greenbone security report

advertisement
G REENBONE
S ECURITY R EPORT
Scan Name: 10.85.9.140
Scan Comment:
Scan date: Mon Feb 23 17:54:17 2015 GMT
Hosts Scanned: 1
Report created:
Wed Nov 4 13:51:34 2015 GMT
Report Version:
3.0.2
S ECURITY R EPORT
C ONTENTS
1 Summary
1.1 Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2 Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3
3
3
4
2 Common Vulnerabilities
2.1 Top 10 vulnerabilities - High Severity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2 Top 10 vulnerabilities - Medium Severity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3 Top 10 vulnerabilities - Low Severity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5
5
6
7
3 Vulnerability Overview
3.1 Top 10 vulnerable Hosts . . . . . . . .
3.2 Network Topology . . . . . . . . . . .
3.3 Top 10 vulnerable Operating Systems
3.4 Top 10 vulnerable ports . . . . . . . .
3.5 CVSS distribution for Ports . . . . . .
3.6 Top 10 Applications . . . . . . . . . .
3.7 CVSS distribution for Hosts . . . . . .
3.8 CVSS distribution for Vulnerabilities .
.
.
.
.
.
.
.
.
8
8
8
9
10
10
11
12
12
4 Host Overview
4.1 Hosts by IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.2 Hosts by Severity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.3 Known Hostnames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
13
13
13
13
5 Vulnerability Details
14
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
6 Appendix
39
6.1 Additional Ressources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
2
S ECURITY R EPORT
1 S UMMARY
S CAN
Scan Name:
Start:
Duration:
Hosts Scanned:
Scan Slave:
Scan Interface:
Scan Comment:
10.85.9.140
Mon Feb 23 17:54:17 2015 GMT
44 minutes 24 seconds
1
End:
Mon Feb 23 18:38:41 2015 GMT
R EPORT
Applied Filter:
Overrides:
Notes:
All Hosts:
Text Filter:
Severities:
Timezone:
sort-reverse=severity result_hosts_only=1 min_cvss_base= min_qod= levels=hmlg autofp=0 notes=1 overrides=1 first=1 rows=52 delta_states=gn
2
For this report severity overrides were applied.
2
Notes are included.
2 Only hosts with issues are included.
*
2
High
2
Medium
2
Low
2
Log
2 False Positive
GMT-2 (abbreviated “GMT”)
Report uses Severity Class ’NVD Vulnerability Severity Ratings’:
High
Medium
Low
None
CVSS from 7.0 to 10.0
CVSS from 4.0 to 6.9
CVSS from 0.1 to 3.9
CVSS from 0.0 to 0.0
3
Security Report
Summary
R ESULTS
Results available:
52
Results included in this report:
4
52
S ECURITY R EPORT
2 C OMMON V ULNERABILITIES
TOP 10
VULNERABILITIES
NVT OID
#
- H IGH S EVERITY
Name
5
Security Report
TOP 10
VULNERABILITIES
Common Vulnerabilities
- M EDIUM S EVERITY
NVT OID
1.3.6.1.4.1.25623.1.0.10736
1.3.6.1.4.1.25623.1.0.105925
1.3.6.1.4.1.25623.1.0.902661
#
2
2
1
1.3.6.1.4.1.25623.1.0.804076
1
1.3.6.1.4.1.25623.1.0.804075
1
1.3.6.1.4.1.25623.1.0.804033
1
1.3.6.1.4.1.25623.1.0.802087
1
1.3.6.1.4.1.25623.1.0.105042
1.3.6.1.4.1.25623.1.0.103440
1
1
Name
DCE Services Enumeration
Missing httpOnly Cookie Attribute
Missing Secure Attribute SSL Cookie Information Disclosure Vulnerability
Oracle MySQL Multiple Unspecified vulnerabilities - 05 Jan14 (Windows)
Oracle MySQL Multiple Unspecified vulnerabilities - 04 Jan14 (Windows)
Oracle MySQL Server Component ’Optimizer’ Unspecified vulnerability Oct-2013 (Windows)
POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability
OpenSSL CCS Man in the Middle Security Bypass Vulnerability
Check for SSL Weak Ciphers
6
Security Report
TOP 10
VULNERABILITIES
NVT OID
1.3.6.1.4.1.25623.1.0.80091
Common Vulnerabilities
- L OW S EVERITY
#
1
Name
TCP timestamps
7
S ECURITY R EPORT
3 V ULNERABILITY OVERVIEW
TOP 10
VULNERABLE
H OSTS
N ETWORK TOPOLOGY
8
Security Report
TOP 10
OS
VULNERABLE
Vulnerability Overview
O PERATING S YSTEMS
Name
Microsoft Windows
CPE
cpe:/o:microsoft:windows
9
Systems
1
H
0
M
11
L
1
Security Report
TOP 10
CVSS
Vulnerability Overview
VULNERABLE PORTS
DISTRIBUTION FOR
P ORTS
10
Security Report
Vulnerability Overview
TOP 10 A PPLICATIONS
Application CPE
cpe:/a:apache:http_server:2.4.9
cpe:/a:oracle:mysql:5.1.69-community
Hosts
1
1
11
Occurrences
2
1
Security Report
Vulnerability Overview
CVSS
DISTRIBUTION FOR
H OSTS
CVSS
DISTRIBUTION FOR
V ULNERABILITIES
12
S ECURITY R EPORT
4 H OST OVERVIEW
H OSTS
BY
IP
Host
10.85.9.140
Total: 1
H OSTS
BY
Severity
Medium
H
0
0
M
11
11
L
1
1
G
40
40
FP
0
0
Page
14
-
Severity
Medium
H
0
0
M
11
11
L
1
1
G
40
40
FP
0
0
Page
14
-
S EVERITY
Host
10.85.9.140
Total: 1
K NOWN H OSTNAMES
Hostname information not available.
