Vulnerability Scanning Solutions, LLC.

Sample Report


Vulnerability Analysis Report


        The Vulnerability Analysis report addresses the security of 1 host

  • 7 security holes have been found
  • 19 security warnings have been found
  • 49 security notes have been found


Part I : Graphical Summary :










Part II. Results, by host :

192.168.100.205

    Repartition of the level of the security problems :

Port Scan: List of open ports :

    • ssh (22/tcp) (Security warnings found)
    • ftp (21/tcp) (Security notes found)
    • smtp (25/tcp) (Security hole found)
    • domain (53/tcp) (Security hole found)
    • http (80/tcp) (Security hole found)
    • sunrpc (111/tcp) (Security notes found)
    • pop3 (110/tcp) (Security notes found)
    • imap (143/tcp) (Security notes found)
    • netbios-ssn (139/tcp) (Security hole found)
    • smux (199/tcp) (Security notes found)
    • https (443/tcp) (Security hole found)
    • printer (515/tcp) (Security notes found)
    • pop3s (995/tcp) (Security warnings found)
    • imaps (993/tcp) (Security warnings found)
    • msg (1241/tcp) (Security warnings found)
    • mysql (3306/tcp) (Security notes found)
    • vnc-http-1 (5801/tcp) (Security warnings found)
    • vnc-1 (5901/tcp) (Security warnings found)
    • x11 (6000/tcp) (Security warnings found)
    • X11:1 (6001/tcp) (Security warnings found)
    • snet-sensor-mgmt (10000/tcp) (Security hole found)
    • domain (53/udp) (Security notes found)
    • unknown (32769/tcp) (Security warnings found)
    • sunrpc (111/udp) (Security notes found)
    • unknown (32768/udp) (Security hole found)
    • unknown (32768/tcp) (Security notes found)
    • general/tcp (Security notes found)
    • netbios-ns (137/udp) (Security warnings found)

Warning found on port ssh (22/tcp)

    The remote SSH daemon supports connections made
    using the version 1.33 and/or 1.5 of the SSH protocol.

    These protocols are not completely cryptographically
    safe so they should not be used.

    Solution :
    If you use OpenSSH, set the option 'Protocol' to '2'
    If you use SSH.com's set the option 'Ssh1Compatibility' to 'no'

    Risk factor : Low
    Vulnerability ID : 10882

Information found on port ssh (22/tcp)

    An ssh server is running on this port
    Vulnerability ID : 10330

Information found on port ssh (22/tcp)

    Remote SSH version : SSH-1.99-OpenSSH_3.4p1
    Vulnerability ID : 10267

Information found on port ssh (22/tcp)

    The remote SSH daemon supports the following versions of the
    SSH protocol :

    . 1.33
    . 1.5
    . 1.99
    . 2.0

    Vulnerability ID : 10881

Information found on port ftp (21/tcp)

    An FTP server is running on this port.
    Here is its banner :
    220 FTP server (Version wu-2.6.2-8) ready.
    Vulnerability ID : 10330

Information found on port ftp (21/tcp)

    Remote FTP server banner :
    220 FTP server (Version wu-2.6.2-8) ready.
    Vulnerability ID : 10092

Vulnerability found on port smtp (25/tcp)


    smrsh (supplied by Sendmail) is designed to prevent the execution of
    commands outside of the restricted environment. However, when commands
    are entered using either double pipes (||) or a mixture of dot
    and slash characters, a user may be able to bypass the checks
    performed by smrsh. This can lead to the execution of commands
    outside of the restricted environment.

    Solution : upgrade to the latest version of Sendmail (or at least 8.12.8).
    Risk factor : Medium
    CVE : CAN-2002-1165
    BID : 5845
    Vulnerability ID : 11321

Information found on port smtp (25/tcp)

    An SMTP server is running on this port
    Here is its banner :
    220 ns1.s.com ESMTP Sendmail 8.12.8/8.12.5; Wed, 19 Mar 2003 23:29:24 -0500
    Vulnerability ID : 10330

Information found on port smtp (25/tcp)

    Remote SMTP server banner :
    220 ns1.s.com ESMTP Sendmail 8.12.8/8.12.5; Wed, 19 Mar 2003 23:30:12 -0500



    This is probably: Sendmail version 8.12.8

    Vulnerability ID : 10263

Information found on port smtp (25/tcp)

    For some reason, we could not send the EICAR test string to this MTA
    Vulnerability ID : 11034

Vulnerability found on port domain (53/tcp)


    The remote BIND 9 server, according to its
    version number, is vulnerable to a buffer
    overflow which may allow an attacker to
    gain a shell on this host or to disable
    this server.


