Return to the 2006 Operating System Vulnerability Summary on OmniNerd

List of hosts

192.168.1.6

High Severity problem(s) found

192.168.1.6

Scan time :

Start time :	Wed Feb 28 00:07:27 2007
End time :	Wed Feb 28 00:32:42 2007

Number of vulnerabilities :

Open ports :	185
Low :	55
Medium :	5
High :	4

Information about the remote host :

Operating system :	Sun Solaris 10, Sun Solaris 9
NetBIOS name :	(unknown)
DNS name :	(unknown)

[^] Back to 192.168.1.6

Port unknown (32797/udp)

[^] Back to 192.168.1.6

Port sometimes-rpc19 (32778/tcp)

[^] Back to 192.168.1.6

Port unknown (32792/tcp)

rpcinfo -p
RPC program #100002 version 2 'rusersd' (rusers) is running on this port RPC program #100002 version 3 'rusersd' (rusers) is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port finger (79/tcp)

Services
A finger server seems to be running on this port Nessus ID : 10330

Finger redirection check

The remote finger service accepts to redirect requests. That is, users can
perform requests like :

finger user@host@victim

This allows an attacker to use this computer as a relay to gather information
on a third party network.

Solution: Disable the remote finger daemon (comment out the 'finger' line
in /etc/inetd.conf and restart the inetd process) or upgrade it to a more
secure one.

Risk factor : Low
CVE : CVE-1999-0105, CVE-1999-0106

Nessus ID : 10073

Finger

The 'finger' service provides useful information to attackers, since it allows
them to gain usernames, check if a machine is being used, and so on...

Here is the output we obtained for 'root' :

Login Name TTY Idle When Where
root Super-User console 7 Wed 00:03 :0

Solution : comment out the 'finger' line in /etc/inetd.conf
Risk factor : Low
CVE : CVE-1999-0612
Other references : OSVDB:11451

Nessus ID : 10068

[^] Back to 192.168.1.6

Port smtp (25/tcp)

Services
An SMTP server is running on this port Here is its banner : 220 unknown ESMTP Sendmail 8.13.7+Sun/8.13.7; Wed, 28 Feb 2007 00:07:29 -0500 (EST) Nessus ID : 10330

SMTP server accepts us
The SMTP server on this port rejects our HELO requests. This means that it is unavailable because the Nessus server IP is not authorized or blacklisted, or that the hostname is not consistent with the IP. Nessus tests will be incomplete. You may try to scan your MTA from an authorized IP or fix the nessus hostname and rescan this server. Nessus ID : 18528

smtpscan
smtpscan was not able to reliably identify this server. It might be: Sendmail 8.10.2/8.10.2 -554- The fingerprint differs from these known signatures on 1 point(s) Nessus ID : 11421

SMTP Server Detection

Synopsis :

An SMTP server is listening on the remote port.

Description :

The remote host is running a mail (SMTP) server on this port.

Since SMTP servers are the targets of spammers, it is recommended you
disable it if you do not use it.

Solution :

Disable this service if you do not use it, or filter incoming traffic
to this port.

Risk factor :

None

Plugin output :

Remote SMTP server banner :
220 unknown ESMTP Sendmail 8.13.7+Sun/8.13.7; Wed, 28 Feb 2007 00:07:29 -0500 (EST)

Nessus ID : 10263

EXPN and VRFY commands

The remote SMTP server answers to the EXPN and/or VRFY commands.

The EXPN command can be used to find the delivery address of mail aliases, or
even the full name of the recipients, and the VRFY command may be used to check the validity of an account.

Your mailer should not allow remote users to use any of these commands,
because it gives them too much information.

Solution : if you are using Sendmail, add the option :

O PrivacyOptions=goaway

in /etc/sendmail.cf.

Risk factor : Low
CVE : CVE-1999-0531
Other references : OSVDB:12551

Nessus ID : 10249

[^] Back to 192.168.1.6

Port sunrpc (111/udp)

rpcinfo -p
RPC program #100000 version 4 'portmapper' (portmap sunrpc rpcbind) is running on this port RPC program #100000 version 3 'portmapper' (portmap sunrpc rpcbind) is running on this port RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port unknown (32794/tcp)

rpcinfo -p
RPC program #100083 version 1 is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port unknown (32814/udp)

rpcinfo -p
RPC program #100002 version 2 'rusersd' (rusers) is running on this port RPC program #100002 version 3 'rusersd' (rusers) is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port unknown (32785/tcp)

[^] Back to 192.168.1.6

Port unknown (32792/udp)

rpcinfo -p
RPC program #100024 version 1 'status' is running on this port RPC program #100133 version 1 is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port ftp (21/tcp)

Services
An FTP server is running on this port. Here is its banner : 220 unknown FTP server ready. Nessus ID : 10330

FTP Server Detection
Synopsis : An FTP server is listening on this port Description : It is possible to obtain the banner of the remote FTP server by connecting to the remote port. Risk factor : None Plugin output : The remote FTP banner is : 220 unknown FTP server ready. Nessus ID : 10092

[^] Back to 192.168.1.6

Port lockd (4045/tcp)

rpcinfo -p
RPC program #100021 version 1 'nlockmgr' is running on this port RPC program #100021 version 2 'nlockmgr' is running on this port RPC program #100021 version 3 'nlockmgr' is running on this port RPC program #100021 version 4 'nlockmgr' is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port unknown (32943/tcp)

[^] Back to 192.168.1.6

Port unknown (32816/tcp)

Sun rpc.cmsd overflow

The remote Sun rpc.cmsd has integer overflow problem in xdr_array. An attacker
may use this flaw to execute arbitrary code on this host with the privileges
rpc.cmsd is running as (typically, root), by sending a specially crafted
request to this service.