13
S ECURITY R EPORT
5 V ULNERABILITY D ETAILS
10.85.9.140
Scan started:
Max. Severity:
Open Ports:
OS:
OS CPE:
CPU:
Memory:
Mon Feb 23 17:54:25 2015 GMT
Scan ended: Mon Feb 23 18:38:41 2015 GMT
6.8 (Medium)
443, 10115, 445, 5900, 21, 135, 912, 22222, 27000, 5800, 139, 3389, 3306, 902, 80
Windows 7 Professional 7601 Service Pack 1
cpe:/o:microsoft:windows
unknown
unknown
Detected Products (CPE)
cpe:/a:oracle:mysql:5.1.
69-community
cpe:/a:apache:http_server:2.4.9
Route
10.85.2.11 → 10.85.8.2 → 10.85.9.140
Vulnerabilities
OpenSSL CCS Man in the Middle Security Bypass Vulnerability
Hostname: 10.85.9.140
Protocol: tcp
Port: 443
Severity: 6.8 (Medium)
OID: 1.3.6.1.4.1.25623.1.0.105042
Summary
OpenSSL is prone to security-bypass vulnerability.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-inthe-middle attack. This may lead to other attacks.
Solution
Solution type: VendorFix
Updates are available.
Vulnerability Insight
OpenSSL does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-themiddle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications,
and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the
’CCS Injection’ vulnerability.
Vulnerability Detection Method
14
Security Report
Vulnerability Details
Send two SSL ChangeCipherSpec request and check the response.
References
CVE: CVE-2014-0224
BID: 67899
CERT: CB-K15/0567, CB-K15/0415, CB-K15/0384, CB-K15/0080, CB-K15/0079, CB-K15/0074, CB-K14/1617,
CB-K14/1537, CB-K14/1299, CB-K14/1297, CB-K14/1294, CB-K14/1202, CB-K14/1174, CB-K14/1153,
CB-K14/0876, CB-K14/0756, CB-K14/0746, CB-K14/0736, CB-K14/0722, CB-K14/0716, CB-K14/0708,
CB-K14/0684, CB-K14/0683, CB-K14/0680, DFN-CERT-2015-0593, DFN-CERT-2015-0427, DFN-CERT2015-0396, DFN-CERT-2015-0082, DFN-CERT-2015-0079, DFN-CERT-2015-0078, DFN-CERT-2014-1717,
DFN-CERT-2014-1632, DFN-CERT-2014-1364, DFN-CERT-2014-1357, DFN-CERT-2014-1350, DFN-CERT2014-1265, DFN-CERT-2014-1209, DFN-CERT-2014-0917, DFN-CERT-2014-0789, DFN-CERT-2014-0778,
DFN-CERT-2014-0768, DFN-CERT-2014-0752, DFN-CERT-2014-0747, DFN-CERT-2014-0738, DFN-CERT2014-0715, DFN-CERT-2014-0714, DFN-CERT-2014-0709
Other:
http://www.securityfocus.com/bid/67899,
http://openssl.org/
Missing Secure Attribute SSL Cookie Information Disclosure
Vulnerability
Hostname: 10.85.9.140
Protocol: tcp
Port: 443
Severity: 6.4 (Medium)
OID: 1.3.6.1.4.1.25623.1.0.902661
Summary
The host is running a server with SSL and is prone to information disclosure vulnerability.
Vulnerability Detection Result
The cookies:
Set-Cookie: c_lang=
Set-Cookie: passwd=
Set-Cookie: user=
are missing the secure attribute.
Vulnerability Insight
The flaw is due to SSL cookie is not using ’secure’ attribute, which allows cookie to be passed to the server
by the client over non-secure channels (http) and allows attacker to conduct session hijacking attacks.
remote systems.
Impact Level: Application
References
Other:
http://www.ietf.org/rfc/rfc2965.txt,
https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)
Missing httpOnly Cookie Attribute
Hostname: 10.85.9.140
Protocol: tcp
Severity: 5.0 (Medium)
Port: 80
Summary
15
OID: 1.3.6.1.4.1.25623.1.0.105925
Security Report
Vulnerability Details
The application is missing the ’httpOnly’ cookie attribute
Vulnerability Detection Result
The cookies:
Set-Cookie: c_lang=
Set-Cookie: passwd=
Set-Cookie: user=
are missing the httpOnly attribute.
Impact
Application
Solution
Solution type: Mitigation
Set the ’httpOnly’ attribute for any session cookies.
Vulnerability Insight
The flaw is due to a cookie is not using the ’httpOnly’ attribute. This allows a cookie to be accessed by
JavaScript which could lead to session hijacking attacks.
Vulnerability Detection Method
Check all cookies sent by the application for a missing ’httpOnly’ attribute
References
Other:
https://www.owasp.org/index.php/HttpOnly,
https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OTG-SESS-002)
DCE Services Enumeration
Hostname: 10.85.9.140
Protocol: tcp
Severity: 5.0 (Medium)
Port: 135
OID: 1.3.6.1.4.1.25623.1.0.10736
Summary
Distributed Computing Environment (DCE) services running on the remote host can be enumerated by
connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge about the remote host.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Solution
filter incoming traffic to this port.