    Solution : upgrade to bind 9.2.2 or downgrade to the 8.x series
    See also : http://www.isc.org/products/BIND/bind9.html
    Risk factor : High
    Vulnerability ID : 11318

Warning found on port domain (53/tcp)


    The remote name server allows DNS zone transfers to be performed.
    This information is of great use to an attacker who may use it
    to gain information about the topology of your network and spot new
    targets.

    Solution: Restrict DNS zone transfers to only the servers that absolutely
    need it.

    Risk factor : Medium
    CVE : CAN-1999-0532
    Vulnerability ID : 10595

Warning found on port domain (53/tcp)


    The remote name server allows recursive queries to be performed
    by the host running Vulnerabilityd.

    If this is your internal nameserver, then forget this warning.

    If you are probing a remote nameserver, then it allows anyone
    to use it to resolve third parties names (such as www.Vulnerability.org).
    This allows hackers to do cache poisoning attacks against this
    nameserver.

    See also : http://www.cert.org/advisories/CA-1997-22.html

    Solution : Restrict recursive queries to the hosts that should
    use this nameserver (such as those of the LAN connected to it).
    If you are using bind 8, you can do this by using the instruction
    'allow-recursion' in the 'options' section of your named.conf

    If you are using another name server, consult its documentation.

    Risk factor : Serious
    CVE : CVE-1999-0024
    BID : 678
    Vulnerability ID : 10539

Information found on port domain (53/tcp)

    The remote bind version is : 9.2.1
    Vulnerability ID : 10028

Information found on port domain (53/tcp)


    A DNS server is running on this port. If you
    do not use it, disable it.

    Risk factor : Low
    Vulnerability ID : 11002

Vulnerability found on port http (80/tcp)

    MacOS X creates a hidden file, '.DS_Store' in each directory that has been viewed with the 'Finder'. This file
    contains a list of the contents of the directory, giving an attacker information on the structure and contents of your website.

    Solution: Use a <FilesMatch> directive in httpd.conf to forbid retrieval of this file:

    <FilesMatch '^\.[Dd][Ss]_[Ss]'>
    Order allow, deny
    Deny from all
    </FilesMatch>

    and restart Apache.

    Risk factor : Medium / High (depending on the sensitivity of your web content)

    References:

    www.macintouch.com/mosxreaderreports46.html

    BID : 3316
    Vulnerability ID : 10756

Warning found on port http (80/tcp)


    Your webserver supports the TRACE and/or TRACK methods. It has been
    shown that servers supporting this method are subject
    to cross-site-scripting attacks, dubbed XST for
    'Cross-Site-Tracing', when used in conjunction with
    various weaknesses in browsers.

    An attacker may use this flaw to trick your
    legitimate web users to give him their
    credentials.

    Solution: Disable these methods.


    If you are using Apache, add the following lines for each virtual
    host in your configuration file :

    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]

    If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
    requests or to permit only the methods needed to meet site requirements
    and policy.



    See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
    http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html

    Risk factor : Medium
    Vulnerability ID : 11213

Warning found on port http (80/tcp)

    ht://Dig's configuration file is located at: /etc/

    CVE : CAN-2000-1191
    Vulnerability ID : 10385

Information found on port http (80/tcp)

    A web server is running on this port
    Vulnerability ID : 10330

Information found on port http (80/tcp)

    The following directories were discovered:
    /catalog, /cgi-bin, /error, /icons, /manual, /store, /usage
    Vulnerability ID : 11032

Information found on port http (80/tcp)

    The remote web server type is :

    Apache/2.0.40 (Red Hat Linux)


    Solution : You can set the directive 'ServerTokens Prod' to limit
    the information emanating from the server in its response headers.
    Vulnerability ID : 10107

Information found on port sunrpc (111/tcp)


    The RPC portmapper is running on this port.

