Return to the 2006 Operating System Vulnerability Summary on OmniNerd
List of hosts
192.168.1.2High Severity problem(s) found

[^] Back

192.168.1.2


Scan time :
Start time : Tue Feb 20 21:59:13 2007
End time : Tue Feb 20 22:19:46 2007
Number of vulnerabilities :
Open ports : 3
Low : 7
Medium : 1
High : 4

Information about the remote host :

Operating system : Mac OS 9
NetBIOS name : (unknown)
DNS name : (unknown)

[^] Back to 192.168.1.2

Port afpovertcp (548/tcp)
AppleShare IP Server status query

Synopsis :

File sharing service is available.

Description :

The remote host is running an AppleShare IP file service.
By sending DSIGetStatus request on tcp port 548, it was
possible to disclose information about the remote host.

Risk factor :

None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)

Plugin output :

This host is running an AppleShare File Services over IP.
Machine type: Macintosh
Server name: PowerPC 896.0MB
UAMs: No User Authent/Cleartxt passwrd/Randnum exchange/2-Way Randnum exchange
AFP Versions: AFPVersion 1.1/AFPVersion 2.0/AFPVersion 2.1/AFP2.2

This AppleShare File Server allows the "guest" user to connect

Nessus ID : 10666

[^] Back to 192.168.1.2

Port general/udp
Traceroute
For your information, here is the traceroute from 192.168.1.250 to 192.168.1.2 :
192.168.1.250
192.168.1.2


Nessus ID : 10287

[^] Back to 192.168.1.2

Port http (80/tcp)
Services
A web server is running on this port

Nessus ID : 10330
HMAP
Nessus was not able to reliably identify this server. It might be:
MacOS PersonalNetFinder
The fingerprint differs from these known signatures on 7 point(s)


Nessus ID : 11919
HTTP Server type and version
The remote web server type is :

Web Sharing


Nessus ID : 10107
Oracle Application Server Overflow

It may be possible to make a web server execute
arbitrary code by sending it a too long url after
/jsp.
Ie:
GET /jsp/AAAA.....AAAAA

Risk factor : High
Solution : Contact your vendor for the latest software release.
CVE : CVE-2001-0419
BID : 2569

Nessus ID : 10654
Infinite HTTP request
It was possible to kill the web server by
sending an invalid 'infinite' HTTP request that never ends.

A cracker may exploit this vulnerability to make your web server
crash continually or even execute arbirtray code on your system.

Solution : upgrade your software or protect it with a filtering reverse proxy
Risk factor : High
BID : 2465

Nessus ID : 11084
Format string on HTTP header value

The remote web server seems to be vulnerable to a format string attack
on HTTP 1.0 header value.
An attacker might use this flaw to make it crash or even execute
arbitrary code on this host.


Solution : upgrade your software or contact your vendor and inform him
of this vulnerability

Risk factor : High

Nessus ID : 15642

[^] Back to 192.168.1.2

Port eppc (3031/tcp)

[^] Back to 192.168.1.2

Port general/tcp
IP protocols scan
The following IP protocols are accepted on this host:
1 ICMP
2 IGMP
6 TCP
17 UDP


Nessus ID : 14788
OS Identification
The remote host is running Mac OS 9

Nessus ID : 11936
spank.c

Your machine answers to TCP packets that are coming from a multicast
address. This is known as the 'spank' denial of service attack.

An attacker might use this flaw to shut down this server and
saturate your network, thus preventing you from working properly.
This also could be used to run stealth scans against your machine.

Solution : contact your operating system vendor for a patch.
Filter out multicast addresses (224.0.0.0/4)

Risk factor : Medium

Nessus ID : 11901
Land
It was possible to make the remote server crash
using the 'land' attack.

An attacker may use this flaw to shut down this server, thus
preventing your network from working properly.

Solution : contact your operating
system vendor for a patch.

Risk factor : High
CVE : CVE-1999-0016
BID : 2666

Nessus ID : 10133