DCE Services Enumeration
Hostname: 10.85.9.140
Protocol: tcp
Severity: 5.0 (Medium)
Port: 135
Summary
16
OID: 1.3.6.1.4.1.25623.1.0.10736
Security Report
Vulnerability Details
Distributed Computing Environment (DCE) services running on the remote host can be enumerated by
connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge about the remote host.
Vulnerability Detection Result
Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Here is the list of DCE services running on this host:
Port: 49152/tcp
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49152]
Port: 49153/tcp
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49153]
Annotation: Event log TCPIP
UUID: 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49153]
Annotation: NRP server endpoint
UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49153]
Annotation: DHCPv6 Client LRPC Endpoint
UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49153]
Annotation: DHCP Client LRPC Endpoint
UUID: 06bba54a-be05-49f9-b0a0-30f790261023, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49153]
Annotation: Security Center
Port: 49154/tcp
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49154]
UUID: a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49154]
Annotation: IKE/Authip API
UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1
17
Security Report
Vulnerability Details
Endpoint: ncacn_ip_tcp:10.85.9.140[49154]
Annotation: IP Transition Configuration endpoint
UUID: 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49154]
Annotation: XactSrv service
UUID: 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49154]
UUID: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49154]
Annotation: Impl friendly name
UUID: 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49154]
Annotation: AppInfo
UUID: 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49154]
Annotation: AppInfo
UUID: fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49154]
Annotation: AppInfo
UUID: 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49154]
Annotation: AppInfo
UUID: 8c7daf44-b6dc-11d1-9a4c-0020af6e7c57, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49154]
Port: 49171/tcp
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49171]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access
Port: 49189/tcp
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
Endpoint: ncacn_ip_tcp:10.85.9.140[49189]
Port: 49190/tcp
UUID: 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49190]
Annotation: Remote Fw APIs
18
Security Report
Vulnerability Details
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
Endpoint: ncacn_ip_tcp:10.85.9.140[49190]
Annotation: IPSec Policy agent endpoint
Named pipe : spoolss
Win32 service or process : spoolsv.exe
Description : Spooler service
Solution : filter incoming traffic to this port(s).
Solution
filter incoming traffic to this port.
Missing httpOnly Cookie Attribute
Hostname: 10.85.9.140
Protocol: tcp
Severity: 5.0 (Medium)
Port: 443
OID: 1.3.6.1.4.1.25623.1.0.105925
Summary
The application is missing the ’httpOnly’ cookie attribute
Vulnerability Detection Result
The cookies:
Set-Cookie: c_lang=
Set-Cookie: passwd=
Set-Cookie: user=
are missing the httpOnly attribute.
Impact
Application
Solution
Solution type: Mitigation
Set the ’httpOnly’ attribute for any session cookies.
Vulnerability Insight
The flaw is due to a cookie is not using the ’httpOnly’ attribute. This allows a cookie to be accessed by
JavaScript which could lead to session hijacking attacks.
Vulnerability Detection Method
Check all cookies sent by the application for a missing ’httpOnly’ attribute
References
Other:
https://www.owasp.org/index.php/HttpOnly,
https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OTG-SESS-002)
19
Security Report
Check for SSL Weak Ciphers
Hostname: 10.85.9.140
Protocol: tcp
Vulnerability Details
Severity: 4.3 (Medium)
Port: 443
OID: 1.3.6.1.4.1.25623.1.0.103440
Summary
This routine search for weak SSL ciphers offered by a service.
Vulnerability Detection Result
Weak ciphers offered by this service:
SSL3_RSA_RC4_128_MD5
SSL3_RSA_RC4_128_SHA
SSL3_RSA_DES_64_CBC_SHA
SSL3_EDH_RSA_DES_64_CBC_SHA
SSL3_RSA_WITH_SEED_SHA
SSL3_ECDHE_RSA_WITH_RC4_128_SHA
TLS1_RSA_RC4_128_MD5
TLS1_RSA_RC4_128_SHA
TLS1_RSA_DES_64_CBC_SHA
TLS1_EDH_RSA_DES_64_CBC_SHA
TLS1_ECDHE_RSA_WITH_RC4_128_SHA
Solution
The configuration of this services should be changed so that it does not support the listed weak ciphers
anymore.
Vulnerability Insight
These rules are applied for the evaluation of the cryptographic strength:
- Any SSL/TLS using no cipher is considered weak.
- All SSLv2 ciphers are considered weak due to a design flaw within the SSLv2 protocol.
- RC4 is considered to be weak.
- Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore considered
as weak.
- 1024 bit RSA authentication is considered to be insecure and therefore as weak.
- CBC ciphers in TLS < 1.2 are considered to be vulnerable to the BEAST or Lucky 13 attacks
- Any cipher considered to be secure for only the next 10 years is considered as medium
- Any other cipher is considered as strong
POODLE SSLv3 Protocol CBC ciphers Information Disclosure
Vulnerability
Hostname: 10.85.9.140
Protocol: tcp
Port: 443
Severity: 4.3 (Medium)
OID: 1.3.6.1.4.1.25623.1.0.802087
Summary
This host is installed with OpenSSL and is prone to information disclosure vulnerability.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation will allow a man-in-the-middle attackers gain access to the plain text data stream.
20
Security Report
Vulnerability Details
Impact Level: Application
Solution
Vendor released a patch to address this vulnerabiliy, For updates contact vendor or refer to https://www.openssl.org
NOTE: The only correct way to fix POODLE is to disable SSL v3.0
Vulnerability Insight
The flaw is due to the block cipher padding not being deterministic and not covered by the Message Authentication Code
Vulnerability Detection Method
Send a SSLv3 request and check the response.
