|
Security Issues
and Fixes: 151.108.232.232
|
|
Type
|
Port
|
Issue and Fix
|
|
Informational
|
sunrpc (111/tcp)
|
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommand you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632
Nessus ID : 10223
|
|
Informational
|
sunrpc (111/tcp)
|
RPC program #100000 version 4 'portmapper'
(portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111
|
|
Informational
|
sunrpc (111/tcp)
|
RPC program #100000 version 3 'portmapper'
(portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111
|
|
Informational
|
sunrpc (111/tcp)
|
RPC program #100000 version 2 'portmapper'
(portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111
|
|
Warning
|
shell (514/tcp)
|
The rsh service is running.
This service is dangerous in the sense that
it is not ciphered - that is, everyone can sniff
the data that passes between the rsh client
and the rsh server. This includes logins
and passwords.
You should disable this service and use ssh
instead.
Solution : Comment out the 'rsh' line in /etc/inetd.conf.
Risk factor : Low
CVE : CAN-1999-0651
Nessus ID : 10245
|
|
Vulnerability
|
ftp (21/tcp)
|
You seem to be running an FTP server which is vulnerable to
the
'glob heap corruption' flaw.
An attacker may use this problem to execute arbitrary commands on this
host.
*** Nessus relied solely on the banner of the
server to issue this warning,
*** so this alert might be a false positive
Solution : Upgrade your ftp server software to the latest version.
Risk factor : High
CVE : CAN-2001-0249,
CVE-2001-0550
BID : 2550, 3581
Nessus ID : 10821
|
|
Informational
|
ftp (21/tcp)
|
Remote FTP server banner :
220 unknown FTP server (SunOS 5.8) ready.
Nessus ID : 10092
|
|
Warning
|
sometimes-rpc12
(32774/udp)
|
The rquotad RPC service is running.
If you do not use this service, then
disable it as it may become a security
threat in the future, if a vulnerability
is discovered.
Risk factor : Low
CVE : CAN-1999-0625
Nessus ID : 10226
|
|
Informational
|
sometimes-rpc12
(32774/udp)
|
RPC program #100011 version 1 'rquotad'
(rquotaprog quota rquota)
is running on this port
Nessus ID : 11111
|
|
Vulnerability
|
sometimes-rpc18
(32777/udp)
|
The rpc.walld RPC service is running.
Some versions of this server allow an attacker to gain
root access remotely, by consuming the resources of the
remote host then sending a specially formed packet with
format strings to this host.
Solaris 2.5.1, 2.6, 7 and 8 are vulnerable to this
issue. Other operating systems might be affected as well.
*** Nessus did not check for this vulnerability,
*** so this might be a false positive
Solution : Deactivate this service.
Risk factor : High
CVE : CAN-2002-0573
BID : 4639
Nessus ID : 10950
|
|
Warning
|
sometimes-rpc18
(32777/udp)
|
The walld RPC service is running.
It is usually used by the administrator
to tell something to the users of a
network by making a message appear
on their screen.
Since this service lacks any kind
of authentication, an attacker
may use it to trick users into
doing something (change their password,
leave the console, or worse), by sending
a message which would appear to be
written by the administrator.
It can also be used as a denial of service
attack, by continually sending garbage
to the users screens, preventing them
from working properly.
Solution : Deactivate this service.
Risk factor : Medium
CVE : CVE-1999-0181
Nessus ID : 10240
|
|
Informational
|
sometimes-rpc18
(32777/udp)
|
RPC program #100008 version 1 'walld'
(rwall shutdown) is running on this port
Nessus ID : 11111
|
|
Informational
|
sunrpc (111/udp)
|
RPC program #100000 version 4 'portmapper'
(portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111
|
|
Informational
|
sunrpc (111/udp)
|
RPC program #100000 version 3 'portmapper'
(portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111
|
|
Informational
|
sunrpc (111/udp)
|
RPC program #100000 version 2 'portmapper'
(portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111
|
|
Vulnerability
|
sometimes-rpc8
(32772/udp)
|
The remote statd service may be vulnerable
to a format string attack.
This means that an attacker may execute arbitrary
code thanks to a bug in this daemon.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled.
Solution : upgrade to the latest version of rpc.statd
Risk factor : High
CVE : CVE-2000-0666
BID : 1480
Nessus ID : 10544
|
|
Warning
|
sometimes-rpc8
(32772/udp)
|
The statd RPC service is running.
