Security Issues and Fixes: 192.168.1.5 |
Type |
Port |
Issue and Fix |
Warning |
general/tcp |
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
Nessus ID : 11618 |
Informational |
general/tcp |
The remote host is up
Nessus ID : 10180 |
Informational |
general/tcp |
HTTP NIDS evasion functions are enabled.
You may get some false negative results
Nessus ID : 10890 |
Informational |
general/tcp |
The remote host is running Linux Kernel 2.4
Nessus ID : 11936 |
Vulnerability |
ftp (21/tcp) |
It was possible to kill the service by sending a single long
text line.
A cracker may be able to use this flaw to crash your software
or even execute arbitrary code on your system.
Risk factor : High
Nessus ID : 11175 |
Vulnerability |
ftp (21/tcp) |
It was possible to disable the remote FTP server
by connecting to it about 3000 times, with
one connection at a time.
If the remote server is running from within [x]inetd, this
is a feature and the FTP server should automatically be back
in a couple of minutes.
An attacker may use this flaw to prevent this
service from working properly.
Solution : If the remote server is GoodTech ftpd server,
download the newest version from http://www.goodtechsys.com.
BID : 2270
Risk factor : High
CVE : CAN-2001-0188
BID : 2270
Nessus ID : 10690 |
Informational |
ftp (21/tcp) |
An unknown service is running on this port.
It is usually reserved for FTP
Nessus ID : 10330 |
Informational |
ftp (21/tcp) |
This port was detected as being open by a port scanner but is now closed.
This service might have been crashed by a port scanner or by a plugin
Nessus ID : 10919 |
Vulnerability |
ssh (22/tcp) |
You are running a version of OpenSSH which is older than 3.7.1
Versions older than 3.7.1 are vulnerable to a flaw in the buffer management
functions which might allow an attacker to execute arbitrary commands on this
host.
An exploit for this issue is rumored to exist.
Note that several distribution patched this hole without changing
the version number of OpenSSH. Since Nessus solely relied on the
banner of the remote SSH server to perform this check, this might
be a false positive.
If you are running a RedHat host, make sure that the command :
rpm -q openssh-server
Returns :
openssh-server-3.1p1-13 (RedHat 7.x)
openssh-server-3.4p1-7 (RedHat 8.0)
openssh-server-3.5p1-11 (RedHat 9)
Solution : Upgrade to OpenSSH 3.7.1
See also : http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2
Risk factor : High
CVE : CAN-2003-0682, CAN-2003-0693, CAN-2003-0695
BID : 8628
Other references : RHSA:RHSA-2003:279, SuSE:SUSE-SA:2003:039
Nessus ID : 11837 |
Warning |
ssh (22/tcp) |
The remote SSH daemon supports connections made
using the version 1.33 and/or 1.5 of the SSH protocol.
These protocols are not completely cryptographically
safe so they should not be used.
Solution :
If you use OpenSSH, set the option 'Protocol' to '2'
If you use SSH.com's set the option 'Ssh1Compatibility' to 'no'
Risk factor : Low
Nessus ID : 10882 |
Informational |
ssh (22/tcp) |
An ssh server is running on this port
Nessus ID : 10330 |
Informational |
ssh (22/tcp) |
Remote SSH version : SSH-1.99-OpenSSH_3.6.1p2
Nessus ID : 10267 |
Informational |
ssh (22/tcp) |
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.33
. 1.5
. 1.99
. 2.0
SSHv1 host key fingerprint : fa:24:e1:c5:71:99:b6:a2:5a:91:56:be:82:99:4f:3e
SSHv2 host key fingerprint : 86:4a:33:2e:c3:26:f1:02:40:bd:ba:8e:bb:08:13:98
Nessus ID : 10881 |
Informational |
rpcbind (111/tcp) |
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
Nessus ID : 10223 |
Informational |
rpcbind (111/tcp) |
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111 |
Informational |
sometimes-rpc3 (32770/tcp) |
RPC program #100024 version 1 'status' is running on this port
Nessus ID : 11111 |
Informational |
sometimes-rpc3 (32770/tcp) |
This port was detected as being open by a port scanner but is now closed.
This service might have been crashed by a port scanner or by a plugin
Nessus ID : 10919 |
Warning |
sometimes-rpc5 (32771/tcp) |
The fam RPC service is running.
Several versions of this service have a well-known buffer overflow condition
that allows intruders to execute arbitrary commands as root on this system.
Solution : disable this service in /etc/inetd.conf
See also : http://www.nai.com/nai_labs/asp_set/advisory/16_fam_adv.asp
Risk factor : High
CVE : CVE-1999-0059
BID : 353
Nessus ID : 10216 |
Informational |
sometimes-rpc5 (32771/tcp) |
RPC program #391002 version 2 'sgi_fam' (fam) is running on this port
Nessus ID : 11111 |
Informational |
sunrpc (111/udp) |
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111 |
Warning |
filenet-tms (32768/udp) |
The statd RPC service is running. This service has a long history of
security holes, so you should really know what you are doing if you decide
to let it run.
*** No security hole regarding this program have been tested, so
*** this might be a false positive.
Solution : We suggest that you disable this service.
Risk factor : High
CVE : CVE-1999-0018, CVE-1999-0019, CVE-1999-0493
BID : 127, 450, 6831
Nessus ID : 10235 |
Informational |
filenet-tms (32768/udp) |
RPC program #100024 version 1 'status' is running on this port
Nessus ID : 11111 |
Warning |
general/icmp |
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
Nessus ID : 10114 |
Informational |
general/icmp |
Here is the route recorded between 192.168.1.2 and 192.168.1.5 :
192.168.1.5.
192.168.1.5.
Nessus ID : 12264 |
Informational |
general/udp |
For your information, here is the traceroute to 192.168.1.5 :
192.168.1.2
192.168.1.5
Nessus ID : 10287 |