G REENBONE S ECURITY R EPORT Scan Name: 10.85.9.140 Scan Comment: Scan date: Mon Feb 23 17:54:17 2015 GMT Hosts Scanned: 1 Report created: Wed Nov 4 13:51:34 2015 GMT Report Version: 3.0.2 S ECURITY R EPORT C ONTENTS 1 Summary 1.1 Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3 3 4 2 Common Vulnerabilities 2.1 Top 10 vulnerabilities - High Severity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.2 Top 10 vulnerabilities - Medium Severity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.3 Top 10 vulnerabilities - Low Severity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 5 6 7 3 Vulnerability Overview 3.1 Top 10 vulnerable Hosts . . . . . . . . 3.2 Network Topology . . . . . . . . . . . 3.3 Top 10 vulnerable Operating Systems 3.4 Top 10 vulnerable ports . . . . . . . . 3.5 CVSS distribution for Ports . . . . . . 3.6 Top 10 Applications . . . . . . . . . . 3.7 CVSS distribution for Hosts . . . . . . 3.8 CVSS distribution for Vulnerabilities . . . . . . . . . 8 8 8 9 10 10 11 12 12 4 Host Overview 4.1 Hosts by IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2 Hosts by Severity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3 Known Hostnames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 13 13 13 5 Vulnerability Details 14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Appendix 39 6.1 Additional Ressources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 2 S ECURITY R EPORT 1 S UMMARY S CAN Scan Name: Start: Duration: Hosts Scanned: Scan Slave: Scan Interface: Scan Comment: 10.85.9.140 Mon Feb 23 17:54:17 2015 GMT 44 minutes 24 seconds 1 End: Mon Feb 23 18:38:41 2015 GMT R EPORT Applied Filter: Overrides: Notes: All Hosts: Text Filter: Severities: Timezone: sort-reverse=severity result_hosts_only=1 min_cvss_base= min_qod= levels=hmlg autofp=0 notes=1 overrides=1 first=1 rows=52 delta_states=gn 2 For this report severity overrides were applied. 2 Notes are included. 2 Only hosts with issues are included. * 2 High 2 Medium 2 Low 2 Log 2 False Positive GMT-2 (abbreviated “GMT”) Report uses Severity Class ’NVD Vulnerability Severity Ratings’: High Medium Low None CVSS from 7.0 to 10.0 CVSS from 4.0 to 6.9 CVSS from 0.1 to 3.9 CVSS from 0.0 to 0.0 3 Security Report Summary R ESULTS Results available: 52 Results included in this report: 4 52 S ECURITY R EPORT 2 C OMMON V ULNERABILITIES TOP 10 VULNERABILITIES NVT OID # - H IGH S EVERITY Name 5 Security Report TOP 10 VULNERABILITIES Common Vulnerabilities - M EDIUM S EVERITY NVT OID 1.3.6.1.4.1.25623.1.0.10736 1.3.6.1.4.1.25623.1.0.105925 1.3.6.1.4.1.25623.1.0.902661 # 2 2 1 1.3.6.1.4.1.25623.1.0.804076 1 1.3.6.1.4.1.25623.1.0.804075 1 1.3.6.1.4.1.25623.1.0.804033 1 1.3.6.1.4.1.25623.1.0.802087 1 1.3.6.1.4.1.25623.1.0.105042 1.3.6.1.4.1.25623.1.0.103440 1 1 Name DCE Services Enumeration Missing httpOnly Cookie Attribute Missing Secure Attribute SSL Cookie Information Disclosure Vulnerability Oracle MySQL Multiple Unspecified vulnerabilities - 05 Jan14 (Windows) Oracle MySQL Multiple Unspecified vulnerabilities - 04 Jan14 (Windows) Oracle MySQL Server Component ’Optimizer’ Unspecified vulnerability Oct-2013 (Windows) POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability OpenSSL CCS Man in the Middle Security Bypass Vulnerability Check for SSL Weak Ciphers 6 Security Report TOP 10 VULNERABILITIES NVT OID 1.3.6.1.4.1.25623.1.0.80091 Common Vulnerabilities - L OW S EVERITY # 1 Name TCP timestamps 7 S ECURITY R EPORT 3 V ULNERABILITY OVERVIEW TOP 10 VULNERABLE H OSTS N ETWORK TOPOLOGY 8 Security Report TOP 10 OS VULNERABLE Vulnerability Overview O PERATING S YSTEMS Name Microsoft Windows CPE cpe:/o:microsoft:windows 9 Systems 1 H 0 M 11 L 1 Security Report TOP 10 CVSS Vulnerability Overview VULNERABLE PORTS DISTRIBUTION FOR P ORTS 10 Security Report Vulnerability Overview TOP 10 A PPLICATIONS Application CPE cpe:/a:apache:http_server:2.4.9 cpe:/a:oracle:mysql:5.1.69-community Hosts 1 1 11 Occurrences 2 1 Security Report Vulnerability Overview CVSS DISTRIBUTION FOR H OSTS CVSS DISTRIBUTION FOR V ULNERABILITIES 12 S ECURITY R EPORT 4 H OST OVERVIEW H OSTS BY IP Host 10.85.9.140 Total: 1 H OSTS BY Severity Medium H 0 0 M 11 11 L 1 1 G 40 40 FP 0 0 Page 14 - Severity Medium H 0 0 M 11 11 L 1 1 G 40 40 FP 0 0 Page 14 - S EVERITY Host 10.85.9.140 Total: 1 K NOWN H OSTNAMES Hostname information not available. 13 S ECURITY R EPORT 5 V ULNERABILITY D ETAILS 10.85.9.140 Scan started: Max. Severity: Open Ports: OS: OS CPE: CPU: Memory: Mon Feb 23 17:54:25 2015 GMT Scan ended: Mon Feb 23 18:38:41 2015 GMT 6.8 (Medium) 443, 10115, 445, 5900, 21, 135, 912, 22222, 27000, 5800, 139, 3389, 3306, 902, 80 Windows 7 Professional 7601 Service Pack 1 cpe:/o:microsoft:windows unknown unknown Detected Products (CPE) cpe:/a:oracle:mysql:5.1. 