    An attacker may use it to enumerate your list
    of RPC services. We recommand you filter traffic
    going to this port.

    Risk factor : Low
    CVE : CAN-1999-0632, CVE-1999-0189
    BID : 205
    Vulnerability ID : 10223

Information found on port sunrpc (111/tcp)

    RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
    Vulnerability ID : 11111

Information found on port pop3 (110/tcp)

    A pop3 server is running on this port
    Vulnerability ID : 10330

Information found on port pop3 (110/tcp)


    The remote POP3 servers leaks information about the software it is running,
    through the login banner. This may assist an attacker in choosing an attack
    strategy.

    Versions and types should be omitted where possible.

    Solution: Change the login banner to something generic.

    Risk factor : Low
    Vulnerability ID : 10185

Information found on port imap (143/tcp)

    An IMAP server is running on this port
    Vulnerability ID : 10330

Vulnerability found on port netbios-ssn (139/tcp)


    The remote Samba server, according to its version number,
    may be vulnerable to a remote buffer overflow when receiving
    specially crafted SMB fragment packets.

    An attacker needs to be able to access at least one
    share to exploit this flaw.

    Solution : upgrade to Samba 2.2.8
    Risk factor : High
    CVE : CAN-2003-0085, CAN-2003-0086
    Vulnerability ID : 11398

Information found on port netbios-ssn (139/tcp)

    The remote native lan manager is : Samba 2.2.7
    The remote Operating System is : Unix
    The remote SMB Domain Name is : S

    Vulnerability ID : 10785

Information found on port smux (199/tcp)

    A SNMP Multiplexer (smux) seems to be running on this port
    Vulnerability ID : 10330

Vulnerability found on port https (443/tcp)

    MacOS X creates a hidden file, '.DS_Store' in each directory that has been viewed with the 'Finder'. This file contains a list of the contents of the directory, giving an attacker information on the structure and contents of your website.

    Solution: Use a <FilesMatch> directive in httpd.conf to forbid retrieval of this file:

    <FilesMatch '^\.[Dd][Ss]_[Ss]'>
    Order allow, deny
    Deny from all
    </FilesMatch>

    and restart Apache.

    Risk factor : Medium / High (depending on the sensitivity of your web content)

    References:

    www.macintouch.com/mosxreaderreports46.html

    BID : 3316
    Vulnerability ID : 10756

Warning found on port https (443/tcp)


    Your webserver supports the TRACE and/or TRACK methods. It has been
    shown that servers supporting this method are subject
    to cross-site-scripting attacks, dubbed XST for
    'Cross-Site-Tracing', when used in conjunction with
    various weaknesses in browsers.

    An attacker may use this flaw to trick your
    legitimate web users to give him their
    credentials.

    Solution: Disable these methods.


    If you are using Apache, add the following lines for each virtual
    host in your configuration file :

    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]

    If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
    requests or to permit only the methods needed to meet site requirements
    and policy.



    See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
    http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html

    Risk factor : Medium
    Vulnerability ID : 11213

Warning found on port https (443/tcp)

    ht://Dig's configuration file is located at: /etc/

    CVE : CAN-2000-1191
    Vulnerability ID : 10385

Information found on port https (443/tcp)

    A web server is running on this port
    Vulnerability ID : 10330

Information found on port https (443/tcp)

    The following directories were discovered:
    /catalog, /cgi-bin, /error, /icons, /manual, /store, /usage
    Vulnerability ID : 11032

Information found on port https (443/tcp)

    The remote web server type is :

    Apache/2.0.40 (Red Hat Linux)


    Solution : You can set the directive 'ServerTokens Prod' to limit
    the information emanating from the server in its response headers.
    Vulnerability ID : 10107

Information found on port printer (515/tcp)

    An unknown server is running on this port.
    If you know what it is, please send this banner to the Vulnerability team:
    00: 01 6e 6f 20 63 6f 6e 6e 65 63 74 20 70 65 72 6d .no connect perm
    10: 69 73 73 69 6f 6e 73 0a issions.


