|
Security Issues
and Fixes: 151.108.233.116
|
|
Type
|
Port
|
Issue and Fix
|
|
Informational
|
sunrpc (111/tcp)
|
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommand you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632
Nessus ID : 10223
|
|
Informational
|
sunrpc (111/tcp)
|
RPC program #100000 version 4 'portmapper'
(portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111
|
|
Informational
|
sunrpc (111/tcp)
|
RPC program #100000 version 3 'portmapper'
(portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111
|
|
Informational
|
sunrpc (111/tcp)
|
RPC program #100000 version 2 'portmapper'
(portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111
|
|
Informational
|
ftp (21/tcp)
|
Remote FTP server banner :
220 unknown FTP server ready.
Nessus ID : 10092
|
|
Warning
|
shell (514/tcp)
|
The rsh service is running.
This service is dangerous in the sense that
it is not ciphered - that is, everyone can sniff
the data that passes between the rsh client
and the rsh server. This includes logins
and passwords.
You should disable this service and use ssh
instead.
Solution : Comment out the 'rsh'
line in /etc/inetd.conf.
Risk factor : Low
CVE : CAN-1999-0651
Nessus ID : 10245
|
|
Warning
|
ssh (22/tcp)
|
You are running a version of SSH which is older than 3.1.2
and newer or equal to 3.0.0.
There is a vulnerability in this release that may,
under
some circumstances, allow users to authenticate using a
password whereas it is not explicitly listed as a valid
authentication mechanism.
An attacker may use this flaw to attempt to brute force
a password using a dictionary attack (if the passwords
used are weak).
Solution :
Upgrade to version 3.1.2 of SSH which solves this problem.
Risk factor : Low
BID : 4810
Nessus ID : 10965
|
|
Informational
|
ssh (22/tcp)
|
Remote SSH version : SSH-2.0-Sun_SSH_1.0
Nessus ID : 10267
|
|
Informational
|
ssh (22/tcp)
|
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.99
. 2.0
Nessus ID : 10881
|
|
Warning
|
sometimes-rpc20
(32778/udp)
|
The rquotad RPC service is running.
If you do not use this service, then
disable it as it may become a security
threat in the future, if a vulnerability
is discovered.
Risk factor : Low
CVE : CAN-1999-0625
Nessus ID : 10226
|
|
Informational
|
sometimes-rpc20
(32778/udp)
|
RPC program #100011 version 1 'rquotad'
(rquotaprog quota rquota)
is running on this port
Nessus ID : 11111
|
|
Vulnerability
|
sometimes-rpc16
(32776/udp)
|
The rpc.walld RPC service is running.
Some versions of this server allow an attacker to gain
root access remotely, by consuming the resources of the
remote host then sending a specially formed packet with
format strings to this host.
Solaris 2.5.1, 2.6, 7 and 8 are vulnerable to this
issue. Other operating systems might be affected as well.
*** Nessus did not check for this vulnerability,
*** so this might be a false positive
Solution : Deactivate this service.
Risk factor : High
CVE : CAN-2002-0573
BID : 4639
Nessus ID : 10950
|
|
Warning
|
sometimes-rpc16
(32776/udp)
|
The walld RPC service is running.
It is usually used by the administrator
to tell something to the users of a
network by making a message appear
on their screen.
Since this service lacks any kind
of authentication, an attacker
may use it to trick users into
doing something (change their password,
leave the console, or worse), by sending
a message which would appear to be
written by the administrator.
It can also be used as a denial of service
attack, by continually sending garbage
to the users screens, preventing them
from working properly.
Solution : Deactivate this service.
Risk factor : Medium
CVE : CVE-1999-0181
Nessus ID : 10240
|
|
Informational
|
sometimes-rpc16
(32776/udp)
|
RPC program #100008 version 1 'walld'
(rwall shutdown) is running on this port
Nessus ID : 11111
|
|
Informational
|
sunrpc (111/udp)
|
RPC program #100000 version 4 'portmapper'
(portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111
|
|
Informational
|
sunrpc (111/udp)
|
RPC program #100000 version 3 'portmapper'
(portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111
|
|
Informational
|
sunrpc (111/udp)
|
RPC program #100000 version 2 'portmapper'
(portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111
|
|
Vulnerability
|
sometimes-rpc8
(32772/udp)
|
The sadmin RPC service is running.
There is a bug in Solaris versions of
this service that allow an intruder to
execute arbitrary commands on your system.