Solution : We suggest that you disable this service and apply a new patch.
Risk factor : High
CVE : CVE-2002-0391
BID : 5356
Other references : IAVA:2002-t-0015

Nessus ID : 11418

[^] Back to 192.168.1.6

Port bootpc (68/udp)

[^] Back to 192.168.1.6

Port sometimes-rpc23 (32780/tcp)

[^] Back to 192.168.1.6

Port unknown (16161/udp)

[^] Back to 192.168.1.6

Port unknown (32794/udp)

rpcinfo -p
RPC program #300598 version 1 is running on this port RPC program #805306368 version 1 is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port unknown (32800/udp)

[^] Back to 192.168.1.6

Port unknown (910/udp)

[^] Back to 192.168.1.6

Port unknown (32811/udp)

[^] Back to 192.168.1.6

Port unknown (32816/udp)

rpcinfo -p
RPC program #100068 version 2 is running on this port RPC program #100068 version 3 is running on this port RPC program #100068 version 4 is running on this port RPC program #100068 version 5 is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port unknown (32796/tcp)

[^] Back to 192.168.1.6

Port unknown (32811/tcp)

[^] Back to 192.168.1.6

Port sunrpc (111/tcp)

RPC portmapper
The RPC portmapper is running on this port. An attacker may use it to enumerate your list of RPC services. We recommend you filter traffic going to this port. Risk factor : Low CVE : CVE-1999-0632, CVE-1999-0189 BID : 205 Nessus ID : 10223

rpcinfo -p
RPC program #100000 version 4 'portmapper' (portmap sunrpc rpcbind) is running on this port RPC program #100000 version 3 'portmapper' (portmap sunrpc rpcbind) is running on this port RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port sometimes-rpc26 (32786/udp)

[^] Back to 192.168.1.6

Port sometimes-rpc21 (32779/tcp)

rpcinfo -p
RPC program #300598 version 1 is running on this port RPC program #805306368 version 1 is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port xdmcp (177/udp)

X Display Manager Control Protocol (XDMCP)

The remote host is running XDMCP.

This protocol is used to provide X display connections for X terminals.
XDMCP is completely insecure, since the traffic and passwords are not
encrypted.

An attacker may use this flaw to capture all the keystrokes of the users
using this host through their X terminal, including passwords.

Also XDMCP is an additional login mechanism that you may not have been
aware was enabled, or may not be monitoring failed logins on.

Solution : Disable XDMCP
Risk factor : Medium

Nessus ID : 10891

[^] Back to 192.168.1.6

Port unknown (32796/udp)

rpcinfo -p
RPC program #100249 version 1 is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port unknown (32791/tcp)

[^] Back to 192.168.1.6

Port unknown (32938/tcp)

[^] Back to 192.168.1.6

Port ssh (22/tcp)

Services
An ssh server is running on this port Nessus ID : 10330

SSH Server type and version
Remote SSH version : SSH-2.0-Sun_SSH_1.1 Remote SSH supported authentication : gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive Nessus ID : 10267

SSH protocol versions supported
The remote SSH daemon supports the following versions of the SSH protocol : . 1.99 . 2.0 Nessus ID : 10881

[^] Back to 192.168.1.6

Port unknown (32813/udp)

[^] Back to 192.168.1.6

Port unknown (32793/tcp)

[^] Back to 192.168.1.6

Port unknown (32789/tcp)

[^] Back to 192.168.1.6

Port dtspcd (6112/tcp)

[^] Back to 192.168.1.6

Port unknown (32791/udp)

[^] Back to 192.168.1.6

Port unknown (32782/udp)

[^] Back to 192.168.1.6

Port smc-http (6788/tcp)

Services
A web server is running on this port Nessus ID : 10330

HMAP
Nessus was not able to reliably identify this server. It might be: Apache Tomcat 4.2.24 The fingerprint differs from these known signatures on 6 point(s) Nessus ID : 11919

HTTP Server type and version
The remote web server type is : Apache-Coyote/1.1 and the 'ServerTokens' directive is ProductOnly Apache does not permit to hide the server type. Nessus ID : 10107

[^] Back to 192.168.1.6

Port general/udp

Traceroute
For your information, here is the traceroute from 192.168.1.250 to 192.168.1.6 : 192.168.1.250 192.168.1.6 Nessus ID : 10287

[^] Back to 192.168.1.6

Port sometimes-rpc25 (32786/tcp)

rpcinfo -p
RPC program #100229 version 1 is running on this port RPC program #100229 version 2 is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port unknown (32793/udp)

[^] Back to 192.168.1.6

Port sometimes-rpc27 (32787/tcp)

[^] Back to 192.168.1.6

Port login (513/tcp)

Rlogin Server Detection

Synopsis :

The rlogin service is listening on the remote port.

Description :

The remote host is running the 'rlogin' service. This service is dangerous in
the sense that it is not ciphered - that is, everyone can sniff the data that
passes between the rlogin client and the rloginserver. This includes logins
and passwords.

Also, it may allow poorly authenticated logins without passwords. If the
host is vulnerable to TCP sequence number guessing (from any network)
or IP spoofing (including ARP hijacking on a local network) then it may
be possible to bypass authentication.

Finally, rlogin is an easy way to turn file-write access into full logins
through the .rhosts or rhosts.equiv files.

You should disable this service and use ssh instead.

Solution :

Comment out the 'login' line in /etc/inetd.conf

Risk factor :

Low / CVSS Base Score : 2
(AV:R/AC:H/Au:R/C:P/A:N/I:N/B:C)
CVE : CVE-1999-0651

Nessus ID : 10205

[^] Back to 192.168.1.6

Port unknown (32784/tcp)

rpcinfo -p
RPC program #100422 version 1 is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port unknown (32815/udp)

[^] Back to 192.168.1.6

Port unknown (32795/tcp)

[^] Back to 192.168.1.6

Port shell (514/tcp)

Rsh Server Detection

Synopsis :

The rsh service is running.

Description :

The remote host is running the 'rsh' service. This service is dangerous in
the sense that it is not ciphered - that is, everyone can sniff the data
that passes between the rsh client and the rsh server. This includes logins
and passwords.

Also, it may allow poorly authenticated logins without passwords. If the
host is vulnerable to TCP sequence number guessing (from any network)
or IP spoofing (including ARP hijacking on a local network) then it may
be possible to bypass authentication.

Finally, rsh is an easy way to turn file-write access into full logins
through the .rhosts or rhosts.equiv files.

You should disable this service and use ssh instead.