This service has a long history of
security holes, so you should really
know what you are doing if you decide
to let it run.
* NO SECURITY HOLES REGARDING THIS
PROGRAM HAVE BEEN TESTED, SO
THIS MIGHT BE A FALSE POSITIVE *
We suggest that you disable this
service.
Risk factor : High
CVE : CVE-1999-0018,
CVE-1999-0493
BID : 127, 450
Nessus ID : 10235
|
|
Informational
|
sometimes-rpc8
(32772/udp)
|
RPC program #100024 version 1 'status' is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc8
(32772/udp)
|
RPC program #100133 version 1 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc5
(32771/tcp)
|
RPC program #100024 version 1 'status' is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc5
(32771/tcp)
|
RPC program #100133 version 1 is running on this port
Nessus ID : 11111
|
|
Vulnerability
|
sometimes-rpc10
(32773/udp)
|
The sadmin RPC service is running.
There is a bug in Solaris versions of
this service that allow an intruder to
execute arbitrary commands on your system.
Solution : disable this service
Risk factor : High
CVE : CVE-1999-0977
BID : 866
Nessus ID : 10229
|
|
Informational
|
sometimes-rpc10
(32773/udp)
|
RPC program #100232 version 10 'sadmind'
is running on this port
Nessus ID : 11111
|
|
Warning
|
sometimes-rpc14
(32775/udp)
|
The rusersd RPC service is running.
It provides an attacker interesting
information such as how often the
system is being used, the names of
the users, and so on.
It usually not a good idea to leave this
service open.
Risk factor : Low
CVE : CVE-1999-0626
Nessus ID : 10228
|
|
Informational
|
sometimes-rpc14
(32775/udp)
|
RPC program #100002 version 2 'rusersd'
(rusers) is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc14
(32775/udp)
|
RPC program #100002 version 3 'rusersd'
(rusers) is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc14
(32775/udp)
|
Using rusers, we could determine
that the following users are logged in :
- root (console) from :0
Solution : disable this service.
Risk factor : Low
CVE : CVE-1999-0626
Nessus ID : 11058
|
|
Informational
|
sometimes-rpc7
(32772/tcp)
|
RPC program #100002 version 2 'rusersd'
(rusers) is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc7
(32772/tcp)
|
RPC program #100002 version 3 'rusersd'
(rusers) is running on this port
Nessus ID : 11111
|
|
Warning
|
sometimes-rpc16
(32776/udp)
|
The sprayd RPC service is running.
If you do not use this service, then
disable it as it may become a security
threat in the future, if a vulnerability
is discovered.
Risk factor : Low
CVE : CAN-1999-0613
Nessus ID : 10234
|
|
Informational
|
sometimes-rpc16
(32776/udp)
|
RPC program #100012 version 1 'sprayd'
(spray) is running on this port
Nessus ID : 11111
|
|
Warning
|
sometimes-rpc20
(32778/udp)
|
The rstatd RPC service is running.
It provides an attacker interesting
information such as :
- the CPU usage
- the system uptime
- its network usage
- and more
Usually, it is not a good idea to let this
service open
Risk factor : Low
CVE : CAN-1999-0624
Nessus ID : 10227
|
|
Informational
|
sometimes-rpc20
(32778/udp)
|
RPC program #100001 version 2 'rstatd'
(rstat rup perfmeter rstat_svc) is
running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc20
(32778/udp)
|
RPC program #100001 version 3 'rstatd'
(rstat rup perfmeter rstat_svc) is
running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc20
(32778/udp)
|
RPC program #100001 version 4 'rstatd'
(rstat rup perfmeter rstat_svc) is
running on this port
Nessus ID : 11111
|
|
Vulnerability
|
sometimes-rpc9
(32773/tcp)
|
The tooltalk RPC service is running.
An possible implementation fault in the
ToolTalk object database server may allow an
attacker to execute arbitrary commands as
root.
*** This warning may be a false
*** positive since the presence
*** of this vulnerability is only accurately
*** identified with local access.
Solution : Disable this service.
See also : CERT Advisory CA-98.11
Risk factor : High
CVE : CVE-1999-0003,
CVE-1999-0693
BID : 122
Nessus ID : 10239
|
|
Vulnerability
|
sometimes-rpc9
(32773/tcp)
|
The tooltalk RPC service is running.