69-community cpe:/a:apache:http_server:2.4.9 Route 10.85.2.11 → 10.85.8.2 → 10.85.9.140 Vulnerabilities OpenSSL CCS Man in the Middle Security Bypass Vulnerability Hostname: 10.85.9.140 Protocol: tcp Port: 443 Severity: 6.8 (Medium) OID: 1.3.6.1.4.1.25623.1.0.105042 Summary OpenSSL is prone to security-bypass vulnerability. Vulnerability Detection Result Vulnerability was detected according to the Vulnerability Detection Method. Impact Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-inthe-middle attack. This may lead to other attacks. Solution Solution type: VendorFix Updates are available. Vulnerability Insight OpenSSL does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-themiddle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the ’CCS Injection’ vulnerability. Vulnerability Detection Method 14 Security Report Vulnerability Details Send two SSL ChangeCipherSpec request and check the response. References CVE: CVE-2014-0224 BID: 67899 CERT: CB-K15/0567, CB-K15/0415, CB-K15/0384, CB-K15/0080, CB-K15/0079, CB-K15/0074, CB-K14/1617, CB-K14/1537, CB-K14/1299, CB-K14/1297, CB-K14/1294, CB-K14/1202, CB-K14/1174, CB-K14/1153, CB-K14/0876, CB-K14/0756, CB-K14/0746, CB-K14/0736, CB-K14/0722, CB-K14/0716, CB-K14/0708, CB-K14/0684, CB-K14/0683, CB-K14/0680, DFN-CERT-2015-0593, DFN-CERT-2015-0427, DFN-CERT2015-0396, DFN-CERT-2015-0082, DFN-CERT-2015-0079, DFN-CERT-2015-0078, DFN-CERT-2014-1717, DFN-CERT-2014-1632, DFN-CERT-2014-1364, DFN-CERT-2014-1357, DFN-CERT-2014-1350, DFN-CERT2014-1265, DFN-CERT-2014-1209, DFN-CERT-2014-0917, DFN-CERT-2014-0789, DFN-CERT-2014-0778, DFN-CERT-2014-0768, DFN-CERT-2014-0752, DFN-CERT-2014-0747, DFN-CERT-2014-0738, DFN-CERT2014-0715, DFN-CERT-2014-0714, DFN-CERT-2014-0709 Other: http://www.securityfocus.com/bid/67899, http://openssl.org/ Missing Secure Attribute SSL Cookie Information Disclosure Vulnerability Hostname: 10.85.9.140 Protocol: tcp Port: 443 Severity: 6.4 (Medium) OID: 1.3.6.1.4.1.25623.1.0.902661 Summary The host is running a server with SSL and is prone to information disclosure vulnerability. Vulnerability Detection Result The cookies: Set-Cookie: c_lang= Set-Cookie: passwd= Set-Cookie: user= are missing the secure attribute. Vulnerability Insight The flaw is due to SSL cookie is not using ’secure’ attribute, which allows cookie to be passed to the server by the client over non-secure channels (http) and allows attacker to conduct session hijacking attacks. remote systems. Impact Level: Application References Other: http://www.ietf.org/rfc/rfc2965.txt, https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002) Missing httpOnly Cookie Attribute Hostname: 10.85.9.140 Protocol: tcp Severity: 5.0 (Medium) Port: 80 Summary 15 OID: 1.3.6.1.4.1.25623.1.0.105925 Security Report Vulnerability Details The application is missing the ’httpOnly’ cookie attribute Vulnerability Detection Result The cookies: Set-Cookie: c_lang= Set-Cookie: passwd= Set-Cookie: user= are missing the httpOnly attribute. Impact Application Solution Solution type: Mitigation Set the ’httpOnly’ attribute for any session cookies. Vulnerability Insight The flaw is due to a cookie is not using the ’httpOnly’ attribute. This allows a cookie to be accessed by JavaScript which could lead to session hijacking attacks. Vulnerability Detection Method Check all cookies sent by the application for a missing ’httpOnly’ attribute References Other: https://www.owasp.org/index.php/HttpOnly, https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OTG-SESS-002) DCE Services Enumeration Hostname: 10.85.9.140 Protocol: tcp Severity: 5.0 (Medium) Port: 135 OID: 1.3.6.1.4.1.25623.1.0.10736 Summary Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Vulnerability Detection Result Vulnerability was detected according to the Vulnerability Detection Method. Solution filter incoming traffic to this port. DCE Services Enumeration Hostname: 10.85.9.140 Protocol: tcp Severity: 5.0 (Medium) Port: 135 Summary 16 OID: 1.3.6.1.4.1.25623.1.0.10736 Security Report Vulnerability Details Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Vulnerability Detection Result Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Here is the list of DCE services running on this host: Port: 49152/tcp UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49152] Port: 49153/tcp UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49153] Annotation: Event log TCPIP UUID: 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49153] Annotation: NRP server endpoint UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49153] Annotation: DHCPv6 Client LRPC Endpoint UUID: 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49153] Annotation: DHCP Client LRPC Endpoint UUID: 06bba54a-be05-49f9-b0a0-30f790261023, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49153] Annotation: Security Center Port: 49154/tcp UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49154] UUID: a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49154] Annotation: IKE/Authip API UUID: 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1 17 Security Report Vulnerability Details Endpoint: ncacn_ip_tcp:10.85.9.140[49154] Annotation: IP Transition Configuration endpoint UUID: 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49154] Annotation: XactSrv service UUID: 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49154] UUID: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49154] Annotation: Impl friendly name UUID: 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49154] Annotation: AppInfo UUID: 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49154] Annotation: AppInfo UUID: fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49154] Annotation: AppInfo UUID: 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49154] Annotation: AppInfo UUID: 8c7daf44-b6dc-11d1-9a4c-0020af6e7c57, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49154] Port: 49171/tcp UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49171] Named pipe : lsass Win32 service or process : lsass.exe Description : SAM access Port: 49189/tcp UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2 Endpoint: ncacn_ip_tcp:10.85.9.140[49189] Port: 49190/tcp UUID: 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49190] Annotation: Remote Fw APIs 18 Security Report Vulnerability Details UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1 Endpoint: ncacn_ip_tcp:10.85.9.140[49190] Annotation: IPSec Policy agent endpoint Named pipe : spoolss Win32 service or process : spoolsv.exe Description : Spooler service Solution : filter incoming traffic to this port(s). Solution filter incoming traffic to this port. Missing httpOnly Cookie Attribute Hostname: 10.85.9.140 Protocol: tcp Severity: 5.0 (Medium) Port: 443 OID: 1.3.6.1.4.1.25623.1.0.105925 Summary The application is missing the ’httpOnly’ cookie attribute Vulnerability Detection Result The cookies: Set-Cookie: c_lang= Set-Cookie: passwd= Set-Cookie: user= are missing the httpOnly attribute. Impact Application Solution Solution type: Mitigation Set the ’httpOnly’ attribute for any session cookies. Vulnerability Insight The flaw is due to a cookie is not using the ’httpOnly’ attribute. This allows a cookie to be accessed by JavaScript which could lead to session hijacking attacks. Vulnerability Detection Method Check all cookies sent by the application for a missing ’httpOnly’ attribute References Other: https://www.owasp.org/index.php/HttpOnly, https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OTG-SESS-002) 19 Security Report Check for SSL Weak Ciphers Hostname: 10.85.9.140 Protocol: tcp Vulnerability Details Severity: 4.3 (Medium) Port: 443 OID: 1.3.6.1.4.1.25623.1.0.103440 Summary This routine search for weak SSL ciphers offered by a service. Vulnerability Detection Result Weak ciphers offered by this service: SSL3_RSA_RC4_128_MD5 SSL3_RSA_RC4_128_SHA SSL3_RSA_DES_64_CBC_SHA SSL3_EDH_RSA_DES_64_CBC_SHA SSL3_RSA_WITH_SEED_SHA SSL3_ECDHE_RSA_WITH_RC4_128_SHA TLS1_RSA_RC4_128_MD5 TLS1_RSA_RC4_128_SHA TLS1_RSA_DES_64_CBC_SHA TLS1_EDH_RSA_DES_64_CBC_SHA TLS1_ECDHE_RSA_WITH_RC4_128_SHA Solution The configuration of this services should be changed so that it does not support the listed weak ciphers anymore. Vulnerability Insight These rules are applied for the evaluation of the cryptographic strength: - Any SSL/TLS using no cipher is considered weak. - All SSLv2 ciphers are considered weak due to a design flaw within the SSLv2 protocol. - RC4 is considered to be weak. - Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore considered as weak. - 1024 bit RSA authentication is considered to be insecure and therefore as weak. - CBC ciphers in TLS < 1.2 are considered to be vulnerable to the BEAST or Lucky 13 attacks - Any cipher considered to be secure for only the next 10 years is considered as medium - Any other cipher is considered as strong POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability Hostname: 10.85.9.140 Protocol: tcp Port: 443 Severity: 4.3 (Medium) OID: 1.3.6.1.4.1.25623.1.0.802087 Summary This host is installed with OpenSSL and is prone to information disclosure vulnerability. Vulnerability Detection Result Vulnerability was detected according to the Vulnerability Detection Method. Impact Successful exploitation will allow a man-in-the-middle attackers gain access to the plain text data stream. 20 Security Report Vulnerability Details Impact Level: Application Solution Vendor released a patch to address this vulnerabiliy, For updates contact vendor or refer to https://www.openssl.org NOTE: The only correct way to fix POODLE is to disable SSL v3.0 Vulnerability Insight The flaw is due to the block cipher padding not being deterministic and not covered by the Message Authentication Code Vulnerability Detection Method Send a SSLv3 request and check the response. References CVE: CVE-2014-3566 BID: 70574 CERT: CB-K15/1514, CB-K15/1358, CB-K15/1021, CB-K15/0972, CB-K15/0525, CB-K15/0393, CB-K15/0384, CB-K15/0287, CB-K15/0252, CB-K15/0246, CB-K15/0237, CB-K15/0118, CB-K15/0110, CB-K15/0108, CB-K15/0080, CB-K15/0078, CB-K15/0077, CB-K15/0075, CB-K14/1617, CB-K14/1581, CB-K14/1537, CB-K14/1479, CB-K14/1458, CB-K14/1342, CB-K14/1314, CB-K14/1313, CB-K14/1311, CB-K14/1304, CBK14/1296, DFN-CERT-2015-1431, DFN-CERT-2015-1075, DFN-CERT-2015-1026, DFN-CERT-2015-0664, DFN-CERT-2015-0548, DFN-CERT-2015-0404, DFN-CERT-2015-0396, DFN-CERT-2015-0259, DFN-CERT2015-0254, DFN-CERT-2015-0245, DFN-CERT-2015-0118, DFN-CERT-2015-0114, DFN-CERT-2015-0083, DFN-CERT-2015-0082, DFN-CERT-2015-0081, DFN-CERT-2015-0076, DFN-CERT-2014-1717, DFN-CERT2014-1680, DFN-CERT-2014-1632, DFN-CERT-2014-1564, DFN-CERT-2014-1542, DFN-CERT-2014-1414, DFN-CERT-2014-1366, DFN-CERT-2014-1354 Other: http://osvdb.com/113251, https://www.openssl.org//ssl-poodle.pdf, https://www.imperialviolet.org/2014/10/14/poodle.html, https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html, http://googleonlinesecurity.blogspot.in/2014/10/this-poodle-bites-exploiting-ssl-30.html Oracle MySQL Server Component ’Optimizer’ Unspecified vulnerability Oct-2013 (Windows) Hostname: 10.85.9.140 Protocol: tcp Port: 3306 Severity: 4.0 (Medium) OID: 1.3.6.1.4.1.25623.1.0.804033 Summary This host is running Oracle MySQL and is prone to unspecified vulnerability. Vulnerability Detection Result Vulnerability was detected according to the Vulnerability Detection Method. Impact Successful exploitation