Vulnerability found on port ssh (22/tcp)
Information found on port ssh (22/tcp)
An ssh server is running on this port
Nessus ID : 10330
Information found on port ssh (22/tcp)
Remote SSH version : SSH-2.0-OpenSSH_3.7.1p1
Remote SSH supported authentication : publickey,password,keyboard-interactive
Nessus ID : 10267
Information found on port ssh (22/tcp)
The remote host seem to be running an SSH server which can allow
an attacker to determine the existence of a given login by comparing
the time the remote sshd daemon takes to refuse a bad password for a
non-existent login compared to the time it takes to refuse a bad password
for a valid login.
An attacker may use this flaw to set up a brute force attack against
the remote host.
Solution : Disable PAM support if you do not use it, upgrade to the newest
version of OpenSSH
Risk factor : Low
CVE : CVE-2003-0190
BID : 7342, 7467, 7482, 11781
Nessus ID : 11574
Information found on port ssh (22/tcp)
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.99
. 2.0
SSHv2 host key fingerprint : a5:64:64:8b:3f:15:a7:e0:86:36:9b:37:95:56:40:da
Nessus ID : 10881
Information found on port smtp (25/tcp)
An SMTP server is running on this port
Here is its banner :
220 abattoir.2-10.org ESMTP
Nessus ID : 10330
Information found on port smtp (25/tcp)
Synopsis :
An SMTP server is listening on the remote port.
Description :
The remote host is running a mail (SMTP) server on this port.
Since SMTP servers are the targets of spammers, it is recommended you
disable it if you do not use it.
Solution :
Disable this service if you do not use it, or filter incoming traffic
to this port.
Risk factor :
None
Plugin output :
Remote SMTP server banner :
220 abattoir.2-10.org ESMTP
Nessus ID : 10263
Vulnerability found on port http (80/tcp)
Vulnerability found on port http (80/tcp)
Vulnerability found on port http (80/tcp)
Vulnerability found on port http (80/tcp)
Warning found on port http (80/tcp)
The remote host appears to be running a version of
Apache which is older than 1.3.27
There are several flaws in this version, you should
upgrade to 1.3.27 or newer.
*** Note that Nessus solely relied on the version number
*** of the remote server to issue this warning. This might
*** be a false positive
Solution : Upgrade to version 1.3.27
See also : http://www.apache.org/dist/httpd/Announcement.html
Risk factor : Medium
CVE : CVE-2002-0839, CVE-2002-0840, CVE-2002-0843
BID : 5847, 5884, 5887, 5995, 5996
Nessus ID : 11137
Warning found on port http (80/tcp)
The remote web server appears to be running a version of
Apache that is less that 2.0.49 or 1.3.31.
These versions are vulnerable to a denial of service attack where a remote
attacker can block new connections to the server by connecting to a listening
socket on a rarely accessed port.
Solution: Upgrade to Apache 2.0.49 or 1.3.31.
CVE : CVE-2004-0174
BID : 9921
Nessus ID : 12280
Warning found on port http (80/tcp)
The remote host is running a version of PHP <= 4.2.2.
The mail() function does not properly sanitize user input.
This allows users to forge email to make it look like it is
coming from a different source other than the server.
Users can exploit this even if SAFE_MODE is enabled.
Solution : Contact your vendor for the latest PHP release.
Risk factor : Medium
CVE : CVE-2002-0985, CVE-2002-0986
BID : 5562
Nessus ID : 11444
Warning found on port http (80/tcp)
The remote web server appears to be running a version of Apache that is older
than version 1.3.32.
This version is vulnerable to a heap based buffer overflow in proxy_util.c
for mod_proxy. This issue may lead remote attackers to cause a denial of
service and possibly execute arbitrary code on the server.
Solution: Don't use mod_proxy or upgrade to a newer version.
Risk factor: Medium
CVE : CVE-2004-0492
BID : 10508
Nessus ID : 15555
Information found on port http (80/tcp)
A web server is running on this port
Nessus ID : 10330
Information found on port http (80/tcp)
The following directories were discovered:
/cgi-bin, /CVS, /etc, /icons, /img, /lib, /mailman, /CVSROOT
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Other references : OWASP:OWASP-CM-006
Nessus ID : 11032
Information found on port http (80/tcp)
The following CGI have been discovered :
Syntax : cginame (arguments [default value])
/account.py (mode [create] )
/shots/index.py (rows [] cols [] action [display] view [caption] page [1] )
/index.py (filter [] order [desc] view [general] sort [name] )
/login.py (action [login] acct [] referer [] passwd [] )
/theme.py (action [select] theme [] )
/voting/view_vote.py (vote_id [16] )
/voting/vote_results.py (vote_id [16] )
/send_password.py (action [send] acct [] )
/shots/portrait.py (char_id [9] )
/view.py (name [] field1 [] field2 [] field3 [] field4 [] field5 [] field6 [] field7 [] field8 [] field9 [] field10 [] field11 [] field12 [] field13 [] field14 [] field15 [] action [create] )
Nessus ID : 10662
Information found on port http (80/tcp)
The remote web server type is :
Apache/1.3.26 (Unix) PHP/4.2.1
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Nessus ID : 10107
Information found on port unknown (3990/tcp)
An unknown server is running on this port.
If you know what it is, please send this banner to the Nessus team:
00: 35 30 20 4d 75 73 74 20 6c 6f 67 69 6e 20 77 69 50 Must login wi
10: 74 68 20 75 73 65 72 20 6e 61 6d 65 20 61 6e 64 th user name and
20: 20 70 61 73 73 77 6f 72 64 2e 0a 20 03 password.. .