References
CVE: CVE-2014-3566
BID: 70574
CERT: CB-K15/1514, CB-K15/1358, CB-K15/1021, CB-K15/0972, CB-K15/0525, CB-K15/0393, CB-K15/0384,
CB-K15/0287, CB-K15/0252, CB-K15/0246, CB-K15/0237, CB-K15/0118, CB-K15/0110, CB-K15/0108,
CB-K15/0080, CB-K15/0078, CB-K15/0077, CB-K15/0075, CB-K14/1617, CB-K14/1581, CB-K14/1537,
CB-K14/1479, CB-K14/1458, CB-K14/1342, CB-K14/1314, CB-K14/1313, CB-K14/1311, CB-K14/1304, CBK14/1296, DFN-CERT-2015-1431, DFN-CERT-2015-1075, DFN-CERT-2015-1026, DFN-CERT-2015-0664,
DFN-CERT-2015-0548, DFN-CERT-2015-0404, DFN-CERT-2015-0396, DFN-CERT-2015-0259, DFN-CERT2015-0254, DFN-CERT-2015-0245, DFN-CERT-2015-0118, DFN-CERT-2015-0114, DFN-CERT-2015-0083,
DFN-CERT-2015-0082, DFN-CERT-2015-0081, DFN-CERT-2015-0076, DFN-CERT-2014-1717, DFN-CERT2014-1680, DFN-CERT-2014-1632, DFN-CERT-2014-1564, DFN-CERT-2014-1542, DFN-CERT-2014-1414,
DFN-CERT-2014-1366, DFN-CERT-2014-1354
Other:
http://osvdb.com/113251,
https://www.openssl.org//ssl-poodle.pdf,
https://www.imperialviolet.org/2014/10/14/poodle.html,
https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html,
http://googleonlinesecurity.blogspot.in/2014/10/this-poodle-bites-exploiting-ssl-30.html
Oracle MySQL Server Component ’Optimizer’ Unspecified
vulnerability Oct-2013 (Windows)
Hostname: 10.85.9.140
Protocol: tcp
Port: 3306
Severity: 4.0 (Medium)
OID: 1.3.6.1.4.1.25623.1.0.804033
Summary
This host is running Oracle MySQL and is prone to unspecified vulnerability.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation will allow remote attackers to disclose sensitive information, manipulate certain data,
cause a DoS (Denial of Service) and bypass certain security restrictions.
Impact Level: Application
Solution
Solution type: VendorFix
21
Security Report
Vulnerability Details
Apply the patch from below link, http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
Vulnerability Insight
Unspecified error in the MySQL Server component via unknown vectors related to Optimizer.
Vulnerability Detection Method
Get the installed version of MySQL with the help of detect NVT and check it is vulnerable or not.
Product Detection Result
Product: cpe:/a:oracle:mysql:5.1.69-community
Method: MySQL/MariaDB Detection
(OID: 1.3.6.1.4.1.25623.1.0.100152)
References
CVE: CVE-2013-3839
BID: 63109
CERT: CB-K14/0187, CB-K13/1072, CB-K13/0840, CB-K13/0806, CB-K13/0789, DFN-CERT-2014-0190,
DFN-CERT-2013-2099, DFN-CERT-2013-1846, DFN-CERT-2013-1815, DFN-CERT-2013-1795
Other:
http://www.osvdb.com/98508,
http://secunia.com/advisories/55327,
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
Oracle MySQL Multiple Unspecified vulnerabilities - 04 Jan14
(Windows)
Hostname: 10.85.9.140
Protocol: tcp
Port: 3306
Severity: 4.0 (Medium)
OID: 1.3.6.1.4.1.25623.1.0.804075
Summary
This host is running Oracle MySQL and is prone to multiple unspecified vulnerabilities.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation will allow attackers to manipulate certain data and cause a DoS (Denial of Service).
Impact Level: Application
Solution
Solution type: VendorFix
Apply the patch from below link, http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
Vulnerability Insight
Unspecified errors in the MySQL Server component via unknown vectors related to InnoDB, Optimizer, Error
Handling, and some unknow vectors.
Vulnerability Detection Method
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
Product Detection Result
22
Security Report
Vulnerability Details
Product: cpe:/a:oracle:mysql:5.1.69-community
Method: MySQL/MariaDB Detection
(OID: 1.3.6.1.4.1.25623.1.0.100152)
References
CVE: CVE-2014-0401, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908
BID: 64898, 64880, 64849, 64896
CERT: CB-K15/1518, CB-K14/0710, CB-K14/0187, CB-K14/0177, CB-K14/0082, CB-K14/0074, CB-K14/0055,
DFN-CERT-2015-1604, DFN-CERT-2014-0742, DFN-CERT-2014-0190, DFN-CERT-2014-0180, DFN-CERT2014-0085, DFN-CERT-2014-0074, DFN-CERT-2014-0048
Other:
http://www.osvdb.com/102071,
http://secunia.com/advisories/56491,
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
Oracle MySQL Multiple Unspecified vulnerabilities - 05 Jan14
(Windows)
Hostname: 10.85.9.140
Protocol: tcp
Port: 3306
Severity: 4.0 (Medium)
OID: 1.3.6.1.4.1.25623.1.0.804076
Summary
This host is running Oracle MySQL and is prone to multiple unspecified vulnerabilities.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
Impact
Successful exploitation will allow attackers to manipulate certain data and cause a DoS (Denial of Service).
Impact Level: Application
Solution
Solution type: VendorFix
Apply the patch from below link, http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
Vulnerability Insight
Unspecified errors in the MySQL Server component via unknown vectors related to Optimizer, InnoDB, and
Locking.