Solution :

Comment out the 'rsh' line in /etc/inetd.conf

Risk factor :

Low / CVSS Base Score : 2
(AV:R/AC:H/Au:R/C:P/A:N/I:N/B:C)
CVE : CVE-1999-0651

Nessus ID : 10245

[^] Back to 192.168.1.6

Port smc-https (6789/tcp)

Service Identification (2nd pass)
An unknown server is running on top of SSL/TLS on this port. You should change find_service preferences to look for SSL based services and restart your scan. Because of Nessus architecture, it is now too late to properly identify this service. Nessus ID : 11153

[^] Back to 192.168.1.6

Port unknown (32810/tcp)

rpcinfo -p
RPC program #1289637086 version 5 is running on this port RPC program #1289637086 version 1 is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port filenet-rpc (32769/udp)

[^] Back to 192.168.1.6

Port filenet-tms (32768/udp)

[^] Back to 192.168.1.6

Port filenet-nch (32770/udp)

[^] Back to 192.168.1.6

Port unknown (32817/udp)

[^] Back to 192.168.1.6

Port snmp (161/udp)

Obtain system info type via SNMP

Synopsis :

The System Information of the remote host can be obtained via SNMP.

Description :

It is possible to obtain the system information about the remote
host by sending SNMP requests with the OID 1.3.6.1.2.1.1.1.

An attacker may use this information to gain more knowledge about
the target host.

Solution :

Disable the SNMP service on the remote host if you do not use it,
or filter incoming UDP packets going to this port.

Risk factor :

Low

Plugin output :

System information :
sysDescr : SunOS unknown 5.10 Generic_118855-33 i86pc
sysObjectID : 1.3.6.1.4.1.8072.3.2.3
sysUptime : 0d 1h 6m 8s
sysContact : "System administrator"
sysName : unknown
sysLocation : "System administrators office"
sysServices : 72

Nessus ID : 10800

Obtain network interfaces list via SNMP

Synopsis :

The list of network interfaces cards of the remote host can be obtained via
SNMP.

Description :

It is possible to obtain the list of the network interfaces installed
on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.2.1.0

An attacker may use this information to gain more knowledge about
the target host.

Solution :

Disable the SNMP service on the remote host if you do not use it,
or filter incoming UDP packets going to this port.

Risk factor :

Low

Plugin output :

Interface 1 information :
ifIndex : 1
ifDescr : lo0
ifPhysAddress :

Interface 2 information :
ifIndex : 2
ifDescr : bge0
ifPhysAddress : 001422f82806

Nessus ID : 10551

Default community names of the SNMP Agent

Synopsis :

The community name of the remote SNMP server can be guessed.

Description :

It is possible to obtain the default community names of the remote
SNMP server.

An attacker may use this information to gain more knowledge about
the remote host, or to change the configuration of the remote
system (if the default community allow such modifications).

Solution :

Disable the SNMP service on the remote host if you do not use it,
filter incoming UDP packets going to this port, or change the
default community string.

Risk factor :

High

Plugin output :

The remote SNMP server replies to the following default community
strings :

public

CVE : CVE-1999-0517, CVE-1999-0186, CVE-1999-0254, CVE-1999-0516
BID : 11237, 10576, 177, 2112, 6825, 7081, 7212, 7317, 9681, 986
Other references : IAVA:2001-B-0001

Nessus ID : 10264

Obtain processes list via SNMP

Synopsis :

The list of processes running on the remote host can be obtained via SNMP.

Description :

It is possible to obtain the list of running processes on the remote
host by sending SNMP requests with the OID 1.3.6.1.2.1.25.4.2.1.2

An attacker may use this information to gain more knowledge about
the target host.

Solution :

Disable the SNMP service on the remote host if you do not use it,
or filter incoming UDP packets going to this port.

Risk factor :

Low

Plugin output :

sched
init
pageout
fsflush
svc.startd
svc.configd
dhcpagent
in.ndpd
syseventd
devfsadmd
kcfd
picld
nscd
powerd
snmpd
snmpdx
cron
rpcbind
nfs4cbd
nfsmapid
statd
dmispd
snmpXdmid
lockd
sac
utmpd
ttymon
smcboot
smcboot
smcboot
inetd
vold
automountd
automountd
sshd
syslogd
fmd
dtlogin
fbconsole
java
sendmail
sendmail
Xsun
dtlogin
ksh
speckeysd
sdt_shell
-sh
dsdm
ttsession
dtsession
dtwm
sh
rpc.ttdbserverd
dtfile
sdtperfmeter
ksh
rpc.rstatd
cat
dtfile
java
xfs
rpc.metad
ttymon
gconfd-2
ksh
sh
mozilla-bin
rpc.rusersd
rpc.metamhd
rpc.metamedd
rpc.mdcommd
<exited>

Nessus ID : 10550

Obtain installed software via SNMP

Synopsis :

The list of software installed on the remote host can be obtained via SNMP.

Description :

It is possible to obtain the list of installed softwares on the
remote host by sending SNMP requests with the OID 1.3.6.1.2.1.25.6.3.1.2

An attacker may use this information to gain more knowledge about
the target host.

Solution :

Disable the SNMP service on the remote host if you do not use it,
or filter incoming UDP packets going to this port.

Risk factor :

None

Plugin output :

