Network Vulnerability Assessment Report |
| |
Sorted by host names |
| |||||||||
|
Host | Holes | Warnings | Open ports | State |
10.0.0.36 | 3 | 1 | 5 | Finished |
Service | Severity | Description |
ftp (21/tcp) | Port is open | |
ssh (22/tcp) | Port is open | |
telnet (23/tcp) | Port is open | |
www (80/tcp) | Port is open | |
snmp (161/udp) | Port is open | |
ssh (22/tcp) | You are running a version of OpenSSH which is older than 3.7.1 Versions older than 3.7.1 are vulnerable to a flaw in the buffer management functions which might allow an attacker to execute arbitrary commands on this host. An exploit for this issue is rumored to exist. Note that several distribution patched this hole without changing the version number of OpenSSH. Since Nessus solely relied on the banner of the remote SSH server to perform this check, this might be a false positive. If you are running a RedHat host, make sure that the command : rpm -q openssh-server Returns : openssh-server-3.1p1-13 (RedHat 7.x) openssh-server-3.4p1-7 (RedHat 8.0) openssh-server-3.5p1-11 (RedHat 9) Solution : Upgrade to OpenSSH 3.7.1 See also : http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2 http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2 Risk factor : High CVE : CAN-2003-0682, CAN-2003-0693, CAN-2003-0695 BID : 8628 Other references : RHSA:RHSA-2003:279, SuSE:SUSE-SA:2003:039 | |
snmp (161/udp) | SNMP Agent responded as expected with community name: public CVE : CAN-1999-0517, CAN-1999-0186, CAN-1999-0254, CAN-1999-0516 BID : 11237, 10576, 177, 2112, 6825, 7081, 7212, 7317, 9681, 986 Other references : IAVA:2001-B-0001 | |
www (80/tcp) | The following URLs seem to be vulnerable to various SQL injection techniques : /cgi-bin/webcm?var:main='UNION' /cgi-bin/webcm?var:main=' /cgi-bin/webcm?var:main='%22 /cgi-bin/webcm?var:main=9%2c+9%2c+9 /cgi-bin/webcm?var:main='bad_bad_value /cgi-bin/webcm?var:main=bad_bad_value' /cgi-bin/webcm?var:main='+OR+' /cgi-bin/webcm?var:main='WHERE /cgi-bin/webcm?var:main=%3B /cgi-bin/webcm?var:main='OR An attacker may exploit this flaws to bypass authentication or to take the control of the remote database. Solution : Modify the relevant CGIs so that they properly escape arguments Risk factor : High See also : http://www.securiteam.com/securityreviews/5DP0N1P76E.html | |
snmp (161/udp) | A SNMP server is running on this host The following versions are supported SNMP version1 SNMP version2c | |
www (80/tcp) | A web server is running on this port | |
ftp (21/tcp) | An FTP server is running on this port. Here is its banner : 220 FTPU ready. | |
ftp (21/tcp) | Remote FTP server banner : 220 FTPU ready. | |
www (80/tcp) | The following directories were discovered: /cgi-bin, /html While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards Other references : OWASP:OWASP-CM-006 | |
www (80/tcp) | The following CGI have been discovered : Syntax : cginame (arguments [default value]) /cgi-bin/webcm (var:main [menu] var:style [style5] getpage [../html/defs/style5/menus/menu.html] errorpage [../html/index.html] var:pagename [home] var:errorpagename [home] var:menu [home] var:menutitle [Home] var:pagetitle [Home] var:pagemaster [home] login:command/username [] login:command/password [] ) | |
www (80/tcp) | The remote web server type is : | |
telnet (23/tcp) | A telnet server seems to be running on this port | |
ssh (22/tcp) | An ssh server is running on this port | |
general/udp | For your information, here is the traceroute to 10.0.0.36 : 10.0.0.59 10.0.0.36 | |
telnet (23/tcp) | Remote telnet banner : BusyBox on (none) login: | |
ssh (22/tcp) | Remote SSH version : SSH-2.0-OpenSSH_3.6p1 |