There is a format string bug in many versions
of this service, which allow an attacker to gain
root remotely.
In addition to this, several versions of this service
allow remote attackers to overwrite abitrary
memory
locations with a zero and possibly gain privileges
via a file descriptor argument in an AUTH_UNIX
procedure call which is used as a table index by the
_TT_ISCLOSE procedure.
*** This warning may be a false positive since the presence
*** of the bug was not verified locally.
Solution : Disable this service or patch it
See also : CERT Advisories CA-2001-27 and CA-2002-20
Risk factor : High
CVE : CAN-2002-0677,
CVE-2001-0717,
CAN-2002-0679
BID : 3382
Nessus ID : 10787
|
|
Informational
|
sometimes-rpc9
(32773/tcp)
|
RPC program #100083 version 1 is running on this port
Nessus ID : 11111
|
|
Vulnerability
|
sometimes-rpc11
(32774/tcp)
|
The Kodak Color Management System service is running.
The KCMS service on Solaris 2.5 could allow a local user
to write to arbitrary files and gain root access.
*** This warning may be a false
*** positive since the presence
*** of the bug has not been tested.
Patches: 107337-02 SunOS 5.7 has been released
and the following should be out soon:
111400-01 SunOS 5.8, 111401-01 SunOS 5.8_x86
Solution : Disable suid, side effects are
minimal.
http://www.eeye.com/html/Research/Advisories/AD20010409.html
http://www.securityfocus.com/bid/2605
See also: http://packetstorm.decepticons.org/advisories/ibm-ers/96-09
Risk factor : High
CVE : CVE-2001-0595
BID : 2605
Nessus ID : 10832
|
|
Informational
|
sometimes-rpc11
(32774/tcp)
|
RPC program #100221 version 1 is running on this port
Nessus ID : 11111
|
|
Vulnerability
|
sometimes-rpc22
(32779/udp)
|
The cmsd RPC service is running.
This service has a long history of
security holes, so you should really
know what you are doing if you decide
to let it run.
* NO SECURITY HOLE REGARDING THIS
PROGRAM HAS BEEN TESTED, SO
THIS MIGHT BE A FALSE POSITIVE *
We suggest that you disable this
service.
Risk factor : High
CVE : CVE-1999-0320,
CVE-1999-0696
BID : 428
Nessus ID : 10213
|
|
Informational
|
sometimes-rpc22
(32779/udp)
|
RPC program #100068 version 2 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc22
(32779/udp)
|
RPC program #100068 version 3 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc22
(32779/udp)
|
RPC program #100068 version 4 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc22
(32779/udp)
|
RPC program #100068 version 5 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc24
(32780/udp)
|
RPC program #100153 version 1 is running on this port
Nessus ID : 11111
|
|
Warning
|
lockd (4045/udp)
|
The nlockmgr RPC service is running.
If you do not use this service, then
disable it as it may become a security
threat in the future, if a vulnerability
is discovered.
Risk factor : Low
CVE : CVE-2000-0508
BID : 1372
Nessus ID : 10220
|
|
Informational
|
lockd (4045/udp)
|
RPC program #100021 version 1 'nlockmgr'
is running on this port
Nessus ID : 11111
|
|
Informational
|
lockd (4045/udp)
|
RPC program #100021 version 2 'nlockmgr'
is running on this port
Nessus ID : 11111
|
|
Informational
|
lockd (4045/udp)
|
RPC program #100021 version 3 'nlockmgr'
is running on this port
Nessus ID : 11111
|
|
Informational
|
lockd (4045/udp)
|
RPC program #100021 version 4 'nlockmgr'
is running on this port
Nessus ID : 11111
|
|
Informational
|
lockd (4045/tcp)
|
RPC program #100021 version 1 'nlockmgr'
is running on this port
Nessus ID : 11111
|
|
Informational
|
lockd (4045/tcp)
|
RPC program #100021 version 2 'nlockmgr'
is running on this port
Nessus ID : 11111
|
|
Informational
|
lockd (4045/tcp)
|
RPC program #100021 version 3 'nlockmgr'
is running on this port
Nessus ID : 11111
|
|
Informational
|
lockd (4045/tcp)
|
RPC program #100021 version 4 'nlockmgr'
is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc28
(32787/udp)
|
RPC program #300598 version 1 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc28
(32787/udp)
|
RPC program #805306368 version 1 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc15
(32776/tcp)
|
RPC program #300598 version 1 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc15
(32776/tcp)
|
RPC program #805306368 version 1 is running on this port
Nessus ID : 11111
|
|
Informational
|
unknown (32788/udp)
|
RPC program #100249 version 1 is running on this port
Nessus ID : 11111
|
|
Vulnerability
|
sometimes-rpc17
(32777/tcp)
|
The remote RPC service 100249 (snmpXdmid) may be
vulnerable
to a heap overflow which allows any user to obtain a root
shell on this host.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled.