Vulnerability Detection Method
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
Product Detection Result
Product: cpe:/a:oracle:mysql:5.1.69-community
Method: MySQL/MariaDB Detection
(OID: 1.3.6.1.4.1.25623.1.0.100152)
References
CVE: CVE-2014-0386, CVE-2014-0393, CVE-2014-0402
BID: 64904, 64877, 64908
23
Security Report
Vulnerability Details
CERT: CB-K14/0710, CB-K14/0187, CB-K14/0177, CB-K14/0082, CB-K14/0074, CB-K14/0055, DFN-CERT2014-0742, DFN-CERT-2014-0190, DFN-CERT-2014-0180, DFN-CERT-2014-0085, DFN-CERT-2014-0074,
DFN-CERT-2014-0048
Other:
http://www.osvdb.com/102069,
http://secunia.com/advisories/56491,
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
TCP timestamps
Hostname: 10.85.9.140
Protocol: tcp
Severity: 2.6 (Low)
Port: general
OID: 1.3.6.1.4.1.25623.1.0.80091
Summary
The remote host implements TCP timestamps and therefore allows to compute the uptime.
Vulnerability Detection Result
It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Paket 1: 99919077
Paket 2: 99919198
Impact
A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Solution
To disable TCP timestamps on linux add the line ’net.ipv4.tcp_timestamps = 0’ to /etc/sysctl.conf. Execute
’sysctl -p’ to apply the settings at runtime.
To disable TCP timestamps on Windows execute ’netsh int tcp set global timestamps=disabled’
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is, to not use the Timestamp options when
initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in
their synchronize (SYN) segment.
See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152
Vulnerability Insight
The remote host implements TCP timestamps, as defined by RFC1323.
Vulnerability Detection Method
Special IP packets are forged and sent with a little delay in between to the target IP. The responses are
searched for a timestamps. If found, the timestamps are reported.
References
Other:
http://www.ietf.org/rfc/rfc1323.txt
OS fingerprinting
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: general
Summary
24
OID: 1.3.6.1.4.1.25623.1.0.102002
Security Report
Vulnerability Details
This script performs ICMP based OS fingerprinting (as described by Ofir Arkin and Fyodor Yarochkin in
Phrack #57). It can be used to determine remote operating system version.
Vulnerability Detection Result
ICMP based OS fingerprint results: (83% confidence)
Microsoft Windows
References
Other:
http://www.phrack.org/issues.html?issue=57&id=7#article
ICMP Timestamp Detection
Hostname: 10.85.9.140
Protocol: icmp
Severity: 0.0 (Log)
Port: general
OID: 1.3.6.1.4.1.25623.1.0.103190
Summary
The remote host responded to an ICMP timestamp request. The Timestamp Reply is an ICMP message
which replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the
Timestamp as well as a receive timestamp and a transmit timestamp. This information could theoretically be
used to exploit weak time-based random number generators in other services.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
References
CVE: CVE-1999-0524
CERT: CB-K15/1514, CB-K14/0632, DFN-CERT-2014-0658
Other:
http://www.ietf.org/rfc/rfc0792.txt
Checks for open udp ports
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: general
OID: 1.3.6.1.4.1.25623.1.0.103978
Summary
Collects all open UDP ports of the UDP ports identified so far.
Vulnerability Detection Result
Open UDP ports: [None found]
Traceroute
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: general
OID: 1.3.6.1.4.1.25623.1.0.51662
Summary
A traceroute from the scanning server to the target system was conducted. This traceroute is provided
primarily for informational value only. In the vast majority of cases, it does not represent a vulnerability.
However, if the displayed traceroute contains any private addresses that should not have been publicly
25
Security Report
Vulnerability Details
visible, then you have an issue you need to correct.
Vulnerability Detection Result
Here is the route from 10.85.2.11 to 10.85.9.140:
10.85.2.11
10.85.8.2
10.85.9.140
Solution
Block unwanted packets from escaping your network.
Microsoft SMB Signing Disabled
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: general
OID: 1.3.6.1.4.1.25623.1.0.802726
Summary
Checking for SMB signing is disabled.
The script logs in via smb, checks the SMB Negotiate Protocol response to confirm SMB signing is disabled.
Vulnerability Detection Result
SMB signing is disabled on this host
CPE Inventory
Hostname: 10.85.9.140
Protocol: CPE-T
Severity: 0.0 (Log)
Port: general
OID: 1.3.6.1.4.1.25623.1.0.810002
Summary
This routine uses information collected by other routines about CPE identities (http://cpe.mitre.org/) of
operating systems, services and applications detected during the scan.
Vulnerability Detection Result
10.85.9.140|cpe:/a:apache:http_server:2.4.9
10.85.9.140|cpe:/a:oracle:mysql:5.1.69-community
10.85.9.140|cpe:/o:microsoft:windows
Checks for open tcp ports
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: general
OID: 1.3.6.1.4.1.25623.1.0.900239
Summary
Collects all open tcp ports of the tcp ports identified so far.
Vulnerability Detection Result
Open TCP ports: 443, 10115, 445, 5900, 21, 135, 912, 22222, 27000, 5800, 139, 3389, 3306, 902, 80
26
Security Report
Vulnerability Details
FTP Banner Detection
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 21
OID: 1.3.6.1.4.1.25623.1.0.10092
Summary
This Plugin detects the FTP Server Banner
Vulnerability Detection Result
Remote FTP server banner :
220-SlimFTPd 3.181, by WhitSoft Development (www.whitsoftdev.com)
Services
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 21
OID: 1.3.6.1.4.1.25623.1.0.10330
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a
web server which could listen on another port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
An FTP server is running on this port.