SUNWocfd
SUNWcsu
SUNWcsr
SUNWcsl
SUNWcnetr
SUNWckr
SUNWkvm
SUNWcar
SUNWcakr
SUNWjdmk-base
SUNWcsd
SUNWlibmsr
SUNWlibms
SUNWzlib
SUNWlxml
SUNWlxsl
SUNWxwrtl
SUNWxwdv
SUNWperl584core
SUNWperl584usr
SUNWesu
SUNWcpp
SUNWdtcor
SUNWbzip
SUNWxwfnt
SUNWxwice
SUNWxwplr
SUNWxwplt
SUNWTiff
SUNWjpg
SUNWlibpopt
SUNWfreetype2
SUNWgnome-base-libs-root
SUNWgnome-base-libs-share
SUNWxorg-clientlibs
SUNWlexpt
SUNWfontconfig-root
SUNWfontconfig
SUNWpng
SUNWgnome-base-libs
SUNWgnome-component-root
SUNWgnome-component
SUNWgnome-config-root
SUNWgnome-config-share
SUNWgnome-config
SUNWgnome-vfs-root
SUNWgnome-vfs-share
SUNWgcmn
SUNWsmbar
SUNWsmbau
SUNWgnome-vfs
SUNWlibexif
SUNWgnome-a11y-base-libs
SUNWgnome-audio
SUNWgnome-libs-root
SUNWgnome-libs-share
SUNWgnome-libs
SUNWgnome-help-viewer-share
SUNWgnome-help-viewer
SUNWxwcft
SUNWctpls
SUNWxwopt
SUNWmfrun
SUNWdtbas
SUNWgzip
SUNWdtdte
SUNWgttf
SUNWxwacx
SUNWadmlib-sysid
SUNWadmr
SUNWadmap
SUNWccccrr
SUNWccccr
SUNWccfw
SUNWccsign
SUNWcsmauth
SUNWcacaort
SUNWscn-base-r
SUNWscn-base
SUNWcslr
SUNWsamr
SUNWsam
SUNWscnprmr
SUNWscnprm
SUNWscnsom
SUNWsensor
SUNWbrg
SUNWdtdmr
SUNWtltk
SUNWdtdmn
SUNWdticn
SUNWdtab
SUNWlibC
SUNWj3rt
SUNWadmj
SUNWjsnmp
SUNWwbapi
SUNWaudit
SUNWwbcou
SUNWj3dev
SUNWj5rt
SUNWjhrt
SUNWmccom
SUNWmcc
SUNWmc
SUNWwbmc
SUNWmcdev
SUNWwbcor
SUNWwbpro
SUNWmga
SUNWinstall-patch-utils-root
SUNWopenssl-libraries
SUNWwbsup
SUNWswmt
SUNWmdr
SUNWmdu
SUNWadmc
SUNWtftp
SUNWbsr
SUNWbsu
SUNWnfsckr
SUNWnfscr
SUNWnfscu
SUNWnfssu
SUNWdclnt
SUNWjdsrm
SUNWdtjxt
SUNWgssc
SUNWgss
SUNWkrbr
SUNWkrbu
SUNWbip
SUNWtnetc
SUNWrcmdc
SUNWrcmds
SUNWscpr
SUNWscpu
SUNWjmf
SUNWdtscm
SUNWdtdst
SUNWdtezt
SUNWdhcsr
SUNWdhcsu
SUNWdhcm
SUNWdthe
SUNWdthev
SUNWdthez
SUNWdtim
SUNWdtwm
SUNWpmu
SUNWpmr
SUNWpmowr
SUNWpmowu
SUNWfdl
SUNWmoznspr
SUNWmozilla
SUNWlccom
SUNW5xmft
SUNWfsmgtu
SUNWfsmgtr
SUNWdmgtr
SUNWdmgtu
SUNWlvma
SUNWlvmr
SUNWlvmg
SUNWmgapp
SUNWrmui
SUNWxorg-xkb
SUNWgnome-panel-root
SUNWgnome-panel-share
SUNWgnome-panel
SUNWswupcl
SUNW5ttf
SUNWocfr
SUNWocf
SUNWxwsvr
SUNWxcu4
SUNWladm
SUNWjhdev
SUNWj5dev
SUNWtcatu
SUNWmconr
SUNWjato
SUNWmctag
SUNWmcon
SUNWxilrl
SUNWxildh
SUNWxilow
SUNWolrte
SUNWpdas
SUNWppror
SUNWpprou
SUNWsadml
SUNWscgui
SUNWsndmr
SUNWhttf
SUNWsndmu
SUNWgnome-terminal-share
SUNWgnome-terminal
SUNWgnome-terminal-devel
SUNWcctpx
SUNWccinv
SUNWupdatemgru
SUNWgnome-terminal-devel-share
SUNWgnome-terminal-root
SUNWwbdev
SUNWproduct-registry-root
SUNWwsr2
SUNWwsrv
SUNWgnome-text-editor-root
SUNWgnome-text-editor-share
SUNWgnome-file-mgr-root
SUNWgnome-file-mgr-share
SUNWgnome-print-root
SUNWgnome-print-share
SUNWpcr
SUNWpcu
SUNWscplp
SUNWgnome-print
SUNWgnome-file-mgr
SUNWgnome-text-editor
SUNWxwman
SUNWgnome-text-editor-devel
SUNWzfsgr
SUNWzfskr
SUNWzfsr
SUNWsmapi
SUNWzfsu
SUNWmcos
SUNWmcosx
SUNWzfsgu
SUNWeurf
SUNWi13rf
SUNWi15rf
SUNWgnome-themes-share
SUNWgnome-themes
SUNWi2rf
SUNWi5rf
SUNWi7rf
SUNWi9rf
SUNWgnome-ui-designer-share
SUNWgnome-ui-designer
SUNWiiimr
SUNWgnome-user-docs
SUNWiiimu
SUNWgnome-utility-applets-root
SUNWgnome-utility-applets-share
SUNWgnome-utility-applets
SUNWgnome-vfs-devel
SUNWgnome-vfs-devel-share
SUNWrsg
SUNWinttf
SUNWgnome-wm-root
SUNWgnome-wm-share
SUNWgnome-wm
SUNWgnome-wm-devel
SUNWgnome-xml-share
SUNWgnome-xml-root
SUNWlibgcrypt
SUNWgnutls
SUNWgnutls-devel
SUNWgpch
SUNWgrub
SUNWgsfot
SUNWgsfst
SUNWhpijs
SUNWgimpprint
SUNWgscr
SUNWdthed
SUNWgssdh
SUNWgssk