Solution : disable this service
Risk factor : High
CVE : CVE-1999-0977
BID : 866
Nessus ID : 10229
|
|
Informational
|
sometimes-rpc8
(32772/udp)
|
RPC program #100232 version 10 'sadmind'
is running on this port
Nessus ID : 11111
|
|
Vulnerability
|
sometimes-rpc15
(32776/tcp)
|
The tooltalk RPC service is running.
An possible implementation fault in the
ToolTalk object database server may allow an
attacker to execute arbitrary commands as
root.
*** This warning may be a false
*** positive since the presence
*** of this vulnerability is only accurately
*** identified with local access.
Solution : Disable this service.
See also : CERT Advisory CA-98.11
Risk factor : High
CVE : CVE-1999-0003,
CVE-1999-0693
BID : 122
Nessus ID : 10239
|
|
Vulnerability
|
sometimes-rpc15
(32776/tcp)
|
The tooltalk RPC service is running.
There is a format string bug in many versions
of this service, which allow an attacker to gain
root remotely.
In addition to this, several versions of this service
allow remote attackers to overwrite abitrary
memory
locations with a zero and possibly gain privileges
via a file descriptor argument in an AUTH_UNIX
procedure call which is used as a table index by the
_TT_ISCLOSE procedure.
*** This warning may be a false positive since the presence
*** of the bug was not verified locally.
Solution : Disable this service or patch it
See also : CERT Advisories CA-2001-27 and CA-2002-20
Risk factor : High
CVE : CAN-2002-0677,
CVE-2001-0717,
CAN-2002-0679
BID : 3382
Nessus ID : 10787
|
|
Informational
|
sometimes-rpc15
(32776/tcp)
|
RPC program #100083 version 1 is running on this port
Nessus ID : 11111
|
|
Vulnerability
|
sometimes-rpc17
(32777/tcp)
|
The Kodak Color Management System service is running.
The KCMS service on Solaris 2.5 could allow a local user
to write to arbitrary files and gain root access.
*** This warning may be a false
*** positive since the presence
*** of the bug has not been tested.
Patches: 107337-02 SunOS 5.7 has been released
and the following should be out soon:
111400-01 SunOS 5.8, 111401-01 SunOS 5.8_x86
Solution : Disable suid, side effects are
minimal.
http://www.eeye.com/html/Research/Advisories/AD20010409.html
http://www.securityfocus.com/bid/2605
See also: http://packetstorm.decepticons.org/advisories/ibm-ers/96-09
Risk factor : High
CVE : CVE-2001-0595
BID : 2605
Nessus ID : 10832
|
|
Informational
|
sometimes-rpc17
(32777/tcp)
|
RPC program #100221 version 1 is running on this port
Nessus ID : 11111
|
|
Vulnerability
|
sometimes-rpc10
(32773/udp)
|
The cmsd RPC service is running.
This service has a long history of
security holes, so you should really
know what you are doing if you decide
to let it run.
* NO SECURITY HOLE REGARDING THIS
PROGRAM HAS BEEN TESTED, SO
THIS MIGHT BE A FALSE POSITIVE *
We suggest that you disable this
service.
Risk factor : High
CVE : CVE-1999-0320,
CVE-1999-0696
BID : 428
Nessus ID : 10213
|
|
Informational
|
sometimes-rpc10
(32773/udp)
|
RPC program #100068 version 2 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc10
(32773/udp)
|
RPC program #100068 version 3 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc10
(32773/udp)
|
RPC program #100068 version 4 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc10
(32773/udp)
|
RPC program #100068 version 5 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc19
(32778/tcp)
|
RPC program #100229 version 1 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc21
(32779/tcp)
|
RPC program #100230 version 1 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc23
(32780/tcp)
|
RPC program #100242 version 1 is running on this port
Nessus ID : 11111
|
|
Warning
|
sometimes-rpc12
(32774/udp)
|
The rstatd RPC service is running.
It provides an attacker interesting
information such as :
- the CPU usage
- the system uptime
- its network usage
- and more
Usually, it is not a good idea to let this
service open
Risk factor : Low
CVE : CAN-1999-0624
Nessus ID : 10227
|
|
Informational
|
sometimes-rpc12
(32774/udp)
|
RPC program #100001 version 2 'rstatd'
(rstat rup perfmeter rstat_svc) is
running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc12
(32774/udp)
|
RPC program #100001 version 3 'rstatd'
(rstat rup perfmeter rstat_svc) is
running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc12
(32774/udp)
|
RPC program #100001 version 4 'rstatd'
(rstat rup perfmeter rstat_svc) is
running on this port
Nessus ID : 11111
|
|
Warning
|
sometimes-rpc14
(32775/udp)
|
The rusersd RPC service is running.