will allow remote attackers to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service) and bypass certain security restrictions. Impact Level: Application Solution Solution type: VendorFix 21 Security Report Vulnerability Details Apply the patch from below link, http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html Vulnerability Insight Unspecified error in the MySQL Server component via unknown vectors related to Optimizer. Vulnerability Detection Method Get the installed version of MySQL with the help of detect NVT and check it is vulnerable or not. Product Detection Result Product: cpe:/a:oracle:mysql:5.1.69-community Method: MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152) References CVE: CVE-2013-3839 BID: 63109 CERT: CB-K14/0187, CB-K13/1072, CB-K13/0840, CB-K13/0806, CB-K13/0789, DFN-CERT-2014-0190, DFN-CERT-2013-2099, DFN-CERT-2013-1846, DFN-CERT-2013-1815, DFN-CERT-2013-1795 Other: http://www.osvdb.com/98508, http://secunia.com/advisories/55327, http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html Oracle MySQL Multiple Unspecified vulnerabilities - 04 Jan14 (Windows) Hostname: 10.85.9.140 Protocol: tcp Port: 3306 Severity: 4.0 (Medium) OID: 1.3.6.1.4.1.25623.1.0.804075 Summary This host is running Oracle MySQL and is prone to multiple unspecified vulnerabilities. Vulnerability Detection Result Vulnerability was detected according to the Vulnerability Detection Method. Impact Successful exploitation will allow attackers to manipulate certain data and cause a DoS (Denial of Service). Impact Level: Application Solution Solution type: VendorFix Apply the patch from below link, http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html Vulnerability Insight Unspecified errors in the MySQL Server component via unknown vectors related to InnoDB, Optimizer, Error Handling, and some unknow vectors. Vulnerability Detection Method Get the installed version with the help of detect NVT and check the version is vulnerable or not. Product Detection Result 22 Security Report Vulnerability Details Product: cpe:/a:oracle:mysql:5.1.69-community Method: MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152) References CVE: CVE-2014-0401, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908 BID: 64898, 64880, 64849, 64896 CERT: CB-K15/1518, CB-K14/0710, CB-K14/0187, CB-K14/0177, CB-K14/0082, CB-K14/0074, CB-K14/0055, DFN-CERT-2015-1604, DFN-CERT-2014-0742, DFN-CERT-2014-0190, DFN-CERT-2014-0180, DFN-CERT2014-0085, DFN-CERT-2014-0074, DFN-CERT-2014-0048 Other: http://www.osvdb.com/102071, http://secunia.com/advisories/56491, http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html Oracle MySQL Multiple Unspecified vulnerabilities - 05 Jan14 (Windows) Hostname: 10.85.9.140 Protocol: tcp Port: 3306 Severity: 4.0 (Medium) OID: 1.3.6.1.4.1.25623.1.0.804076 Summary This host is running Oracle MySQL and is prone to multiple unspecified vulnerabilities. Vulnerability Detection Result Vulnerability was detected according to the Vulnerability Detection Method. Impact Successful exploitation will allow attackers to manipulate certain data and cause a DoS (Denial of Service). Impact Level: Application Solution Solution type: VendorFix Apply the patch from below link, http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html Vulnerability Insight Unspecified errors in the MySQL Server component via unknown vectors related to Optimizer, InnoDB, and Locking. Vulnerability Detection Method Get the installed version with the help of detect NVT and check the version is vulnerable or not. Product Detection Result Product: cpe:/a:oracle:mysql:5.1.69-community Method: MySQL/MariaDB Detection (OID: 1.3.6.1.4.1.25623.1.0.100152) References CVE: CVE-2014-0386, CVE-2014-0393, CVE-2014-0402 BID: 64904, 64877, 64908 23 Security Report Vulnerability Details CERT: CB-K14/0710, CB-K14/0187, CB-K14/0177, CB-K14/0082, CB-K14/0074, CB-K14/0055, DFN-CERT2014-0742, DFN-CERT-2014-0190, DFN-CERT-2014-0180, DFN-CERT-2014-0085, DFN-CERT-2014-0074, DFN-CERT-2014-0048 Other: http://www.osvdb.com/102069, http://secunia.com/advisories/56491, http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html TCP timestamps Hostname: 10.85.9.140 Protocol: tcp Severity: 2.6 (Low) Port: general OID: 1.3.6.1.4.1.25623.1.0.80091 Summary The remote host implements TCP timestamps and therefore allows to compute the uptime. Vulnerability Detection Result It was detected that the host implements RFC1323. The following timestamps were retrieved with a delay of 1 seconds in-between: Paket 1: 99919077 Paket 2: 99919198 Impact A side effect of this feature is that the uptime of the remote host can sometimes be computed. Solution To disable TCP timestamps on linux add the line ’net.ipv4.tcp_timestamps = 0’ to /etc/sysctl.conf. Execute ’sysctl -p’ to apply the settings at runtime. To disable TCP timestamps on Windows execute ’netsh int tcp set global timestamps=disabled’ Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled. The default behavior of the TCP/IP stack on this Systems is, to not use the Timestamp options when initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in their synchronize (SYN) segment. See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152 Vulnerability Insight The remote host implements TCP timestamps, as defined by RFC1323. Vulnerability Detection Method Special IP packets are forged and sent with a