SUNWgtar
SUNWadmfr
SUNWadmfw
SUNWlur
SUNWluu
SUNWhea
SUNWhiu8
SUNWspl
SUNWi1of
SUNWj3man
SUNWi4rf
SUNWj5man
SUNWsom
SUNWsogm
SUNWiquc
SUNWiqr
SUNWiqu
SUNWant
SUNWasu
SUNWi8rf
SUNWpsf
SUNWib
SUNWibhca
SUNWicu
SUNWicud
SUNWidnl
SUNWidnd
SUNWidnu
SUNWGlib
SUNWGtkr
SUNWGtku
SUNWimagick
SUNWiniu8
SUNWinst
SUNWintgige
SUNWipc
SUNWipfh
SUNWipfr
SUNWipfu
SUNWdtma
SUNWipmi
SUNWdoc
SUNWipoib
SUNWdtct
SUNWpapi
SUNWippcore
SUNWapchr
SUNWipplr
SUNWjxmft
SUNWipplu
SUNWman
SUNWiqfs
SUNWiqum
SUNWiqdoc
SUNWpmowm
SUNWiqjx
SUNWiscsir
SUNWjaf
SUNWjmail
SUNWiscsiu
SUNWloc
SUNWislcc
SUNWisolc
SUNWixgb
SUNWj3cfg
SUNWj3dmo
SUNWspnego
SUNWj3irt
SUNWsra
SUNWsprot
SUNWsrh
SUNWsshcu
SUNWtltkm
SUNWsshdr
SUNWj5cfg
SUNWsshdu
SUNWsshr
SUNWsshu
SUNWj5dmo
SUNWstsf
SUNWstsfr
SUNWswupclr
SUNWxim
SUNWtavor
SUNWtcatr
SUNWj5rtx
SUNWj5dmx
SUNWj5dvx
SUNWjxcft
SUNWxwfa
SUNWtcpd
SUNWtcsh
SUNWtxfnt
SUNWkxmft
SUNWarrf
SUNWcxmft
SUNWeuodf
SUNWtecla
SUNWter
SUNWpl5u
SUNWtexi
SUNWpr
SUNWtls
SUNWtftpr
SUNWtiu8
SUNWxwoft
SUNWprd
SUNWtlsd
SUNWjai
SUNWtlsu
SUNWjai-imageio
SUNWtltkd
SUNWtnamd
SUNWtnamr
SUNWjatodoc
SUNWjatodmo
SUNWos86r
SUNWrmodr
CADP160
SUNWxwpmn
SUNWtnetd
HPFC
SUNWtnetr
SUNWtnfc
NCRos86r
SUNWjavaapps
SK98sol
SKfp
SUNWtnfd
SUNW1251f
SUNWtoo
SUNWjdic
SUNW1394
SUNW1394h
SUNWucbt
SUNWjds-registration
SUNWudaplr
SUNWudaplu
SUNWudapltu
SUNWudapltr
SUNWjdsver
SUNWjhdoc
SUNWjhdem
SUNWudfr
SUNWudf
SUNWaudd
SUNWusb
SUNWusbs
SUNWuedg
SUNWugen
SUNWugenu
SUNWPython-share
SUNWTcl
SUNWTk
SUNWPython
SUNWuiu8
SUNWuium
SUNWPython-devel
SUNWjiu8
SUNWuksp
SUNWukspfw
SUNWulcf
SUNWjmfmp3
SUNWTiff-devel
SUNWupdatemgrr
SUNWTiff-devel-share
SUNWjpg-devel
SUNWjpg-devel-share
SUNWuprl
SUNWjre-config
SUNWa2psr
SUNWlibusb
SUNWusbccid
SUNWjre-config-plugin
SUNWbash
SUNWpsutils
SUNWa2psu
SUNWjss
SUNWusbu
SUNWaac
SUNWxi18n
SUNWuxlcf
SUNWaccr
SUNWvia823x
SUNWkdcr
SUNWvld
SUNWvldu
SUNWaccu
SUNWkdcu
SUNWaclg
SUNWvolr
SUNWkey
SUNWad810
SUNWkiu8
SUNWvolu
SUNWkoi8f
SUNWadp
SUNWradpu320
SUNWadpu320
SUNWagp
SUNWagph
SUNWlcl
SUNWamd8111s
SUNWamr
SUNWless
SUNWwbdoc
SUNWlibCf
SUNWapbas
SUNWlibexif-devel
SUNWapch2r
SUNWapch2u
SUNWapch2d
SUNWkttf
SUNWwebminr
SUNWlibgcrypt-devel
SUNWlibmr
SUNWlibm
SUNWwebminu
SUNWlibpopt-devel
SUNWlibpopt-devel-share
SUNWlibsasl
SUNWapchu
SUNWapchd
SUNWlibusbugen
SUNWllc
SUNWllcr
SUNWlldap
SUNWlpmsg
SUNWlsimega
SUNWapmsc
SUNWapoc
SUNWarc
SUNWapcj
SUNWbtool
SUNWapct
SUNWapdc
SUNWapdc-root
SUNWluxop
SUNWluzone
SUNWwgetr
SUNWwgetu
SUNWapoc-adapter-gconf
SUNWxcu4t
SUNWarcr
SUNWxcu6
SUNWxsvc
SUNWxf86
SUNWxge
SUNWascmn
SUNWasac
SUNWkxfnt
SUNWxilh
SUNWxorg-server
SUNWxorg-cfg
SUNWasdem
SUNWxorg-client-docs
SUNWxorg-client-programs
SUNWxorg-compatlinks
SUNWxorg-devel-docs
SUNWxorg-doc
SUNWxorg-graphics-ddx
SUNWxwinc
SUNWxorg-headers
SUNWxorg-mesa
SUNWxscreensaver-hacks
SUNWxscreensaver-hacks-gl
SUNWxwcsl
SUNWxwdim
SUNWxwdem
SUNWxwdxm
SUNWasjavadb
SUNWpostgr-libs
SUNWpostgr
SUNWasjdoc
SUNWxwfs
SUNWasman
SUNWaspell-share
SUNWaspell
SUNWxwhl
SUNWasr
SUNWmlib
SUNWrealplayer
SUNWaspell-devel
SUNWaspell-en-share
SUNWaspell-en
SUNWxwmod
SUNWast
SUNWxwpft
SUNWxwpls
SUNWasut
SUNWatfsr
SUNWxwscf
SUNWatfsu
SUNWxwslb
SUNWauda
SUNWxwsrc
SUNWxwsrv
SUNWaudf
SUNWxwssu
SUNWxwxst
SUNWxwxft
SUNWaudh
SUNWaudiohd
SUNWnisr
SUNWnisu
SUNWypr
SUNWypu
SUNWciu8
SUNWautoef
SUNWzebrar
SUNWav1394
SUNWzebrau
SUNWbart
SUNWbdb
SUNWbdbj
SUNWbindr
SUNWbind
SUNWzip
SUNWbinutils
SUNWzoner