    Vulnerability ID : 11154

Warning found on port pop3s (995/tcp)

    The SSLv2 server offers 3 strong ciphers, but also
    0 medium strength and 2 weak "export class" ciphers.
    The weak/medium ciphers may be chosen by an export-grade
    or badly configured client software. They only offer a
    limited protection against a brute force attack

    Solution: disable those ciphers and upgrade your client
    software if necessary
    Vulnerability ID : 10863

Information found on port pop3s (995/tcp)

    A TLSv1 server answered on this port

    Vulnerability ID : 10330

Information found on port pop3s (995/tcp)

    A pop3 server is running on this port
    Vulnerability ID : 10330

Information found on port pop3s (995/tcp)


    The remote POP3 servers leaks information about the software it is running,
    through the login banner. This may assist an attacker in choosing an attack
    strategy.

    Versions and types should be omitted where possible.

    Solution: Change the login banner to something generic.

    Risk factor : Low
    Vulnerability ID : 10185

Information found on port pop3s (995/tcp)

    Here is the SSLv2 server certificate:
    Certificate:
    Data:
    Version: 3 (0x2)
    Serial Number: 0 (0x0)
    Signature Algorithm: md5WithRSAEncryption
    Issuer: C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=localhost.localdomain/Email=root@localhost.localdomain
    Validity
    Not Before: Oct 2 19:19:57 2002 GMT
    Not After : Oct 2 19:19:57 2003 GMT
    Subject: C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=localhost.localdomain/Email=root@localhost.localdomain
    Subject Public Key Info:
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (1024 bit)
    Modulus (1024 bit):
    00:d7:e0:a5:64:f9:99:cc:d2:11:92:4c:14:33:6e:
    1e:ec:7b:37:5c:a4:b7:9c:f2:5d:dd:3c:22:22:b3:
    91:8a:9a:b9:91:eb:90:3f:c8:a7:6c:74:37:21:2e:
    42:53:2d:47:ea:42:d2:1f:81:3e:f8:7e:56:9c:33:
    04:2c:b1:c6:9f:32:3d:a2:b8:ea:4a:26:60:db:8e:
    ca:10:b2:db:f9:7f:5d:a2:ce:2b:70:ea:14:1a:ac:

Information found on port pop3s (995/tcp)

    Here is the list of available SSLv2 ciphers:
    RC4-MD5
    EXP-RC4-MD5
    RC2-CBC-MD5
    EXP-RC2-CBC-MD5
    DES-CBC3-MD5
    Vulnerability ID : 10863

Information found on port pop3s (995/tcp)

    This TLSv1 server also accepts SSLv2 connections.
    This TLSv1 server also accepts SSLv3 connections.

    Vulnerability ID : 10863

Warning found on port imaps (993/tcp)

    The SSLv2 server offers 3 strong ciphers, but also
    0 medium strength and 2 weak "export class" ciphers.
    The weak/medium ciphers may be chosen by an export-grade
    or badly configured client software. They only offer a
    limited protection against a brute force attack

    Solution: disable those ciphers and upgrade your client
    software if necessary
    Vulnerability ID : 10863

Information found on port imaps (993/tcp)

    A TLSv1 server answered on this port

    Vulnerability ID : 10330

Information found on port imaps (993/tcp)

    An IMAP server is running on this port through SSL
    Vulnerability ID : 10330

Information found on port imaps (993/tcp)