Solution : disable this service (/etc/init.d/init.dmi
stop) if you don't use
it, or contact Sun for a patch
Risk factor : High
CVE : CVE-2001-0236
BID : 2417
Nessus ID : 10659
|
|
Informational
|
sometimes-rpc17
(32777/tcp)
|
RPC program #100249 version 1 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc21
(32779/tcp)
|
RPC program #1289637086 version 5 is running on this port
Nessus ID : 11111
|
|
Informational
|
sometimes-rpc21
(32779/tcp)
|
RPC program #1289637086 version 1 is running on this port
Nessus ID : 11111
|
|
Warning
|
daytime (13/tcp)
|
The daytime service is running.
The date format issued by this service
may sometimes help an attacker to guess
the operating system type.
In addition to that, when the UDP version of
daytime is running, an attacker may link it
to the echo port using spoofing, thus creating
a possible denial of service.
Solution : disable this service in /etc/inetd.conf.
Risk factor : Low
CVE : CVE-1999-0103
Nessus ID : 10052
|
|
Warning
|
daytime (13/udp)
|
The daytime service is running.
The date format issued by this service
may sometimes help an attacker to guess
the operating system type.
In addition to that, when the UDP version of
daytime is running, an attacker may link it
to the echo port using spoofing, thus creating
a possible denial of service.
Solution : disable this service in /etc/inetd.conf.
Risk factor : Low
CVE : CVE-1999-0103
Nessus ID : 10052
|
|
Warning
|
discard (9/tcp)
|
The 'discard' port is open. This port is
not of any use nowadays, and may be a source of problems,
Solution : comment out 'discard' in /etc/inetd.conf
Risk factor : Low
CVE : CAN-1999-0636
Nessus ID : 11367
|
|
Informational
|
general/udp
|
For your information, here is the traceroute
to 151.108.232.232 :
151.108.232.232
Nessus ID : 10287
|
|
Vulnerability
|
smtp (25/tcp)
|
smrsh (supplied by Sendmail)
is designed to prevent the execution of
commands outside of the restricted environment. However, when commands
are entered using either double pipes (||) or a mixture of dot
and slash characters, a user may be able to bypass the checks
performed by smrsh. This can lead to the
execution of commands
outside of the restricted environment.
Solution : upgrade to the latest version of Sendmail
(or at least 8.12.8).
Risk factor : Medium
CVE : CAN-2002-1165
BID : 5845
Nessus ID : 11321
|
|
Vulnerability
|
smtp (25/tcp)
|
The remote sendmail server, according to its
version number,
may be vulnerable to a remote buffer overflow allowing remote
users to gain root privileges.
Sendmail versions from 5.79 to 8.12.7 are
vulnerable.
Solution : Upgrade to Sendmail
ver 8.12.8 or greater or
if you cannot upgrade, apply patches for 8.10-12 here:
http://www.sendmail.org/patchcr.html
NOTE: manual patches do not change the version numbers.
Vendors who have released patched versions of sendmail
may still falsely show vunerabilty.
*** Nessus reports this vulnerability using only
*** the banner of the remote SMTP server. Therefore,
*** this might be a false positive.
see http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
http://www.cert.org/advisories/CA-2003-07.html
http://www.kb.cert.org/vuls/id/398025
Risk factor : High
CVE : CAN-2002-1337
BID : 6991
Nessus ID : 11316
|
|
Vulnerability
|
smtp (25/tcp)
|
The remote sendmail server, according to its
version number,
may be vulnerable to a buffer overflow its DNS handling code.
The owner of a malicious name server could use this flaw
to execute arbitrary code on this host.
Solution : Upgrade to Sendmail 8.12.5
Risk factor : High
CVE : CAN-2002-0906
BID : 5122
Nessus ID : 11232
|
|
Vulnerability
|
smtp (25/tcp)
|
The remote sendmail server, according to its
version number,
may be vulnerable to a local privilege escalation vulnerability
when using forward files.