little delay in between to the target IP. The responses are searched for a timestamps. If found, the timestamps are reported. References Other: http://www.ietf.org/rfc/rfc1323.txt OS fingerprinting Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: general Summary 24 OID: 1.3.6.1.4.1.25623.1.0.102002 Security Report Vulnerability Details This script performs ICMP based OS fingerprinting (as described by Ofir Arkin and Fyodor Yarochkin in Phrack #57). It can be used to determine remote operating system version. Vulnerability Detection Result ICMP based OS fingerprint results: (83% confidence) Microsoft Windows References Other: http://www.phrack.org/issues.html?issue=57&amp;id=7#article ICMP Timestamp Detection Hostname: 10.85.9.140 Protocol: icmp Severity: 0.0 (Log) Port: general OID: 1.3.6.1.4.1.25623.1.0.103190 Summary The remote host responded to an ICMP timestamp request. The Timestamp Reply is an ICMP message which replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp and a transmit timestamp. This information could theoretically be used to exploit weak time-based random number generators in other services. Vulnerability Detection Result Vulnerability was detected according to the Vulnerability Detection Method. References CVE: CVE-1999-0524 CERT: CB-K15/1514, CB-K14/0632, DFN-CERT-2014-0658 Other: http://www.ietf.org/rfc/rfc0792.txt Checks for open udp ports Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: general OID: 1.3.6.1.4.1.25623.1.0.103978 Summary Collects all open UDP ports of the UDP ports identified so far. Vulnerability Detection Result Open UDP ports: [None found] Traceroute Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: general OID: 1.3.6.1.4.1.25623.1.0.51662 Summary A traceroute from the scanning server to the target system was conducted. This traceroute is provided primarily for informational value only. In the vast majority of cases, it does not represent a vulnerability. However, if the displayed traceroute contains any private addresses that should not have been publicly 25 Security Report Vulnerability Details visible, then you have an issue you need to correct. Vulnerability Detection Result Here is the route from 10.85.2.11 to 10.85.9.140: 10.85.2.11 10.85.8.2 10.85.9.140 Solution Block unwanted packets from escaping your network. Microsoft SMB Signing Disabled Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: general OID: 1.3.6.1.4.1.25623.1.0.802726 Summary Checking for SMB signing is disabled. The script logs in via smb, checks the SMB Negotiate Protocol response to confirm SMB signing is disabled. Vulnerability Detection Result SMB signing is disabled on this host CPE Inventory Hostname: 10.85.9.140 Protocol: CPE-T Severity: 0.0 (Log) Port: general OID: 1.3.6.1.4.1.25623.1.0.810002 Summary This routine uses information collected by other routines about CPE identities (http://cpe.mitre.org/) of operating systems, services and applications detected during the scan. Vulnerability Detection Result 10.85.9.140|cpe:/a:apache:http_server:2.4.9 10.85.9.140|cpe:/a:oracle:mysql:5.1.69-community 10.85.9.140|cpe:/o:microsoft:windows Checks for open tcp ports Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: general OID: 1.3.6.1.4.1.25623.1.0.900239 Summary Collects all open tcp ports of the tcp ports identified so far. Vulnerability Detection Result Open TCP ports: 443, 10115, 445, 5900, 21, 135, 912, 22222, 27000, 5800, 139, 3389, 3306, 902, 80 26 Security Report Vulnerability Details FTP Banner Detection Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 21 OID: 1.3.6.1.4.1.25623.1.0.10092 Summary This Plugin detects the FTP Server Banner Vulnerability Detection Result Remote FTP server banner : 220-SlimFTPd 3.181, by WhitSoft Development (www.whitsoftdev.com) Services Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 21 OID: 1.3.6.1.4.1.25623.1.0.10330 Summary This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. Vulnerability Detection Result An FTP server is running on this port. Here is its banner : 220-SlimFTPd 3.181, by WhitSoft Development (www.whitsoftdev.com) HTTP Server type and version Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 80 OID: 1.3.6.1.4.1.25623.1.0.10107 Summary This detects the HTTP Server’s type and version. Vulnerability Detection Result The remote web server type is : Apache/2.4.9 (Win32) OpenSSL/1.0.1g Solution : You can set the directive ’ServerTokens Prod’ to limit the information emanating from the server in its response headers. Solution Configure your server to use an alternate name like ’Wintendo httpD w/Dotmatrix display’ Be sure to remove common logos like apache_pb.gif. With Apache, you can set the directive ’ServerTokens Prod’ to limit the information emanating from the server in its response headers. Services Severity: 0.0 (Log) 27 Security Report Hostname: 10.85.9.140 Protocol: tcp Vulnerability Details Port: 80 OID: 1.3.6.1.4.1.25623.1.0.10330 Summary This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. Vulnerability Detection Result A web server is running on this port Web mirroring Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 80 OID: 1.3.6.1.4.1.25623.1.0.10662 Summary This script makes a mirror of the remote web site and extracts the list of CGIs that are used by the remote host. It is suggested you allow a long-enough timeout value for this test routine and also adjust the setting on the number