    Here is the SSLv2 server certificate:
    Certificate:
    Data:
    Version: 3 (0x2)
    Serial Number: 0 (0x0)
    Signature Algorithm: md5WithRSAEncryption
    Issuer: C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=localhost.localdomain/Email=root@localhost.localdomain
    Validity
    Not Before: Oct 2 19:19:56 2002 GMT
    Not After : Oct 2 19:19:56 2003 GMT
    Subject: C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=localhost.localdomain/Email=root@localhost.localdomain
    Subject Public Key Info:
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (1024 bit)
    Modulus (1024 bit):
    00:bf:6d:81:f1:f4:81:af:13:16:0e:2c:2b:17:44:
    f5:2f:58:bd:d7:05:df:54:fe:d0:d8:cd:d4:d8:ea:
    00:05:a7:25:27:22:34:4a:81:09:89:1e:52:4c:e7:
    4e:21:8c:ac:a2:37:3f:31:34:b8:d3:5f:20:fb:69:
    52:b8:8d:ed:8a:b4:f4:31:17
    Exponent: 65537 (0x10001)
    X509v3 extensions:
    X509v3 Subject Key Identifier:
    D0:D1:60:81:EC:63:3F:33:11:AE:24:04:50:46:29:EC:5C:F1:43:1D
    X509v3 Authority Key Identifier:
    keyid:D0:D1:60:81:EC:63:3F:33:11:AE:24:04:50:46:29:EC:5C:F1:43:1D
    DirName:/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/ CN=localhost.localdomain/Email=root@localhost.localdomain
    serial:00

    X509v3 Basic Constraints:
    CA:TRUE
    Signature Algorithm: md5WithRSAEncryption
    35:d4:c1:02:63:ad:72:39:1f:5b:d8:e1:1a:54:d0:0c:77:49:
    8:bf:39:9c:28:f7:98:ac:8f:
    82:ed:20:1d:3f:7a:b5:7b:f6:02:ec:e9:24:c3:75:c1:a9:64:
    21:42:70:0f:42:6b:fb:9c:ad:89:a7:ec:8c:56:34:4f:a1:b9:
    94:b2

    Vulnerability ID : 10863

Information found on port imaps (993/tcp)

    Here is the list of available SSLv2 ciphers:
    RC4-MD5
    EXP-RC4-MD5
    RC2-CBC-MD5
    EXP-RC2-CBC-MD5
    DES-CBC3-MD5
    Vulnerability ID : 10863

Information found on port imaps (993/tcp)

    This TLSv1 server also accepts SSLv2 connections.
    This TLSv1 server also accepts SSLv3 connections.

    Vulnerability ID : 10863

Warning found on port msg (1241/tcp)

    A Vulnerability Daemon is listening on this port.
    Vulnerability ID : 10147

Information found on port msg (1241/tcp)

    A TLSv1 server answered on this port

    Vulnerability ID : 10330

Information found on port msg (1241/tcp)

    Here is the TLSv1 server certificate:
    Certificate:
    Data:
    Version: 3 (0x2)
    Serial Number: 1 (0x1)
    Signature Algorithm: md5WithRSAEncryption
    Issuer: C=US, ST=FL, L=Fort Lauderdale, O=s.com, OU=Certification Authority for ns1.s.com, CN=ns1.s.com/Email=ca@ns1.s.com
    Validity
    Not Before: Mar 16 17:33:40 2003 GMT
    Not After : Mar 15 17:33:40 2004 GMT
    Subject Public Key Info:
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (1024 bit)
    Modulus (1024 bit):
    00:9e:a9:4b:f0:69:dd:79:9f:9c:2e:66:3c:c4:7e:
    a8:18:cd:2b:26:69:e2:7e:a7:94:26:0f:c7:fc:db:
    ff:65:cb:d1:44:e3:9f:75:f3:d1:67:63:59:24:9b:
    7a:b7:bc:36:14:c6:00:34:c3:b0:0c:62:bd:1c:5f:
    47:eb:56:ce:bb:14:2b:ce:be:18:60:4d:45:a4:d7:
    11:3f:bd:77:8e:e7:92:e8:6f:67:c3:0b:71:ab:93:
    5d:1e:ce:94:85:b8:3a:86:e4:57:a2:9e:30:14:b5:
    18:9e:e4:1e:69:d3:d0:63:eb
    Exponent: 65537 (0x10001)
    X509v3 extensions:
    Netscape Cert Type:
    SSL Server
    X509v3 Key Usage:
    Digital Signature, Non Repudiation, Key Encipherment
    Netscape Comment:
    OpenSSL Generated Certificate
    X509v3 Subject Key Identifier:
    60:1A:06:EB:77:8C:CC:EB:5E:99:C5:2D:83:20:7A:A1:CC:E1:E5:0F
    X509v3 Authority Key Identifier:
    keyid:9A:96:70:18:9F:F9:6F:D2:01:66:7D:CA:24:3B:5A:A6:85:D8:8A:98
    serial:00

