HackJosecc.Net/ 0040755 0000000 0000000 00000000000 07735501723 012313 5 ustar root root HackJosecc.Net/ReporteNmap.txt 0100644 0000000 0000000 00000001031 07735501723 015300 0 ustar root root # nmap 192.168.123.6 Starting nmap 3.45 ( http://www.insecure.org/nmap/ ) at 2003-09-28 01:45 CDT Interesting ports on 192.168.123.6: (The 1646 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 9/tcp open discard 13/tcp open daytime 22/tcp open ssh 25/tcp open smtp 37/tcp open time 80/tcp open http 111/tcp open rpcbind 113/tcp open auth 139/tcp open netbios-ssn 515/tcp open printer 1024/tcp open kdm Nmap run completed -- 1 IP address (1 host up) scanned in 11.966 seconds HackJosecc.Net/ReporteNessus/ 0040750 0000000 0000000 00000000000 07735500552 015126 5 ustar root root HackJosecc.Net/ReporteNessus/report.nsr 0100644 0000000 0000000 00000022503 07735500552 017171 0 ustar root root 192.168.123.6|time (37/tcp)| 192.168.123.6|smtp (25/tcp)|10330|NOTE|A pop3pw server is running on this port; 192.168.123.6|smtp (25/tcp)|11034|NOTE|For some reason, we could not send the EICAR test string to this MTA; 192.168.123.6|smtp (25/tcp)| 192.168.123.6|ssh (22/tcp)|11837|REPORT|;You are running a version of OpenSSH which is older than 3.7.1;;Versions older than 3.7.1 are vulnerable to a flaw in the buffer management;functions which might allow an attacker to execute arbitrary commands on this ;host.;;An exploit for this issue is rumored to exist.;;;Note that several distribution patched this hole without changing;the version number of OpenSSH. Since Nessus solely relied on the;banner of the remote SSH server to perform this check, this might;be a false positive.;;If you are running a RedHat host, make sure that the command :; rpm -q openssh-server; ;Returns :; openssh-server-3.1p1-13 (RedHat 7.x); openssh-server-3.4p1-7 (RedHat 8.0); openssh-server-3.5p1-11 (RedHat 9);;Solution : Upgrade to OpenSSH 3.7.1;See also : http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2; http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2;Risk factor : High;CVE : CAN-2003-0693, CAN-2003-0695;BID : 8628; 192.168.123.6|ssh (22/tcp)|11712|INFO|;You are running OpenSSH-portable 3.6.1 or older.;;There is a flaw in this version which may allow an attacker to;bypass the access controls set by the administrator of this server.;;OpenSSH features a mechanism which can restrict the list of;hosts a given user can log from by specifying a pattern;in the user key file (ie: *.mynetwork.com would let a user;connect only from the local network).;;However there is a flaw in the way OpenSSH does reverse DNS lookups.;If an attacker configures his DNS server to send a numeric IP address;when a reverse lookup is performed, he may be able to circumvent;this mechanism.;;Solution : Upgrade to OpenSSH 3.6.2 when it comes out;Risk Factor : Low;CVE : CAN-2003-0386;BID : 7831; 192.168.123.6|ssh (22/tcp)|11574|INFO|;You are running OpenSSH-portable 3.6.1p1 or older.;;If PAM support is enabled, an attacker may use a flaw in this version;to determine the existence or a given login name by comparing the times;the remote sshd daemon takes to refuse a bad password for a non-existant;login compared to the time it takes to refuse a bad password for a;valid login.;;An attacker may use this flaw to set up a brute force attack against;the remote host.;;*** Nessus did not check whether the remote SSH daemon is actually;*** using PAM or not, so this might be a false positive;;Solution : Upgrade to OpenSSH-portable 3.6.1p2 or newer;Risk Factor : Low;CVE : CAN-2003-0190;BID : 7482, 7467, 7342; 192.168.123.6|ssh (22/tcp)|10267|NOTE|Remote SSH version : SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1;; 192.168.123.6|ssh (22/tcp)|10881|NOTE|The remote SSH daemon supports the following versions of the;SSH protocol :;; . 1.99; . 2.0;; 192.168.123.6|daytime (13/tcp)|10052|INFO|The daytime service is running.;The date format issued by this service;may sometimes help an attacker to guess;the operating system type. ;;In addition to that, when the UDP version of;daytime is running, an attacker may link it ;to the echo port using spoofing, thus creating;a possible denial of service.;;Solution : disable this service in /etc/inetd.conf.;;Risk factor : Low;CVE : CVE-1999-0103; 192.168.123.6|discard (9/tcp)|11367|INFO|The 'discard' port is open. This port is;not of any use nowadays, and may be a source of problems, ;;Solution : comment out 'discard' in /etc/inetd.conf;;Risk factor : Low;CVE : CAN-1999-0636; 192.168.123.6|http (80/tcp)|11793|REPORT|;The remote host appears to be running a version of;Apache which is older than 1.3.28;;There are several flaws in this version, which may allow;an attacker to disable the remote server remotely.;You should upgrade to 1.3.28 or newer.;;*** Note that Nessus solely relied on the version number;*** of the remote server to issue this warning. This might;*** be a false positive;;Solution : Upgrade to version 1.3.28;See also : http://www.apache.org/dist/httpd/Announcement.html;Risk factor : High;CVE : CAN-2003-0460;BID : 8226; 192.168.123.6|http (80/tcp)|11213|INFO|;Your webserver supports the TRACE and/or TRACK methods. It has been;shown that servers supporting this method are subject;to cross-site-scripting attacks, dubbed XST for;'Cross-Site-Tracing', when used in conjunction with;various weaknesses in browsers.;;An attacker may use this flaw to trick your;legitimate web users to give him their ;credentials.;;Solution: Disable these methods.;;;If you are using Apache, add the following lines for each virtual;host in your configuration file :;; RewriteEngine on; RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK); RewriteRule .