*** Sun did not increase the version number of their sendmail
*** when patching Solaris 7 and 8, so this might be a false
*** positive on these platforms.
An attacker may set up a special .forward file in his
home and send a mail to himself, which will trick sendmail
and will allow him to execute arbitrary commands with
root privileges.
Risk factor : High (local) / None (remote)
BID : 7033
Nessus ID : 11364
|
|
Warning
|
smtp (25/tcp)
|
The remote SMTP server
answers to the EXPN and/or VRFY commands.
The EXPN command can be used to find
the delivery address of mail aliases, or
even the full name of the recipients, and
the VRFY command may be used to check the
validity of an account.
Your mailer should not allow remote users to
use any of these commands, because it gives
them too much information.
Solution : if you are using Sendmail, add the
option
O PrivacyOptions=goaway
in /etc/sendmail.cf.
Risk factor : Low
CVE : CAN-1999-0531
Nessus ID : 10249
|
|
Warning
|
smtp (25/tcp)
|
According to the version number of the remote mail server,
a local user may be able to obtain the complete mail configuration
and other interesting information about the mail queue even if
he is not allowed to access those information directly, by running
sendmail -q -d0-nnnn.xxx
where nnnn & xxx are debugging levels.
If users are not allowed to process the queue (which is the default)
then you are not vulnerable.
Solution : upgrade to the latest version of Sendmail
or
do not allow users to process the queue (RestrictQRun
option)
Risk factor : Very low / none
Note : This vulnerability is _local_ only
CVE : CAN-2001-0715
BID : 3898
Nessus ID : 11088
|
|
Informational
|
smtp (25/tcp)
|
Remote SMTP server banner :
220 unknown ESMTP Sendmail 8.11.7+Sun/8.11.7;
Thu, 24 Apr 2003 09:29:33 -0400 (EDT)
This is probably: Sendmail version 8.11.7+Sun
Nessus ID : 10263
|
|
Informational
|
smtp (25/tcp)
|
Nessus sent several emails containing the EICAR
test strings in them to the postmaster of
the remote SMTP server.
The EICAR test string is a fake virus which
triggers anti-viruses, in order to make sure
they run.
Nessus attempted to e-mail this string five
times,
with different codings each time, in order to
attempt
to fool the remote anti-virus (if any).
If there is an antivirus filter, these messages should
all be blocked.
*** To determine if the remote host is vulnerable, see
*** if any mail arrived to the postmaster of this host
Solution: Install an antivirus / upgrade it
Reference : http://online.securityfocus.com/archive/1/256619
Reference : http://online.securityfocus.com/archive/1/44301
Reference : http://online.securityfocus.com/links/188
Risk factor : Low
Nessus ID : 11034
|
|
Warning
|
x11 (6000/tcp)
|
This X server does *not* allow any client to connect to it
however it is recommended that you filter incoming connections
to this port as attacker may send garbage data and slow down
your X session or even kill the server.
Here is the server version : 11.0
Here is the message we received : Client is not authorized to connect to
Server
Solution : filter incoming connections to ports 6000-6009
Risk factor : Low
CVE : CVE-1999-0526
Nessus ID : 10407
|
|
Warning
|
login (513/tcp)
|
The rlogin service is running.
This service is dangerous in the sense that
it is not ciphered - that is, everyone can sniff
the data that passes between the rlogin client
and the rlogin server. This includes logins
and passwords.
You should disable this service and use openssh
instead
(www.openssh.com)
Solution : Comment out the 'rlogin' line in /etc/inetd.conf.
Risk factor : Low
CVE : CAN-1999-0651
Nessus ID : 10205
|
|
Warning
|
telnet (23/tcp)
|
The Telnet service is running.
This service is dangerous in the sense that
it is not ciphered - that is, everyone can sniff
the data that passes between the telnet client
and the telnet server. This includes logins
and passwords.
You should disable this service and use OpenSSH
instead.
(www.openssh.com)
Solution : Comment out the 'telnet' line in /etc/inetd.conf.
Risk factor : Low
CVE : CAN-1999-0619
Nessus ID : 10280
|
|
Informational
|
telnet (23/tcp)
|
Remote telnet banner :
SunOS 5.8
Nessus ID : 10281
|
|
Warning
|
echo (7/tcp)
|
The 'echo' port is open. This port is
not of any use nowadays, and may be a source of problems,
since it can be used along with other ports to perform a denial
of service. You should really disable this service.