of pages to mirror. Vulnerability Detection Result The following CGI have been discovered : Syntax : cginame (arguments [default value]) . (wohin [9007] c_lang [1] passwd [adhoc] user [adhoc] ) Directory Scanner Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 80 OID: 1.3.6.1.4.1.25623.1.0.11032 Summary This plugin attempts to determine the presence of various common dirs on the remote web server Vulnerability Detection Result The following directories were discovered: /Install, /config, /log, /Log, /css, /data, /design, /files, /ftp, /images, /img, /install, /js, /lib, /mysql, /software, /temp While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards References Other: OWASP:OWASP-CM-006 Apache Web Server Version Detection Severity: 0.0 (Log) 28 Security Report Hostname: 10.85.9.140 Protocol: tcp Vulnerability Details Port: 80 OID: 1.3.6.1.4.1.25623.1.0.900498 Summary Detection of installed version of Apache Web Server The script detects the version of Apache HTTP Server on remote host and sets the KB. Vulnerability Detection Result Detected Apache Version: 2.4.9 Location: 80/tcp CPE: cpe:/a:apache:http_server:2.4.9 Concluded from version identification result: Server: Apache/2.4.9 SMB on port 445 Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 139 OID: 1.3.6.1.4.1.25623.1.0.11011 Summary This script detects wether port 445 and 139 are open and if thet are running SMB servers. Vulnerability Detection Result An SMB server is running on this port HTTP Server type and version Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 443 OID: 1.3.6.1.4.1.25623.1.0.10107 Summary This detects the HTTP Server’s type and version. Vulnerability Detection Result The remote web server type is : Apache/2.4.9 (Win32) OpenSSL/1.0.1g Solution : You can set the directive ’ServerTokens Prod’ to limit the information emanating from the server in its response headers. Solution Configure your server to use an alternate name like ’Wintendo httpD w/Dotmatrix display’ Be sure to remove common logos like apache_pb.gif. With Apache, you can set the directive ’ServerTokens Prod’ to limit the information emanating from the server in its response headers. 29 Security Report Vulnerability Details SSL Certificate - Self-Signed Certificate Detection Hostname: 10.85.9.140 Protocol: tcp Port: 443 Severity: 0.0 (Log) OID: 1.3.6.1.4.1.25623.1.0.103140 Summary The SSL certificate on this port is self-signed. Vulnerability Detection Result Vulnerability was detected according to the Vulnerability Detection Method. References Other: http://en.wikipedia.org/wiki/Self-signed_certificate Services Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 443 OID: 1.3.6.1.4.1.25623.1.0.10330 Summary This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. Vulnerability Detection Result A TLScustom server answered on this port Services Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 443 OID: 1.3.6.1.4.1.25623.1.0.10330 Summary This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. Vulnerability Detection Result A web server is running on this port through SSL Web mirroring Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 443 OID: 1.3.6.1.4.1.25623.1.0.10662 Summary This script makes a mirror of the remote web site and extracts the list of CGIs that are used by the remote host. It is suggested you allow a long-enough timeout value for this test routine and also adjust the setting on the number of pages to mirror. Vulnerability Detection Result The following CGI have been discovered : 30 Security Report Vulnerability Details Syntax : cginame (arguments [default value]) . (wohin [9007] user [adhoc] passwd [adhoc] ) Directory Scanner Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 443 OID: 1.3.6.1.4.1.25623.1.0.11032 Summary This plugin attempts to determine the presence of various common dirs on the remote web server Vulnerability Detection Result The following directories were discovered: /Install, /config, /log, /Log, /css, /data, /design, /files, /ftp, /images, /img, /install, /js, /lib, /mysql, /software, /temp While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards References Other: OWASP:OWASP-CM-006 Check for SSL Ciphers Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 443 Summary This routine search for SSL ciphers offered by a service. Vulnerability Detection Result Service does not support SSLv2 Ciphers. Service supports SSLv3 ciphers. Service supports TLSv1 ciphers. Medium ciphers offered by this service: SSL3_RSA_DES_192_CBC3_SHA SSL3_EDH_RSA_DES_192_CBC3_SHA SSL3_DHE_RSA_WITH_AES_128_SHA SSL3_RSA_WITH_CAMELLIA_128_CBC_SHA SSL3_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA SSL3_RSA_WITH_CAMELLIA_256_CBC_SHA SSL3_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA SSL3_DHE_RSA_WITH_SEED_SHA SSL3_ECDHE_RSA_WITH_DES_192_CBC3_SHA SSL3_ECDHE_RSA_WITH_AES_128_CBC_SHA 31 OID: 1.3.6.1.4.1.25623.1.0.802067 Security Report Vulnerability Details SSL3_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS1_RSA_DES_192_CBC3_SHA TLS1_EDH_RSA_DES_192_CBC3_SHA TLS1_DHE_RSA_WITH_AES_128_SHA TLS1_RSA_WITH_CAMELLIA_128_CBC_SHA TLS1_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS1_RSA_WITH_CAMELLIA_256_CBC_SHA TLS1_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS1_RSA_WITH_SEED_SHA TLS1_DHE_RSA_WITH_SEED_SHA TLS1_ECDHE_RSA_WITH_DES_192_CBC3_SHA TLS1_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS1_ECDHE_RSA_WITH_AES_256_CBC_SHA