* - [F];;If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE;requests or to permit only the methods needed to meet site requirements;and policy.;;;;See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf; http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html;;Risk factor : Medium; 192.168.123.6|http (80/tcp)|11137|INFO|;The remote host appears to be running a version of;Apache which is older than 1.3.27;;There are several flaws in this version, you should;upgrade to 1.3.27 or newer.;;*** Note that Nessus solely relied on the version number;*** of the remote server to issue this warning. This might;*** be a false positive;;Solution : Upgrade to version 1.3.27;See also : http://www.apache.org/dist/httpd/Announcement.html;Risk factor : Medium;CVE : CAN-2002-0839, CAN-2002-0840, CAN-2002-0843;BID : 5847, 5884, 5995, 5996; 192.168.123.6|http (80/tcp)|10330|NOTE|A web server is running on this port; 192.168.123.6|http (80/tcp)|10107|NOTE|The remote web server type is :;;Apache/1.3.26 (Unix) Debian GNU/Linux ;;;Solution : You can set the directive 'ServerTokens Prod' to limit;the information emanating from the server in its response headers.; 192.168.123.6|auth (113/tcp)|10021|INFO|The 'ident' service provides sensitive information;to potential attackers. It mainly says which accounts are running which;services. This helps attackers to focus on valuable services [those;owned by root]. If you don't use this service, disable it.;;Risk factor : Low;;Solution : comment out the 'auth' or 'ident' line in /etc/inetd.conf;CVE : CAN-1999-0629; 192.168.123.6|sunrpc (111/tcp)|10223|NOTE|;The RPC portmapper is running on this port.;;An attacker may use it to enumerate your list;of RPC services. We recommend you filter traffic;going to this port.;;Risk factor : Low;CVE : CAN-1999-0632, CVE-1999-0189;BID : 205; 192.168.123.6|sunrpc (111/tcp)| 192.168.123.6|netbios-ssn (139/tcp)|11523|REPORT|;The remote Samba server is vulnerable to a buffer overflow;when it processes the function trans2open().;;An attacker may exploit this flaw to gain a root shell on;this host.;;Solution : upgrade to Samba 2.2.9;Risk factor : High;CVE : CAN-2003-0201, CAN-2003-0196;BID : 7294; 192.168.123.6|printer (515/tcp)|10330|NOTE|A LPD server seems to be running on this port; 192.168.123.6|printer (515/tcp)| 192.168.123.6|kdm (1024/tcp)| 192.168.123.6|general/tcp|11618|INFO|;The remote host does not discard TCP SYN packets which;have the FIN flag set.;;Depending on the kind of firewall you are using, an;attacker may use this flaw to bypass its rules.;;See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html; http://www.kb.cert.org/vuls/id/464113; ;Solution : Contact your vendor for a patch;Risk factor : Medium;BID : 7487; 192.168.123.6|general/tcp|11268|NOTE|Remote OS guess : Linux 2.1.19 - 2.2.20;;CVE : CAN-1999-0454; 192.168.123.6|netbios-ns (137/udp)|10150|INFO|. The following 7 NetBIOS names have been gathered :; MERLIN = This is the computer name registered for workstation services by a WINS client.; MERLIN = This is the current logged in user registered for this workstation.; MERLIN ; __MSBROWSE__ ; HACK = Workgroup / Domain name; HACK ; HACK = Workgroup / Domain name (part of the Browser elections);;. This SMB server seems to be a SAMBA server (this is not a security;risk, this is for your information). This can be told because this server ;claims to have a null MAC address;;If you do not want to allow everyone to find the NetBios name;of your computer, you should filter incoming traffic to this port.;;Risk factor : Medium;CVE : CAN-1999-0621; 192.168.123.6|general/icmp|11197|REPORT|;The remote host is vulnerable to an 'Etherleak' -;the remote ethernet driver seems to leak bits of the;content of the memory of the remote operating system.;;Note that an attacker may take advantage of this flaw;only when its target is on the same physical subnet.;;See also : http://www.atstake.com/research/advisories/2003/a010603-1.txt ;Solution : Contact your vendor for a fix;Risk factor : Serious;CVE : CAN-2003-0001;BID : 6535; 192.168.123.6|general/icmp|10114|INFO|;The remote host answers to an ICMP timestamp request. This allows an attacker ;to know the date which is set on your machine. ;;This may help him to defeat all your time based authentication protocols.;;Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP ;timestamp replies (14).;;Risk factor : Low;CVE : CAN-1999-0524; 192.168.123.6|general/udp|10287|NOTE|For your information, here is the traceroute to 192.168.123.6 : ;?;192.168.123.6;; 192.168.123.6|general/udp| HackJosecc.Net/ReporteNessus/index.html 0100644 0000000 0000000 00000002540 07735500552 017126 0 ustar root root
The Nessus Security Scanner was used to assess the security of 1 host
Host name | Notes |
192.168.123.6 | (found 4 security holes) |