Here is its banner :
220-SlimFTPd 3.181, by WhitSoft Development (www.whitsoftdev.com)
HTTP Server type and version
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 80
OID: 1.3.6.1.4.1.25623.1.0.10107
Summary
This detects the HTTP Server’s type and version.
Vulnerability Detection Result
The remote web server type is :
Apache/2.4.9 (Win32) OpenSSL/1.0.1g
Solution : You can set the directive ’ServerTokens Prod’ to limit
the information emanating from the server in its response headers.
Solution
Configure your server to use an alternate name like ’Wintendo httpD w/Dotmatrix display’ Be sure to remove
common logos like apache_pb.gif. With Apache, you can set the directive ’ServerTokens Prod’ to limit the
information emanating from the server in its response headers.
Services
Severity: 0.0 (Log)
27
Security Report
Hostname: 10.85.9.140
Protocol: tcp
Vulnerability Details
Port: 80
OID: 1.3.6.1.4.1.25623.1.0.10330
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a
web server which could listen on another port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
A web server is running on this port
Web mirroring
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 80
OID: 1.3.6.1.4.1.25623.1.0.10662
Summary
This script makes a mirror of the remote web site and extracts the list of CGIs that are used by the remote
host.
It is suggested you allow a long-enough timeout value for this test routine and also adjust the setting on the
number of pages to mirror.
Vulnerability Detection Result
The following CGI have been discovered :
Syntax : cginame (arguments [default value])
. (wohin [9007] c_lang [1] passwd [adhoc] user [adhoc] )
Directory Scanner
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 80
OID: 1.3.6.1.4.1.25623.1.0.11032
Summary
This plugin attempts to determine the presence of various common dirs on the remote web server
Vulnerability Detection Result
The following directories were discovered:
/Install, /config, /log, /Log, /css, /data, /design, /files, /ftp, /images, /img, /install, /js, /lib, /mysql, /software,
/temp
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
References
Other:
OWASP:OWASP-CM-006
Apache Web Server Version Detection
Severity: 0.0 (Log)
28
Security Report
Hostname: 10.85.9.140
Protocol: tcp
Vulnerability Details
Port: 80
OID: 1.3.6.1.4.1.25623.1.0.900498
Summary
Detection of installed version of Apache Web Server
The script detects the version of Apache HTTP Server on remote host and sets the KB.
Vulnerability Detection Result
Detected Apache
Version: 2.4.9
Location: 80/tcp
CPE: cpe:/a:apache:http_server:2.4.9
Concluded from version identification result:
Server: Apache/2.4.9
SMB on port 445
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 139
OID: 1.3.6.1.4.1.25623.1.0.11011
Summary
This script detects wether port 445 and 139 are open and if thet are running SMB servers.
Vulnerability Detection Result
An SMB server is running on this port
HTTP Server type and version
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 443
OID: 1.3.6.1.4.1.25623.1.0.10107
Summary
This detects the HTTP Server’s type and version.
Vulnerability Detection Result
The remote web server type is :
Apache/2.4.9 (Win32) OpenSSL/1.0.1g
Solution : You can set the directive ’ServerTokens Prod’ to limit
the information emanating from the server in its response headers.
Solution
Configure your server to use an alternate name like ’Wintendo httpD w/Dotmatrix display’ Be sure to remove
common logos like apache_pb.gif. With Apache, you can set the directive ’ServerTokens Prod’ to limit the
information emanating from the server in its response headers.
29
Security Report
Vulnerability Details
SSL Certificate - Self-Signed Certificate Detection
Hostname: 10.85.9.140
Protocol: tcp
Port: 443
Severity: 0.0 (Log)
OID: 1.3.6.1.4.1.25623.1.0.103140
Summary
The SSL certificate on this port is self-signed.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
References
Other:
http://en.wikipedia.org/wiki/Self-signed_certificate
Services
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 443
OID: 1.3.6.1.4.1.25623.1.0.10330
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a
web server which could listen on another port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
A TLScustom server answered on this port
Services
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 443
OID: 1.3.6.1.4.1.25623.1.0.10330
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a
web server which could listen on another port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
A web server is running on this port through SSL
Web mirroring
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 443
OID: 1.3.6.1.4.1.25623.1.0.10662
Summary
This script makes a mirror of the remote web site and extracts the list of CGIs that are used by the remote
host.
It is suggested you allow a long-enough timeout value for this test routine and also adjust the setting on the
number of pages to mirror.
Vulnerability Detection Result
The following CGI have been discovered :
30
Security Report
Vulnerability Details
Syntax : cginame (arguments [default value])
. (wohin [9007] user [adhoc] passwd [adhoc] )
Directory Scanner
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 443
OID: 1.3.6.1.4.1.25623.1.0.11032
Summary
This plugin attempts to determine the presence of various common dirs on the remote web server
Vulnerability Detection Result
The following directories were discovered:
/Install, /config, /log, /Log, /css, /data, /design, /files, /ftp, /images, /img, /install, /js, /lib, /mysql, /software,
/temp
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
References
Other:
OWASP:OWASP-CM-006
Check for SSL Ciphers
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 443
Summary
This routine search for SSL ciphers offered by a service.
Vulnerability Detection Result
Service does not support SSLv2 Ciphers.
Service supports SSLv3 ciphers.
Service supports TLSv1 ciphers.