Nessus ID : 11154
Information found on port unknown (3995/tcp)
A web server is running on this port
Nessus ID : 17975
Information found on port remoteanything (3999/tcp)
An FTP server is running on this port.
Here is its banner :
220- Realms of Sorcery FTP server ready.
Nessus ID : 10330
Information found on port remoteanything (3999/tcp)
Synopsis :
A FTP server is listening on this port
Description :
It is possible to obtain the banner of the remote FTP server
by connecting to the remote port.
Risk factor :
None
Plugin output :
The remote FTP banner is :
220- Realms of Sorcery FTP server ready.
Nessus ID : 10092
Warning found on port remoteanything (4000/tcp)
Synopsis :
A telnet server is listening on the remote port
Description :
The remote host is running a telnet server.
Using telnet is not recommended as logins, passwords and commands
are transferred in clear text.
An attacker may eavesdrop on a telnet session and obtain the
credentials of other users.
Solution :
Disable this service and use SSH instead
Risk factor :
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Plugin output:
Remote telnet banner:
[33;40;1m ############## ##############
##################### #####################
####### ######## ######## #######
##### ######## ######## #####
#### [37m__----, [33m## [37m.----_ .-, [33m###### [37m.-,,-------, [33m ####
### [37m/ _----' [33m# [37m/ .--, |/ / [33m###### [37m/ / `--, ,--' [33m ###
### [37m| | / / [33m## [37m/ // / [33m##### [37m/ / / / [33m ###
### [37m\ \ / `--' // / [33m#### [37m/ / / / [33m ###
[36m -------------------------- [32mI [36m-- [32mN [36m-- [32mF [36m-- [32mI [36m-- [32mN [36m-- [32mI [36m-- [32mT [36m-- [32mY [36m----------------------------
[33m ### [37m\ \ / .---' [33m# [37m/ / [33m###### [37m/ / / / [33m ###
### [37m| | / / [33m### [37m/ / [33m###### [37m/ / / / [33m ###
### [37m,---' / / / [33m#### [37m/ '--+-+ [33m# [37m/ / [33m### [37m/ / [33m ###
#### [37m`----' `' [33m###### [37m`------' [33m# [37m`' [33m##### [37m`' [33m ####
##### ######## ######## #####
####### ######## ######## #######
##################### ######################
############## ############### [37m
http://www.si.nu/
[36;0m
Spirits: Vash, Pam
Queens/Kings: Ichigo, Qualin, Zymira
Regents: Bazin, Crowley
Princess/Prince: lyra, Malachi, Vraxor
Driver: MudOS v22.2b11 Mudlib: Nightmare IVr4
What name do you wish? ["who" lists users]
Nessus ID : 10281
Information found on port remoteanything (4000/tcp)
A telnet server seems to be running on this port
Nessus ID : 10330
Information found on port remoteanything (4000/tcp)
The Telnet service is running.
This service is dangerous in the sense that it is not ciphered - that is,
everyone can sniff the data that passes between the telnet client
and the telnet server. This includes logins and passwords.
Solution:
If you are running a Unix-type system, OpenSSH can be used instead of telnet.
For Unix systems, you can comment out the 'telnet' line in /etc/inetd.conf.
For Unix systems which use xinetd, you will need to modify the telnet services
file in the /etc/xinetd.d folder. After making any changes to xinetd or
inetd configuration files, you must restart the service in order for the
changes to take affect.
In addition, many different router and switch manufacturers support SSH as a
telnet replacement. You should contact your vendor for a solution which uses
an encrypted session.
Risk factor : Low
CVE : CVE-1999-0619
Nessus ID : 10280
Information found on port abyss (9999/tcp)
An unknown service runs on this port.
It is sometimes opened by this/these Trojan horse(s):
The Prayer
Lateda.C
Beasty.I
Unless you know for sure what is behind it, you'd better
check your system
*** Anyway, don't panic, Nessus only found an open port. It may
*** have been dynamically allocated to some service (RPC...)
Solution: if a trojan horse is running, run a good antivirus scanner
Risk factor : Low
Nessus ID : 11157
Information found on port general/tcp
Nessus was not able to reliably identify the remote operating system. It might be:
Allot NetEnforcer
Linux Kernel 2.2
NetGear Router
OpenBSD 3.5
OpenBSD 3.6
The fingerprint differs from these known signatures on 3 points.
If you know what operating system this host is running, please send this signature to
os-signatures@nessus.org :
:1:1:1:255:1:255:1:0:255:1:0:255:1:>64:255:0:1:1:2:1:1:1:1:1:64:16060:MSTNW:0:1:1
($Revision: 1.119 $)
Nessus ID : 11936
Information found on port general/tcp
XX.XX.XX.XX resolves as name removed.
Nessus ID : 12053
Information found on port general/tcp
Information about this scan :
Nessus version : 2.2.6
Plugin feed version : 200602010815
Type of plugin feed : Registered (7 days delay)
Scanner IP : 217.157.28.35
Port scanner(s) : synscan nessus_tcp_scanner
Port range : 1-65535
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Max hosts : 20
Max checks : 4
Scan duration : unknown (ping_host.nasl not launched?)
Nessus ID : 19506
Information found on port general/icmp
Synopsis :
It is possible to determine the exact time set on the remote host.
Description :
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor :
None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)
CVE : CVE-1999-0524
Nessus ID : 10114