    X509v3 Subject Alternative Name:
    email:Vulnerabilityd@ns1.s.com
    X509v3 Issuer Alternative Name:
    <EMPTY>

    Signature Algorithm: md5WithRSAEncryption
    3f:28:fc:1c:8a:50:90:75:97:c6:9a:84:58:7e:3d:a3:ae:f6:
    1f:4b:9a:0a:79:11:48:d5:f6:3c:17:4e:52:3f:7c:db:95:73:
    f3:2d:c1:34:74:8c:db:ca:25:1e:7c:48:9a:8f:8e:56:0f:b5:
    25:86:4c:0c:0a:e3:bd:94:9f:ec:92:2a:66:38:d4:3f:59:f0:
    f4:98:df:c6:df:84:ff:8f:af:bb:11:88:14:a9:cd:26:37:ca:
    d3:ed:55:1e:57:c7:bc:91:c0:a7:a7:fa:92:28:04:66:72:09:
    26:fa

    Vulnerability ID : 10863

Information found on port msg (1241/tcp)

    This TLSv1 server does not accept SSLv2 connections.
    This TLSv1 server does not accept SSLv3 connections.

    Vulnerability ID : 10863

Information found on port mysql (3306/tcp)

    An unknown service is running on this port.
    It is usually reserved for MySQL
    Vulnerability ID : 10330

Warning found on port vnc-http-1 (5801/tcp)


    The remote server is running VNC.
    VNC permits a console to be displayed remotely.

    Solution: Disable VNC access from the network by
    using a firewall, or stop VNC service if not needed.

    Risk factor : Medium
    Vulnerability ID : 10758

Information found on port vnc-http-1 (5801/tcp)

    A web server is running on this port
    Vulnerability ID : 10330

Warning found on port vnc-1 (5901/tcp)


    The remote server is running VNC.
    VNC permits a console to be displayed remotely.

    Solution: Disable VNC access from the network by
    using a firewall, or stop VNC service if not needed.

    Risk factor : Medium
    Vulnerability ID : 10342

Warning found on port vnc-1 (5901/tcp)

    Version of VNC Protocol is: RFB 003.003

    Vulnerability ID : 10342

Warning found on port x11 (6000/tcp)

    This X server does *not* allow any client to connect to it
    however it is recommended that you filter incoming connections
    to this port as attacker may send garbage data and slow down
    your X session or even kill the server.

    Here is the server version : 11.0
    Here is the message we received : No protocol specified


    Solution : filter incoming connections to ports 6000-6009
    Risk factor : Low
    CVE : CVE-1999-0526
    Vulnerability ID : 10407

Warning found on port X11:1 (6001/tcp)

    This X server does *not* allow any client to connect to it
    however it is recommended that you filter incoming connections
    to this port as attacker may send garbage data and slow down
    your X session or even kill the server.

    Here is the server version : 11.0
    Here is the message we received : Client is not authorized to connect to Server

    Solution : filter incoming connections to ports 6000-6009
    Risk factor : Low
    CVE : CVE-1999-0526
    Vulnerability ID : 10407

Vulnerability found on port snet-sensor-mgmt (10000/tcp)

    The remote HTTP server
    allows an attacker to read arbitrary files
    on the remote web server, simply by adding
    dots in front of its name.

    Example:
    GET /../../winnt/boot.ini

    will return your C:\winnt\boot.ini file.

    Solution : Upgrade your web server to a
    version that solves this vulnerability, or
    consider changing to another web server, such
    as Apache (http://www.apache.org).

    Risk factor : Serious
    CVE : CAN-1999-0776
    BID : 270
    Vulnerability ID : 10010

Warning found on port snet-sensor-mgmt (10000/tcp)


    The remote server is running Webmin.
    Webmin is a web-based interface for system administration for Unix.