Weak ciphers offered by this service: SSL3_RSA_RC4_128_MD5 SSL3_RSA_RC4_128_SHA SSL3_RSA_DES_64_CBC_SHA SSL3_EDH_RSA_DES_64_CBC_SHA SSL3_RSA_WITH_SEED_SHA SSL3_ECDHE_RSA_WITH_RC4_128_SHA TLS1_RSA_RC4_128_MD5 TLS1_RSA_RC4_128_SHA TLS1_RSA_DES_64_CBC_SHA TLS1_EDH_RSA_DES_64_CBC_SHA TLS1_ECDHE_RSA_WITH_RC4_128_SHA No non-ciphers are supported by this service Apache Web Server Version Detection Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 443 OID: 1.3.6.1.4.1.25623.1.0.900498 Summary Detection of installed version of Apache Web Server The script detects the version of Apache HTTP Server on remote host and sets the KB. Vulnerability Detection Result Detected Apache Version: 2.4.9 Location: 443/tcp CPE: cpe:/a:apache:http_server:2.4.9 Concluded from version identification result: Server: Apache/2.4.9 Check for SSL Medium Ciphers Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 443 32 OID: 1.3.6.1.4.1.25623.1.0.902816 Security Report Vulnerability Details Summary This Plugin reports about SSL Medium Ciphers. Vulnerability Detection Result Medium ciphers offered by this service: SSL3_RSA_DES_192_CBC3_SHA SSL3_EDH_RSA_DES_192_CBC3_SHA SSL3_DHE_RSA_WITH_AES_128_SHA SSL3_RSA_WITH_CAMELLIA_128_CBC_SHA SSL3_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA SSL3_RSA_WITH_CAMELLIA_256_CBC_SHA SSL3_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA SSL3_DHE_RSA_WITH_SEED_SHA SSL3_ECDHE_RSA_WITH_DES_192_CBC3_SHA SSL3_ECDHE_RSA_WITH_AES_128_CBC_SHA SSL3_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS1_RSA_DES_192_CBC3_SHA TLS1_EDH_RSA_DES_192_CBC3_SHA TLS1_DHE_RSA_WITH_AES_128_SHA TLS1_RSA_WITH_CAMELLIA_128_CBC_SHA TLS1_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS1_RSA_WITH_CAMELLIA_256_CBC_SHA TLS1_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS1_RSA_WITH_SEED_SHA TLS1_DHE_RSA_WITH_SEED_SHA TLS1_ECDHE_RSA_WITH_DES_192_CBC3_SHA TLS1_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS1_ECDHE_RSA_WITH_AES_256_CBC_SHA SMB NativeLanMan Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 445 OID: 1.3.6.1.4.1.25623.1.0.102011 Summary It is possible to extract OS, domain and SMB server information from the Session Setup AndX Response packet which is generated during NTLM authentication. Vulnerability Detection Result Summary: It is possible to extract OS, domain and SMB server information from the Session Setup AndX Response packet which is generated during NTLM authentication.Detected SMB workgroup: WORKGROUP Detected SMB server: Windows 7 Professional 6.1 Detected OS: Windows 7 Professional 7601 Service Pack 1 SMB on port 445 Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 445 33 OID: 1.3.6.1.4.1.25623.1.0.11011 Security Report Vulnerability Details Summary This script detects wether port 445 and 139 are open and if thet are running SMB servers. Vulnerability Detection Result A CIFS server is running on this port Services Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 902 OID: 1.3.6.1.4.1.25623.1.0.10330 Summary This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. Vulnerability Detection Result A VMWare authentication daemon is running on this port: 220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC , , NFCSSL supported/t VMware ESX/GSX Server detection Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 902 OID: 1.3.6.1.4.1.25623.1.0.20301 Summary The remote host appears to be running VMware ESX or GSX Server. Description : According to its banner, the remote host appears to be running a VMWare server authentication daemon, which likely indicates the remote host is running VMware ESX or GSX Server. Vulnerability Detection Result Vulnerability was detected according to the Vulnerability Detection Method. References Other: http://www.vmware.com/ Services Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 912 OID: 1.3.6.1.4.1.25623.1.0.10330 Summary This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. Vulnerability Detection Result A VMWare authentication daemon is running on this port: 220 VMware Authentication Daemon Version 1.0, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC , 34 Security Report Vulnerability Details , MySQL/MariaDB Detection Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 3306 OID: 1.3.6.1.4.1.25623.1.0.100152 Summary Detection of installed version of MySQL/MariaDB. Detect a running MySQL/MariaDB by getting the banner, Extract the version from the banner and store the information in KB Vulnerability Detection Result Detected MySQL Version: 5.1.69-community Location: 3306/tcp CPE: cpe:/a:oracle:mysql:5.1.69-community Concluded from version identification result: 5.1.69-community À[U+009F] ()5lFV[J ÿ÷ >:H<0|DyX,pp Services Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 3306 OID: 1.3.6.1.4.1.25623.1.0.10330 Summary This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. Vulnerability Detection Result An unknown service is running on this port. It is usually reserved for MySQL Database Open Access Vulnerability Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 3306 OID: 1.3.6.1.4.1.25623.1.0.902799 Summary The host is running a Database server and is prone to information disclosure vulnerability. Vulnerability Detection Result MySQL can be accessed by remote attackers Impact Successful exploitation could allow an attacker to obtain the sensitive information of the database. Impact Level: Application 