SUNWpoolr
SUNWpool
SUNWzoneu
SUNWzsh
SUNWbipr
SYMhisl
SUNWgccruntime
SUNWbison
SUNWbnur
SUNWbnuu
SUNWbrgr
SUNWcpc
SUNWdfb
SUNWcadp
SUNWccccfg
SUNWcfcl
SUNWcfclr
SUNWccfwctrl
SUNWcdrw
SUNWcea
SUNWced
SUNWcedu
SUNWcfpl
SUNWcfplr
SUNWchxge
SUNWale
SUNWaled
SUNWcnsr
SUNWcnsu
SUNWcpcu
SUNWcqhpc
SUNWcstl
SUNWsolnm
SUNWppm
SUNWpsr
SUNWpsu
SUNWmp
SUNWctlu
SUNWdfbh
SUNWdhcsb
SUNWdpl
SUNWdtdem
SUNWdtinc
SUNWdtlog
SUNWdtmad
SUNWdtmaz
SUNWdtrc
SUNWdtrp
SUNWdvdrw
SUNWcttf
SUNWfctl
SUNWemlxs
SUNWemlxu
SUNWeuxwe
SUNWevolution-libs-share
SUNWevolution-libs
SUNWevolution-root
SUNWevolution-share
SUNWevolution
SUNWevolution-devel
SUNWevolution-devel-share
SUNWevolution-exchange-share
SUNWevolution-exchange
SUNWevolution-exchange-root
SUNWfcip
SUNWevolution-libs-devel
SUNWevolution-socs-connect-share
SUNWevolution-socs-connect
SUNWfac
SUNWfchbar
SUNWfchba
SUNWfcmdb
SUNWfcp
SUNWfcprt
SUNWfcsm
SUNWflexlex
SUNWffiltersr
SUNWffiltersu
SUNWflash-player-plugin
SUNWflexruntime
SUNWfmdr
SUNWfmd
SUNWfontconfig-docs
SUNWfppd
SUNWfsexam-root
SUNWfsexam
SUNWfss
SUNWftdur
SUNWftduu
SUNWftpr
SUNWftpu
SUNWfwdc
SUNWfwdcu
SUNWgcc
SUNWggrp
SUNWglow
SUNWglt
SUNWgm4
SUNWgmake
SUNWgnome-a11y-base-devel
SUNWgnome-a11y-base-devel-share
SUNWgnome-a11y-gok-share
SUNWgnome-a11y-libs
SUNWgnome-a11y-libs-share
SUNWgnome-a11y-speech-share
SUNWgnome-a11y-speech
SUNWgnome-a11y-gok
SUNWgnome-a11y-gok-root
SUNWgnome-a11y-libs-devel-share
SUNWgnome-audio-devel
SUNWgnome-libs-devel-share
SUNWgnome-libs-devel
SUNWgnome-a11y-libs-devel
SUNWgnome-a11y-poke-share
SUNWgnome-a11y-poke
SUNWgnome-a11y-reader
SUNWgnome-a11y-reader-devel
SUNWeuhed
SUNWgnome-a11y-reader-root
SUNWgnome-a11y-reader-share
SUNWgnome-a11y-speech-devel
SUNWgnome-archive-mgr-root
SUNWgnome-archive-mgr-share
SUNWgnome-archive-mgr
SUNWgnome-audio-devel-share
SUNWgnome-audio-root
SUNWgnome-audio-share
SUNWgnome-base-libs-devel-share
SUNWgnome-base-libs-devel
SUNWeu8df
SUNWeuhe
SUNWeuluf
SUNWeu8os
SUNWgnome-calculator-root
SUNWgnome-calculator-share
SUNWgnome-calculator
SUNWeudba
SUNWeudbd
SUNWeudda
SUNWeudhr
SUNWgnome-camera
SUNWeudhs
SUNWeudis
SUNWgnome-camera-devel
SUNWeudiv
SUNWgnome-camera-share
SUNWeudlg
SUNWeudmg
SUNWgnome-cd-root
SUNWgnome-cd-share
SUNWpiclr
SUNWgnome-freedb-libs-root
SUNWgnome-freedb-libs-share
SUNWgnome-freedb-libs
SUNWgnome-cd
SUNWeuezt
SUNWgnome-cd-burner
SUNWgnome-cd-burner-root
SUNWgnome-cd-burner-share
SUNWgnome-character-map-share
SUNWgnome-character-map
SUNWopensp
SUNWopenjade
SUNWperl-xml-parser
SUNWgnome-common-devel
SUNWgnome-common-devel-share
SUNWgnome-component-devel-share
SUNWgnome-component-devel
SUNWgnome-config-devel
SUNWgnome-config-devel-share
SUNWgnome-config-editor-share
SUNWgnome-config-editor
SUNWgnome-desktop-prefs-root
SUNWgnome-desktop-prefs-share
SUNWgnome-desktop-prefs
SUNWgnome-desktop-prefs-devel
SUNWgnome-dialog
SUNWgnome-dialog-share
SUNWgnome-dictionary-root
SUNWgnome-dictionary-share
SUNWgnome-dictionary
SUNWgnome-display-mgr-root
SUNWgnome-display-mgr-share
SUNWgnome-session
SUNWgnome-dtlogin-integration
SUNWgnome-display-mgr
SUNWgnome-file-mgr-devel
SUNWgnome-fonts
SUNWgnome-fun-applets-root
SUNWgnome-fun-applets-share
SUNWgnome-fun-applets
SUNWgnome-games
SUNWgnome-games-root
SUNWgnome-games-share
SUNWgnome-hex-editor-root
SUNWgnome-hex-editor-share
SUNWgnome-hex-editor
SUNWgnome-hex-editor-devel
SUNWgnome-im-client
SUNWgnome-im-client-share