Medium ciphers offered by this service:
SSL3_RSA_DES_192_CBC3_SHA
SSL3_EDH_RSA_DES_192_CBC3_SHA
SSL3_DHE_RSA_WITH_AES_128_SHA
SSL3_RSA_WITH_CAMELLIA_128_CBC_SHA
SSL3_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
SSL3_RSA_WITH_CAMELLIA_256_CBC_SHA
SSL3_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
SSL3_DHE_RSA_WITH_SEED_SHA
SSL3_ECDHE_RSA_WITH_DES_192_CBC3_SHA
SSL3_ECDHE_RSA_WITH_AES_128_CBC_SHA
31
OID: 1.3.6.1.4.1.25623.1.0.802067
Security Report
Vulnerability Details
SSL3_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS1_RSA_DES_192_CBC3_SHA
TLS1_EDH_RSA_DES_192_CBC3_SHA
TLS1_DHE_RSA_WITH_AES_128_SHA
TLS1_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS1_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS1_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS1_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS1_RSA_WITH_SEED_SHA
TLS1_DHE_RSA_WITH_SEED_SHA
TLS1_ECDHE_RSA_WITH_DES_192_CBC3_SHA
TLS1_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS1_ECDHE_RSA_WITH_AES_256_CBC_SHA
Weak ciphers offered by this service:
SSL3_RSA_RC4_128_MD5
SSL3_RSA_RC4_128_SHA
SSL3_RSA_DES_64_CBC_SHA
SSL3_EDH_RSA_DES_64_CBC_SHA
SSL3_RSA_WITH_SEED_SHA
SSL3_ECDHE_RSA_WITH_RC4_128_SHA
TLS1_RSA_RC4_128_MD5
TLS1_RSA_RC4_128_SHA
TLS1_RSA_DES_64_CBC_SHA
TLS1_EDH_RSA_DES_64_CBC_SHA
TLS1_ECDHE_RSA_WITH_RC4_128_SHA
No non-ciphers are supported by this service
Apache Web Server Version Detection
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 443
OID: 1.3.6.1.4.1.25623.1.0.900498
Summary
Detection of installed version of Apache Web Server
The script detects the version of Apache HTTP Server on remote host and sets the KB.
Vulnerability Detection Result
Detected Apache
Version: 2.4.9
Location: 443/tcp
CPE: cpe:/a:apache:http_server:2.4.9
Concluded from version identification result:
Server: Apache/2.4.9
Check for SSL Medium Ciphers
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 443
32
OID: 1.3.6.1.4.1.25623.1.0.902816
Security Report
Vulnerability Details
Summary
This Plugin reports about SSL Medium Ciphers.
Vulnerability Detection Result
Medium ciphers offered by this service:
SSL3_RSA_DES_192_CBC3_SHA
SSL3_EDH_RSA_DES_192_CBC3_SHA
SSL3_DHE_RSA_WITH_AES_128_SHA
SSL3_RSA_WITH_CAMELLIA_128_CBC_SHA
SSL3_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
SSL3_RSA_WITH_CAMELLIA_256_CBC_SHA
SSL3_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
SSL3_DHE_RSA_WITH_SEED_SHA
SSL3_ECDHE_RSA_WITH_DES_192_CBC3_SHA
SSL3_ECDHE_RSA_WITH_AES_128_CBC_SHA
SSL3_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS1_RSA_DES_192_CBC3_SHA
TLS1_EDH_RSA_DES_192_CBC3_SHA
TLS1_DHE_RSA_WITH_AES_128_SHA
TLS1_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS1_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS1_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS1_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS1_RSA_WITH_SEED_SHA
TLS1_DHE_RSA_WITH_SEED_SHA
TLS1_ECDHE_RSA_WITH_DES_192_CBC3_SHA
TLS1_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS1_ECDHE_RSA_WITH_AES_256_CBC_SHA
SMB NativeLanMan
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 445
OID: 1.3.6.1.4.1.25623.1.0.102011
Summary
It is possible to extract OS, domain and SMB server information from the Session Setup AndX Response
packet which is generated during NTLM authentication.
Vulnerability Detection Result
Summary:
It is possible to extract OS, domain and SMB server information
from the Session Setup AndX Response packet which is generated
during NTLM authentication.Detected SMB workgroup: WORKGROUP
Detected SMB server: Windows 7 Professional 6.1
Detected OS: Windows 7 Professional 7601 Service Pack 1
SMB on port 445
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 445
33
OID: 1.3.6.1.4.1.25623.1.0.11011
Security Report
Vulnerability Details
Summary
This script detects wether port 445 and 139 are open and if thet are running SMB servers.
Vulnerability Detection Result
A CIFS server is running on this port
Services
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 902
OID: 1.3.6.1.4.1.25623.1.0.10330
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a
web server which could listen on another port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
A VMWare authentication daemon is running on this port:
220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC , , NFCSSL supported/t
VMware ESX/GSX Server detection
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 902
OID: 1.3.6.1.4.1.25623.1.0.20301
Summary
The remote host appears to be running VMware ESX or GSX Server.
Description :
According to its banner, the remote host appears to be running a VMWare server authentication daemon,
which likely indicates the remote host is running VMware ESX or GSX Server.
Vulnerability Detection Result
Vulnerability was detected according to the Vulnerability Detection Method.
References
Other:
http://www.vmware.com/
Services
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 912
OID: 1.3.6.1.4.1.25623.1.0.10330
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a
web server which could listen on another port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
A VMWare authentication daemon is running on this port:
220 VMware Authentication Daemon Version 1.0, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC ,
34
Security Report
Vulnerability Details
,
MySQL/MariaDB Detection
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 3306
OID: 1.3.6.1.4.1.25623.1.0.100152
Summary
Detection of installed version of MySQL/MariaDB.