It provides an attacker interesting
information such as how often the
system is being used, the names of
the users, and so on.
It usually not a good idea to leave this
service open.
Risk factor : Low
CVE : CVE-1999-0626
Nessus ID : 10228
|
|
Informational
|
sometimes-rpc14
(32775/udp)
|
RPC program #100002 version 2 'rusersd'
(rusers) is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc14
(32775/udp)
|
RPC program #100002 version 3 'rusersd'
(rusers) is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc14
(32775/udp)
|
Using rusers, we could determine
that the following users are logged in :
- root (console) from :0
Solution : disable this service.
Risk factor : Low
CVE : CVE-1999-0626
Nessus ID : 11058
|
|
Informational
|
unknown (32781/tcp)
|
RPC program #100002 version 2 'rusersd'
(rusers) is running on this port
Nessus ID : 11111
|
|
Informational
|
unknown (32781/tcp)
|
RPC program #100002 version 3 'rusersd'
(rusers) is running on this port
Nessus ID : 11111
|
|
Warning
|
sometimes-rpc18
(32777/udp)
|
The sprayd RPC service is running.
If you do not use this service, then
disable it as it may become a security
threat in the future, if a vulnerability
is discovered.
Risk factor : Low
CVE : CAN-1999-0613
Nessus ID : 10234
|
|
Informational
|
sometimes-rpc18
(32777/udp)
|
RPC program #100012 version 1 'sprayd'
(spray) is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc22
(32779/udp)
|
RPC program #100153 version 1 is running on this port
Nessus ID : 11111
|
|
Vulnerability
|
sometimes-rpc24
(32780/udp)
|
The remote statd service may be vulnerable
to a format string attack.
This means that an attacker may execute arbitrary
code thanks to a bug in this daemon.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled.
Solution : upgrade to the latest version of rpc.statd
Risk factor : High
CVE : CVE-2000-0666
BID : 1480
Nessus ID : 10544
|
|
Warning
|
sometimes-rpc24
(32780/udp)
|
The statd RPC service is running.
This service has a long history of
security holes, so you should really
know what you are doing if you decide
to let it run.
* NO SECURITY HOLES REGARDING THIS
PROGRAM HAVE BEEN TESTED, SO
THIS MIGHT BE A FALSE POSITIVE *
We suggest that you disable this
service.
Risk factor : High
CVE : CVE-1999-0018,
CVE-1999-0493
BID : 127, 450
Nessus ID : 10235
|
|
Informational
|
sometimes-rpc24
(32780/udp)
|
RPC program #100024 version 1 'status' is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc24
(32780/udp)
|
RPC program #100133 version 1 is running on this port
Nessus ID : 11111
|
|
Informational
|
unknown (32782/tcp)
|
RPC program #100024 version 1 'status' is running on this port
Nessus ID : 11111
|
|
Informational
|
unknown (32782/tcp)
|
RPC program #100133 version 1 is running on this port
Nessus ID : 11111
|
|
Warning
|
lockd (4045/udp)
|
The nlockmgr RPC service is running.
If you do not use this service, then
disable it as it may become a security
threat in the future, if a vulnerability
is discovered.
Risk factor : Low
CVE : CVE-2000-0508
BID : 1372
Nessus ID : 10220
|
|
Informational
|
lockd (4045/udp)
|
RPC program #100021 version 1 'nlockmgr'
is running on this port
Nessus ID : 11111
|
|
Informational
|
lockd (4045/udp)
|
RPC program #100021 version 2 'nlockmgr'
is running on this port
Nessus ID : 11111
|
|
Informational
|
lockd (4045/udp)
|
RPC program #100021 version 3 'nlockmgr'
is running on this port
Nessus ID : 11111
|
|
Informational
|
lockd (4045/udp)
|
RPC program #100021 version 4 'nlockmgr'
is running on this port
Nessus ID : 11111
|
|
Informational
|
lockd (4045/tcp)
|
RPC program #100021 version 1 'nlockmgr'
is running on this port
Nessus ID : 11111
|
|
Informational
|
lockd (4045/tcp)
|
RPC program #100021 version 2 'nlockmgr'
is running on this port
Nessus ID : |