35 Security Report Vulnerability Details Vulnerability Insight Do not restricting direct access of databases to the remote systems. References Other: https://www.pcisecuritystandards.org/security_standards/index.php?id=pci_dss_v1-2.pdf Services Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 3389 OID: 1.3.6.1.4.1.25623.1.0.10330 Summary This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. Vulnerability Detection Result A TLScustom server answered on this port Identify unknown services with nmap Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 3389 OID: 1.3.6.1.4.1.25623.1.0.66286 Summary This plugin performs service detection by launching nmap’s service probe against ports running unidentified services. Description : This plugin is a complement of find_service.nasl. It launches nmap -sV (probe requests) against ports that are running unidentified services. Vulnerability Detection Result Nmap service detection result for this port: ms-wbt-server Check for SSL Ciphers Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 3389 Summary This routine search for SSL ciphers offered by a service. Vulnerability Detection Result Service does not support SSLv2 Ciphers. Service does not support SSLv3 Ciphers. Service does not support TLSv1 Ciphers. No medium ciphers are supported by this service 36 OID: 1.3.6.1.4.1.25623.1.0.802067 Security Report Vulnerability Details No weak ciphers are supported by this service No non-ciphers are supported by this service Services Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 5800 OID: 1.3.6.1.4.1.25623.1.0.10330 Summary This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base. Vulnerability Detection Result A web server is running on this port Check for VNC Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 5900 OID: 1.3.6.1.4.1.25623.1.0.10342 Summary The remote host is running a remote display software (VNC) Description : The remote server is running VNC, a software which permits a console to be displayed remotely. This allows authenticated users of the remote host to take its control remotely. Vulnerability Detection Result Summary: The remote host is running a remote display software (VNC) Description : The remote server is running VNC, a software which permits a console to be displayed remotely. This allows authenticated users of the remote host to take its control remotely. Solution: Make sure the use of this software is done in accordance with your corporate security policy, filter incoming traffic to this port. Plugin output : The version of the VNC protocol is : RFB 003.008 Solution Make sure the use of this software is done in accordance with your corporate security policy, filter incoming traffic to this port. 37 Security Report Vulnerability Details VNC security types Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 5900 OID: 1.3.6.1.4.1.25623.1.0.19288 Summary This script checks the remote VNC protocol version and the available ’security types’. Vulnerability Detection Result The remote VNC server supports those security types: + 17 (Ultra) + 2 (VNC authentication) Identify unknown services with nmap Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 10115 OID: 1.3.6.1.4.1.25623.1.0.66286 Summary This plugin performs service detection by launching nmap’s service probe against ports running unidentified services. Description : This plugin is a complement of find_service.nasl. It launches nmap -sV (probe requests) against ports that are running unidentified services. Vulnerability Detection Result Nmap service detection result for this port: netiq-endpt This is a guess. A confident identification of the service was not possible. Identify unknown services with nmap Hostname: 10.85.9.140 Protocol: tcp Severity: 0.0 (Log) Port: 27000 OID: 1.3.6.1.4.1.25623.1.0.66286 Summary This plugin performs service detection by launching nmap’s service probe against ports running unidentified services. Description : This plugin is a complement of find_service.nasl. It launches nmap -sV (probe requests) against ports that are running unidentified services. Vulnerability Detection Result Nmap service detection result for this port: flexlm 38 S ECURITY R EPORT 6 A PPENDIX A DDITIONAL R ESSOURCES CVE L OOKUP Common Vulnerabilities and Exposure (CVE) identifiers can be used to uniquely identify common names for publicly known information security vulnerabilities. Inside Greenbone Security Manager you can review CVE details via the SecInfo Management where you can also lookup any CVE directly. The SecInfo Management carries a copy of the official CVE Dictionary: http://cve.mitre.org/cve/cve.html You can also directly look up a CVE-ID by adding it as the name parameter to the following URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name= For example: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250 CPE L OOKUP Common Platform Enumeration (CPE) is a structured naming scheme for information technology systems, platforms, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a language for describing complex platforms, a method for checking names against a system, and a description format for binding text and tests to a name. Inside Greenbone Security Manager you can review CPE details via the SecInfo Management where you can also lookup any CPE directly. The SecInfo Management carries a copy of the official CPE Dictionary: http://nvd.nist.gov/cpe.cfm 39