SUNWgnome-img-editor-share
SUNWgnome-img-editor
SUNWgnome-img-editor-devel
SUNWgnome-img-editor-devel-share
SUNWgnome-img-editor-root
SUNWgnome-img-viewer-root
SUNWgnome-img-viewer-share
SUNWgnome-img-viewer
SUNWgnome-internet-applets-root
SUNWgnome-internet-applets-share
SUNWgnome-internet-applets
SUNWgnome-intranet-applets-root
SUNWgnome-intranet-applets-share
SUNWgnome-intranet-applets
SUNWmkcd
SUNWgnome-jdshelp-share
SUNWgnome-jdshelp
SUNWgnome-media-root
SUNWgnome-media-share
SUNWogg-vorbis
SUNWgnome-media
SUNWgnome-media-devel
SUNWgnome-media-devel-share
SUNWgnome-media-player
SUNWgnome-media-player-root
SUNWmozilla-devel
SUNWgnome-media-player-share
SUNWgnome-pilot-root
SUNWgnome-pilot-share
SUNWpltlk
SUNWgnome-pilot
SUNWgnome-mm-applets-root
SUNWgnome-mm-applets-share
SUNWgnome-mm-applets
SUNWgnome-panel-devel-share
SUNWgnome-panel-devel
SUNWgnome-pdf-viewer-root
SUNWgnome-pdf-viewer-share
SUNWgnome-pdf-viewer
SUNWgnome-perf-meter
SUNWgnome-perf-meter-root
SUNWpiclh
SUNWgnome-perf-meter-share
SUNWgnome-pilot-devel
SUNWgnome-pilot-devel-share
SUNWgnome-print-devel
SUNWgnome-print-devel-share
SUNWgnome-project
SUNWgnome-project-devel
SUNWgnome-project-devel-share
SUNWgnome-project-share
SUNWgnome-ps-viewer
SUNWgnome-ps-viewer-root
SUNWmibii
SUNWsasnm
SUNWsadmi
SUNWsacom
SUNWmipr
SUNWmipu
SUNWperl584man
SUNWgnome-ps-viewer-share
SUNWgnome-removable-media
SUNWgnome-removable-media-share
SUNWgnome-search-tool-root
SUNWgnome-search-tool-share
SUNWgnome-search-tool
SUNWgnome-session-root
SUNWgnome-session-share
SUNWgnome-sound-recorder-root
SUNWgnome-sound-recorder-share
SUNWgnome-sound-recorder
SUNWgnome-spell-share
SUNWgnome-spell
SUNWgnome-sys-suspend
SUNWmozgm
SUNWgnome-sys-suspend-share
SUNWmcex
SUNWmdar
SUNWmdau
SUNWmdb
SUNWmdbdm
SUNWmdbr
SUNWmddr
SUNWmfdev
SUNWmfman
SUNWmlibe
SUNWmlibh
SUNWmlibk
SUNWmlibl
SUNWmlibt
SUNWmozchat
SUNWmozdom-inspector
SUNWmozjs-debugger
SUNWmozmail
SUNWmoznss
SUNWmozpsm
SUNWmozspell
SUNWmozapoc-adapter
SUNWmoznspr-devel
SUNWmoznss-devel
SUNWmpapir
SUNWmpapi
SUNWpamsc
SUNWmpathadm
SUNWmpathadmr
SUNWmpsvplr
SUNWmv88sx
SUNWmysqlr
SUNWmysqlu
SUNWmysqlt
SUNWncar
SUNWncau
SUNWncft
SUNWnfsskr
SUNWnfssr
SUNWnge
SUNWntpr
SUNWntpu
SUNWocfh
SUNWogg-vorbis-devel
SUNWogg-vorbis-devel-share
SUNWopenjade-devel
SUNWopenjade-root
SUNWopenjade-share
SUNWopensp-devel
SUNWopensp-root
SUNWopensp-share
SUNWopenssl-commands
SUNWopenssl-include
SUNWopenssl-man
SUNWopensslr
SUNWosdem
SUNWpcmci
SUNWpcelx
SUNWpcmcu
SUNWpcmem
SUNWpcsclite
SUNWpcsclite-devel
SUNWpcser
SUNWpd
SUNWperl-xml-parser-devel-share
SUNWpiclu
SUNWpkgcmdsr
SUNWpkgcmdsu
SUNWpl5v
SUNWpl5m
SUNWpl5p
SUNWplowr
SUNWpmgr
SUNWpmi
SUNWpng-devel
SUNWpng-devel-share
SUNWpostgr-contrib
SUNWpostgr-devel
SUNWpostgr-docs
SUNWpostgr-jdbc
SUNWpostgr-pl
SUNWpostgr-server-data
SUNWpostgr-server
SUNWpostgr-tcl
SUNWpppd
SUNWpppdr
SUNWpppdu
SUNWpppdt
SUNWpppg
SUNWppro-plugin-sunos-base
SUNWpsdcr
SUNWpsdir
SUNWpsdpr
SUNWpsh
SUNWpsm-lpd
SUNWqlc
SUNWqlcu
SUNWqos
SUNWqosu
SUNWrcapr
SUNWrcapu
SUNWrcmdr
SUNWrge
SUNWrmodu
SUNWrmwbr
SUNWrmwbu
SUNWroute
SUNWrpcib
SUNWrpm
SUNWrsgk
SUNWrsmo
SUNWrsm
SUNWrtls
SUNWsbp2
SUNWscnsomr
SUNWscsa1394
SUNWsensorr
SUNWserr
SUNWseru
SUNWserweb
SUNWses
SUNWsfdoc
SUNWsfinf
SUNWsfman
SUNWsfwdemo
SUNWsfwhea
SUNWsi3124
SUNWslpr
SUNWslpu
SUNWsmagt
SUNWsmbac
SUNWsmcmd
SUNWsmdoc
SUNWsmmgr
SUNWvts
SUNWvtsmn
SUNWvtsts