    Solution: Stop Webmin service if not needed or configure the access
    See menu [Webmin Configuration][IP Access Control]
    and/or [Webmin Configuration][Port and Address]

    For more info see http://www.webmin.net/
    Risk factor : Medium
    Vulnerability ID : 10757

Information found on port snet-sensor-mgmt (10000/tcp)

    A web server is running on this port
    Vulnerability ID : 10330

Information found on port snet-sensor-mgmt (10000/tcp)


    The remote web servers is [mis]configured in that it
    does not return '404 Not Found' error codes when
    a non-existent file is requested, perhaps returning
    a site map or search page instead.

    Vulnerability enabled some counter measures for that, however
    they might be insufficient. If a great number of security
    holes are produced for this port, they might not all be accurate
    Vulnerability ID : 10386

Information found on port snet-sensor-mgmt (10000/tcp)

    The remote web server type is :

    MiniServ/0.01

    Solution : We recommend that you configure (if possible) your web server to return
    a bogus Server header in order to not leak information.

    Vulnerability ID : 10107

Information found on port domain (53/udp)


    A DNS server is running on this port. If you
    do not use it, disable it.

    Risk factor : Low
    Vulnerability ID : 11002

Warning found on port unknown (32769/tcp)


    The fam RPC service is running.
    Several versions of this service have
    a well-known buffer overflow condition
    that allows intruders to execute
    arbitrary commands as root on this system.


    Solution : disable this service in /etc/inetd.conf
    More information : http://www.nai.com/nai_labs/asp_set/advisory/16_fam_adv.asp
    Risk factor : High
    CVE : CVE-1999-0059
    BID : 353
    Vulnerability ID : 10216

Information found on port unknown (32769/tcp)

    RPC program #391002 version 2 'sgi_fam' (fam) is running on this port
    Vulnerability ID : 11111

Information found on port sunrpc (111/udp)

    RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
    Vulnerability ID : 11111

Vulnerability found on port unknown (32768/udp)


    The remote statd service may be vulnerable
    to a format string attack.

    This means that an attacker may execute arbitrary
    code thanks to a bug in this daemon.

    *** Vulnerability reports this vulnerability using only
    *** information that was gathered. Use caution
    *** when testing without safe checks enabled.

    Solution : upgrade to the latest version of rpc.statd
    Risk factor : High
    CVE : CVE-2000-0666
    BID : 1480
    Vulnerability ID : 10544

Warning found on port unknown (32768/udp)


    The statd RPC service is running.
    This service has a long history of
    security holes, so you should really
    know what you are doing if you decide
    to let it run.

    * NO SECURITY HOLES REGARDING THIS
    PROGRAM HAVE BEEN TESTED, SO
    THIS MIGHT BE A FALSE POSITIVE *

    We suggest that you disable this
    service.


    Risk factor : High
    CVE : CVE-1999-0018, CVE-1999-0019, CVE-1999-0493
    BID : 127, 450
    Vulnerability ID : 10235

Information found on port unknown (32768/udp)

    RPC program #100024 version 1 'status' is running on this port
    Vulnerability ID : 11111

Information found on port unknown (32768/tcp)

    RPC program #100024 version 1 'status' is running on this port
    Vulnerability ID : 11111

Information found on port general/tcp

    Remote OS guess : Linux Kernel 2.4.0 - 2.5.20

    CVE : CAN-1999-0454
    Vulnerability ID : 11268

Warning found on port netbios-ns (137/udp)

    . The following 5 NetBIOS names have been gathered :
    NS1.S.C = This is the computer name registered for workstation services by a WINS client.
    NS1.S.C = Computer name that is registered for the messenger service on a computer that is a WINS client.
    NS1.S.C
    S = Workgroup / Domain name
    S = Workgroup / Domain name (part of the Browser elections)

    . This SMB server seems to be a SAMBA server (this is not a security
    risk, this is for your information). This can be told because this server
    claims to have a null MAC address

    If you do not want to allow everyone to find the NetBios name
    of your computer, you should filter incoming traffic to this port.

    Risk factor : Medium
    CVE : CAN-1999-0621
    Vulnerability ID : 10150

vulnerability assessments


Vulnerability Scanning Solutions, LLC.