Risk factor : Low
Solution : disable this service
CVE : CVE-1999-0103
Nessus ID : 10061
|
|
Warning
|
echo (7/udp)
|
The 'echo' port is open. This port is
not of any use nowadays, and may be a source of problems,
since it can be used along with other ports to perform a denial
of service. You should really disable this service.
Risk factor : Low
Solution : disable this service
CVE : CVE-1999-0103
Nessus ID : 10061
|
|
Vulnerability
|
snmp (161/udp)
|
SNMP Agent responded as expected with community name: public
CVE : CAN-1999-0517,
CAN-1999-0186,
CAN-1999-0254
BID : 177
Nessus ID : 10264
|
|
Informational
|
snmp (161/udp)
|
Using SNMP, we could determine that the remote operating
system is :
Sun SNMP Agent, Ultra-5_10
Nessus ID : 10800
|
|
Warning
|
xdmcp (177/udp)
|
The remote host is running XDMCP.
This protocol is used to provide X display connections for
X terminals. XDMCP is completely insecure, since the traffic and
passwords are not encrypted.
An attacker may use this flaw to capture all the keystrokes of
the users using this host through their X terminal, including
passwords.
Risk factor : Medium
Solution : Disable XDMCP
Nessus ID : 10891
|
|
Warning
|
finger (79/tcp)
|
The remote finger daemon accepts
to redirect requests. That is, users can perform
requests like :
finger user@host@victim
This allows an attacker to use your computer
as a relay to gather information on another
network, making the other network think you
are making the requests.
Solution: disable your finger daemon (comment out
the finger line in /etc/inetd.conf) or
install a more secure one.
Risk factor : Low
CVE : CAN-1999-0105
Nessus ID : 10073
|
|
Warning
|
finger (79/tcp)
|
The 'finger' service provides useful information
to attackers, since it allow them to gain usernames, check if a machine
is being used, and so on...
Risk factor : Low
Solution : comment out the 'finger' line in /etc/inetd.conf
CVE : CVE-1999-0612
Nessus ID : 10068
|
|
Warning
|
chargen (19/tcp)
|
The chargen service is running.
The 'chargen' service should only be enabled when
testing the machine.
When contacted, chargen responds with some random
characters (something
like all the characters in the alphabet in a row). When contacted via UDP,
it
will respond with a single UDP packet. When contacted via TCP, it will
continue spewing characters until the client closes the connection.
An easy attack is 'pingpong' in which an attacker
spoofs a packet between two
machines running chargen. This will cause them to
spew characters at each
other, slowing the machines down and saturating the network.
Solution : disable this service in /etc/inetd.conf.
Risk factor : Low
CVE : CVE-1999-0103
Nessus ID : 10043
|
|
Warning
|
exec (512/tcp)
|
The rexecd service is open.
Because rexecd does not provide any good
means of authentication, it can be
used by an attacker to scan a third party
host, giving you troubles or bypassing
your firewall.
Solution : comment out the 'exec' line
in /etc/inetd.conf.
Risk factor : Medium
CVE : CAN-1999-0618
Nessus ID : 10203
|
|
Warning
|
general/icmp
|
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the
date which is set on your machine.
This may help him to defeat all your
time based authentication protocols.
Solution : filter out the ICMP timestamp
requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
Nessus ID : 10114
|
|
Vulnerability
|
dtspc (6112/tcp)
|
The 'dtspcd' service is running.
Some versions of this daemon are vulnerable to
a buffer overflow attack which allows an attacker
to gain root privileges
*** This warning might be a false positive,
*** as no real overflow was performed
Solution : See http://www.cert.org/advisories/CA-2001-31.html
to determine if you are vulnerable or deactivate
this service (comment out the line 'dtspc' in
/etc/inetd.conf)
Risk factor : High
CVE : CVE-2001-0803
BID : 3517
Nessus ID : 10833
|
|
Vulnerability
|
font-service
(7100/tcp)
|
The remote X Font Service (xfs) might be
vulnerable to a buffer
overflow.
An attacker may use this flaw to gain root on this host
remotely.
*** Note that Nessus did not actually check for
the flaw
*** as details about this vulnerability are still unknown
Solution : See CERT Advisory CA-2002-34
Risk factor : High
CVE : CAN-2002-1317
Nessus ID : 11188
|