:45 2005 | |
| telnet (23/tcp) | A telnet server seems to be running on this port | |
| domain (53/udp) | A DNS server is running on this port. If you do not use it, disable it. Risk factor : Low | |
| domain (53/udp) | The remote DNS server answers to queries for third party domains which do not have the recursion bit set. This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited. For instance, if an attacker was interested in whether your company utilizes the online services of a particular financial institution, they would be able to use this attack to build a statistical model regarding company usage of aforementioned financial institution. Of course, the attack can also be used to find B2B partners, web-surfing patterns, external mail servers, and more... For a much more detailed discussion of the potential risks of allowing DNS cache information to be queried anonymously, please see: http://community.sidestep.pt/~luis/DNS-Cache-Snooping/DNS_Cache_Snooping_1.1.pdf Risk factor : Low | |
| telnet (23/tcp) | Remote telnet banner : Password: " |