Detect a running MySQL/MariaDB by getting the banner, Extract the version from the banner and store the
information in KB
Vulnerability Detection Result
Detected MySQL
Version: 5.1.69-community
Location: 3306/tcp
CPE: cpe:/a:oracle:mysql:5.1.69-community
Concluded from version identification result:
5.1.69-community À[U+009F] ()5lFV[J ÿ÷ >:H<0|DyX,pp
Services
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 3306
OID: 1.3.6.1.4.1.25623.1.0.10330
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a
web server which could listen on another port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
An unknown service is running on this port.
It is usually reserved for MySQL
Database Open Access Vulnerability
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 3306
OID: 1.3.6.1.4.1.25623.1.0.902799
Summary
The host is running a Database server and is prone to information disclosure vulnerability.
Vulnerability Detection Result
MySQL can be accessed by remote attackers
Impact
Successful exploitation could allow an attacker to obtain the sensitive information of the database. Impact
Level: Application
35
Security Report
Vulnerability Details
Vulnerability Insight
Do not restricting direct access of databases to the remote systems.
References
Other:
https://www.pcisecuritystandards.org/security_standards/index.php?id=pci_dss_v1-2.pdf
Services
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 3389
OID: 1.3.6.1.4.1.25623.1.0.10330
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a
web server which could listen on another port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
A TLScustom server answered on this port
Identify unknown services with nmap
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 3389
OID: 1.3.6.1.4.1.25623.1.0.66286
Summary
This plugin performs service detection by launching nmap’s service probe against ports running unidentified
services.
Description :
This plugin is a complement of find_service.nasl. It launches nmap -sV (probe requests) against ports that
are running unidentified services.
Vulnerability Detection Result
Nmap service detection result for this port: ms-wbt-server
Check for SSL Ciphers
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 3389
Summary
This routine search for SSL ciphers offered by a service.
Vulnerability Detection Result
Service does not support SSLv2 Ciphers.
Service does not support SSLv3 Ciphers.
Service does not support TLSv1 Ciphers.
No medium ciphers are supported by this service
36
OID: 1.3.6.1.4.1.25623.1.0.802067
Security Report
Vulnerability Details
No weak ciphers are supported by this service
No non-ciphers are supported by this service
Services
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 5800
OID: 1.3.6.1.4.1.25623.1.0.10330
Summary
This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a
web server which could listen on another port than 80 and set the results in the plugins knowledge base.
Vulnerability Detection Result
A web server is running on this port
Check for VNC
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 5900
OID: 1.3.6.1.4.1.25623.1.0.10342
Summary
The remote host is running a remote display software (VNC)
Description :
The remote server is running VNC, a software which permits a console to be displayed remotely.
This allows authenticated users of the remote host to take its control remotely.
Vulnerability Detection Result
Summary:
The remote host is running a remote display software (VNC)
Description :
The remote server is running VNC, a software which permits a
console to be displayed remotely.
This allows authenticated users of the remote host to take its
control remotely.
Solution:
Make sure the use of this software is done in accordance with your
corporate security policy, filter incoming traffic to this port.
Plugin output :
The version of the VNC protocol is : RFB 003.008
Solution
Make sure the use of this software is done in accordance with your corporate security policy, filter incoming
traffic to this port.
37
Security Report
Vulnerability Details
VNC security types
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 5900
OID: 1.3.6.1.4.1.25623.1.0.19288
Summary
This script checks the remote VNC protocol version and the available ’security types’.
Vulnerability Detection Result
The remote VNC server supports those security types:
+ 17 (Ultra)
+ 2 (VNC authentication)
Identify unknown services with nmap
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 10115
OID: 1.3.6.1.4.1.25623.1.0.66286
Summary
This plugin performs service detection by launching nmap’s service probe against ports running unidentified
services.
Description :
This plugin is a complement of find_service.nasl. It launches nmap -sV (probe requests) against ports that
are running unidentified services.
Vulnerability Detection Result
Nmap service detection result for this port: netiq-endpt
This is a guess. A confident identification of the service was not possible.
Identify unknown services with nmap
Hostname: 10.85.9.140
Protocol: tcp
Severity: 0.0 (Log)
Port: 27000
OID: 1.3.6.1.4.1.25623.1.0.66286
Summary
This plugin performs service detection by launching nmap’s service probe against ports running unidentified
services.
Description :
This plugin is a complement of find_service.nasl. It launches nmap -sV (probe requests) against ports that
are running unidentified services.
Vulnerability Detection Result
Nmap service detection result for this port: flexlm
38
S ECURITY R EPORT
6 A PPENDIX
A DDITIONAL R ESSOURCES
CVE L OOKUP
Common Vulnerabilities and Exposure (CVE) identifiers can be used to uniquely identify common names for
publicly known information security vulnerabilities.
Inside Greenbone Security Manager you can review CVE details via the SecInfo Management where you
can also lookup any CVE directly.
The SecInfo Management carries a copy of the official CVE Dictionary:
http://cve.mitre.org/cve/cve.html
You can also directly look up a CVE-ID by adding it as the name parameter to the following URL:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
For example: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250
CPE L OOKUP
Common Platform Enumeration (CPE) is a structured naming scheme for information technology systems,
platforms, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE
includes a formal name format, a language for describing complex platforms, a method for checking names
against a system, and a description format for binding text and tests to a name.
Inside Greenbone Security Manager you can review CPE details via the SecInfo Management where you
can also lookup any CPE directly.
The SecInfo Management carries a copy of the official CPE Dictionary:
http://nvd.nist.gov/cpe.cfm
39
Download