Nessus ID : 19763

[^] Back to 192.168.1.6

Port telnet (23/tcp)

Services
A telnet server seems to be running on this port Nessus ID : 10330

Telnet Server Detection

Synopsis :

A telnet server is listening on the remote port

Description :

The remote host is running a telnet server.
Using telnet is not recommended as logins, passwords and commands
are transferred in clear text.

An attacker may eavesdrop on a telnet session and obtain the
credentials of other users.

Solution :

Disable this service and use SSH instead

Risk factor :

Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)

Plugin output:

Remote telnet banner:
login:

Nessus ID : 10281

[^] Back to 192.168.1.6

Port sometimes-rpc11 (32774/tcp)

[^] Back to 192.168.1.6

Port unknown (32795/udp)

[^] Back to 192.168.1.6

Port unknown (32810/udp)

rpcinfo -p
RPC program #100011 version 1 'rquotad' (rquotaprog quota rquota) is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port unknown (32790/tcp)

rpcinfo -p
RPC program #100230 version 1 is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port font-service (7100/tcp)

[^] Back to 192.168.1.6

Port general/icmp

Record route
Here is the route recorded between 192.168.1.250 and 192.168.1.6 : 192.168.1.6. Nessus ID : 12264

[^] Back to 192.168.1.6

Port unknown (32781/tcp)

rpcinfo -p
RPC program #100249 version 1 is running on this port Nessus ID : 11111

snmpXdmid overflow
The remote RPC service 100249 (snmpXdmid) is vulnerable to a heap overflow which allows any user to obtain a root shell on this host. Solution : disable this service (/etc/init.d/init.dmi stop) if you don't use it, or contact Sun for a patch Risk factor : High CVE : CVE-2001-0236 BID : 2417 Other references : IAVA:2001-a-0003, OSVDB:546 Nessus ID : 10659

[^] Back to 192.168.1.6

Port sometimes-rpc13 (32775/tcp)

rpcinfo -p
RPC program #1073741824 version 1 is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port unknown (32812/udp)

rpcinfo -p
RPC program #100001 version 2 'rstatd' (rstat rup perfmeter rstat_svc) is running on this port RPC program #100001 version 3 'rstatd' (rstat rup perfmeter rstat_svc) is running on this port RPC program #100001 version 4 'rstatd' (rstat rup perfmeter rstat_svc) is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port general/tcp

Nessus SNMP Scanner
Nessus snmp scanner was able to retrieve the open port list with the community name public Nessus ID : 14274

IP protocols scan
The following IP protocols are accepted on this host: 1 ICMP 2 IGMP 4 IP 6 TCP 17 UDP 103 PIM 132 SCTP Nessus ID : 14788

OS Identification
The remote host is running one of these operating systems : Sun Solaris 10 Sun Solaris 9 Nessus ID : 11936

Information about the scan

Information about this scan :

Nessus version : 3.0.4
Plugin feed version : 200701101815
Type of plugin feed : Registered (7 days delay)
Scanner IP : 192.168.1.250
Port scanner(s) : nessus_tcp_scanner snmp_scanner synscan
Port range : default
Thorough tests : yes
Experimental tests : no
Paranoia level : 0
Report Verbosity : 2
Safe checks : no
Max hosts : 40
Max checks : 5
Scan Start Date : 2007/2/28 0:07
Scan duration : 1514 sec

Nessus ID : 19506

Check open ports

The following ports were open at the beginning of the scan but are now closed:

Port 32780 was detected as being open but is now closed.
Port 32781 was detected as being open but is now closed.
Port 32791 was detected as being open but is now closed.
Port 32793 was detected as being open but is now closed.
Port 32785 was detected as being open but is now closed.
Port 32795 was detected as being open but is now closed.
Port 32787 was detected as being open but is now closed.
Port 32778 was detected as being open but is now closed.
Port 32779 was detected as being open but is now closed.
Port 32789 was detected as being open but is now closed.

This might be an availability problem related which might be due to the following reasons :

- The remote host is now down, either because a user turned it off during the scan
- A selected denial of service was effective against this host
- A network outage has been experienced during the scan, and the remote
network cannot be reached from the Vulnerability Scanner any more
- This Vulnerability Scanner has been blacklisted by the system administrator
or by automatic intrusion detection/prevention systems which have detected the
vulnerability assessment.

In any case, the audit of the remote host might be incomplete and may need to
be done again

Nessus ID : 10919

[^] Back to 192.168.1.6

Port unknown (32803/udp)

[^] Back to 192.168.1.6

Port sometimes-rpc15 (32776/tcp)

[^] Back to 192.168.1.6

Port lockd (4045/udp)

rpcinfo -p
RPC program #100021 version 1 'nlockmgr' is running on this port RPC program #100021 version 2 'nlockmgr' is running on this port RPC program #100021 version 3 'nlockmgr' is running on this port RPC program #100021 version 4 'nlockmgr' is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port unknown (32788/tcp)

rpcinfo -p
RPC program #100242 version 1 is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port syslog (514/udp)

[^] Back to 192.168.1.6

Port submission (587/tcp)

Services
An SMTP server is running on this port Here is its banner : 220 unknown ESMTP Sendmail 8.13.7+Sun/8.13.7; Wed, 28 Feb 2007 00:07:45 -0500 (EST) Nessus ID : 10330

smtpscan
smtpscan was not able to reliably identify this server. It might be: Sendmail 8.12.8p1/8.12.8 Sendmail 8.11.0/8.11.2 The fingerprint differs from these known signatures on 1 point(s) Nessus ID : 11421

SMTP Server Detection

Lotus MAIL FROM overflow

There seem to be a buffer overflow in the remote SMTP server
when the server is issued a too long argument to the 'MAIL FROM'
command, such as :

MAIL FROM: nessus@AAAAA....AAAAA

This problem may allow an attacker to prevent this host
to act as a mail host and may even allow him to execute
arbitrary code on this system.

Solution : Inform your vendor of this vulnerability
and wait for a patch.

Risk factor : High
CVE : CVE-2000-0452
BID : 153, 1229
Other references : OSVDB:321

Nessus ID : 10419

[^] Back to 192.168.1.6

Port sometimes-rpc17 (32777/tcp)

rpcinfo -p
RPC program #100024 version 1 'status' is running on this port RPC program #100133 version 1 is running on this port Nessus ID : 11111

[^] Back to 192.168.1.6

Port x11 (6000/tcp)

X Server Detection

Synopsis :

A X11 server is listening on the remote host

Description :

The remote host is running a X11 server. X11 is a client-server protocol
which can be used to display graphical applications running on a given
host on a remote client.

Since the X11 traffic is not ciphered, it is possible for an attacker
to eavesdrop on the connection.

Solution :

Restrict access to this port. If the X11 client/server facility is not
used, disable TCP entirely.

Risk factor :

Low / CVSS Base Score : 2
(AV:R/AC:H/Au:R/C:P/A:N/I:N/B:C)

Plugin output :

X11 Version : 11.0

Nessus ID : 10407