| Security Issues and Fixes: 192.168.1.104 |
| Type |
Port |
Issue and Fix |
| Informational |
general/udp |
For your information, here is the traceroute from 192.168.1.106 to 192.168.1.104 :
192.168.1.106
192.168.1.104
Nessus ID : 10287 |
| Warning |
domain (53/udp) |
Synopsis :
The remote name server allows recursive queries to be performed
by the host running nessusd.
Description :
It is possible to query the remote name server for third party names.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as www.nessus.org).
This allows hackers to do cache poisoning attacks against this
nameserver.
If the host allows these recursive queries via UDP,
then the host can be used to 'bounce' Denial of Service attacks
against another network or system.
See also :
http://www.cert.org/advisories/CA-1997-22.html
Solution :
Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction
'allow-recursion' in the 'options' section of your named.conf
If you are using bind 9, you can define a grouping of internal addresses
using the 'acl' command
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
If you are using another name server, consult its documentation.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVE : CVE-1999-0024
BID : 136, 678
Nessus ID : 10539 |
| Warning |
domain (53/udp) |
Synopsis :
The remote DNS server is vulnerable to cache snooping attacks.
Description :
The remote DNS server responds to queries for third-party domains
which do not have the recursion bit set.
This may allow a remote attacker to determine which domains have
recently been resolved via this name server, and therefore which hosts
have been recently visited.
For instance, if an attacker was interested in whether your company
utilizes the online services of a particular financial institution,
they would be able to use this attack to build a statistical model
regarding company usage of that financial institution. Of course, the
attack can also be used to find B2B partners, web-surfing patterns,
external mail servers, and more...
See also :
For a much more detailed discussion of the potential risks of allowing
DNS cache information to be queried anonymously, please see:
http://www.rootsecure.net/content/downloads/pdf/dns_cache_snooping.pdf
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Nessus ID : 12217 |
| Informational |
domain (53/udp) |
Synopsis :
The DNS server discloses the remote host name.
Description :
It is possible to learn the remote host name by querying the remote
DNS server for 'hostname.bind' in the CHAOS domain.
Solution :
It may be possible to disable this feature. Consult the vendor's
documentation for more information.
Risk factor :
None
Plugin output :
The remote host name is :
ubuntuserver810
Nessus ID : 35371 |
| Informational |
domain (53/udp) |
Synopsis :
The remote DNS resolver is DNSSEC-aware.
Description :
The remote DNS resolver accepts DNSSEC options. This means that it
may verify the authenticity of DNSSEC protected zones if it is
configured to trust their keys.
Risk factor :
None
Nessus ID : 35373 |
| Informational |
domain (53/udp) |
Synopsis :
A DNS server is listening on the remote host.
Description :
The remote service is a Domain Name System (DNS) server, which
provides a mapping between hostnames and IP addresses.
See also :
http://en.wikipedia.org/wiki/Domain_Name_System
Solution :
Disable this service if it is not needed or restrict access to
internal hosts only if the service is available externally.
Risk factor :
None
Nessus ID : 11002 |
| Informational |
domain (53/udp) |
Synopsis :
It is possible to obtain the version number of the remote DNS server.
Description :
The remote host is running BIND, an open-source DNS server. It is
possible to extract the version number of the remote installation by
sending a special DNS request for the text 'version.bind' in the
domain 'chaos'.
Solution :
It is possible to hide the version number of bind by using the
'version' directive in the 'options' section in named.conf
Risk factor :
None
Plugin output :
The version of the remote DNS server is :
9.5.0-P2
Other references : OSVDB:23
Nessus ID : 10028 |
| Informational |
general/icmp |
Synopsis :
It is possible to determine the exact time set on the remote host.
Description :
The remote host answers to an ICMP timestamp request. This allows an
attacker to know the date which is set on your machine.
This may help him to defeat all your time based authentication
protocols.
Solution :
Filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor :
None
Plugin output :
The difference between the local and remote clocks is -15 seconds.
CVE : CVE-1999-0524
Nessus ID : 10114 |
| Warning |
mdns (5353/udp) |
Synopsis :
It is possible to obtain information about the remote host.
Description :
The remote service understands the Bonjour (also known as ZeroConf or
mDNS) protocol, which allows anyone to uncover information from the
remote host such as its operating system type and exact version, its
hostname, and the list of services it is running.
Solution :
Filter incoming traffic to UDP port 5353 if desired.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin output :
Nessus was able to extract the following information :
- Computer name : ubuntuserver810.local.
- Ethernet addr : 00:0c:29:10:91:ef
- Computer Type : I686
- Operating System : LINUX
Nessus ID : 12218 |
| Informational |
general/tcp |
Information about this scan :
Nessus version : 4.0.1
Plugin feed version : 200906262334
Type of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 192.168.1.106
Port scanner(s) : nessus_tcp_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
CGI scanning : disabled
Web application tests : disabled
Max hosts : 20
Max checks : 4
Recv timeout : 5
Backports : Detected
Scan Start Date : 2009/6/28 11:11
Scan duration : 85 sec
Nessus ID : 19506 |
| Informational |
general/tcp |
Remote operating system : Linux Kernel
Confidence Level : 30
Method : mDNS
The remote host is running Linux Kernel
Nessus ID : 11936 |
| Informational |
general/tcp |
Synopsis :
The remote host seems to be a VMware virtual machine.
Description :
According to the MAC address of its network adapter, the remote host
is a VMware virtual machine.
Since it is physically accessible through the network, ensure that its
configuration matches your organization's security policy.
Risk factor :
None
Nessus ID : 20094 |
| Informational |
general/tcp |
Synopsis :
The manufacturer can be deduced from the Ethernet OUI.
Description :
Each ethernet MAC address starts with a 24-bit 'Organizationally
Unique Identifier'.
These OUI are registered by IEEE.
See also :
http://standards.ieee.org/faqs/OUI.html
http://standards.ieee.org/regauth/oui/index.shtml
Risk factor :
None
Plugin output :
The following card manufacturers were identified :
00:0c:29:10:91:ef : VMware, Inc.
Nessus ID : 35716 |
| Informational |
general/tcp |
192.168.1.104 resolves as 192-168-1-104.tpgi.com.au.
Nessus ID : 12053 |
| Informational |
general/tcp |
Synopsis :
The Nessus scan of this host may be incomplete due to insufficient
privileges provided.
Description :
The Nessus scanner testing the remote host has been given SMB
credentials to log into the remote host, however these credentials
do not have administrative privileges.
Typically, when Nessus performs a patch audit, it logs into the
remote host and reads the version of the DLLs on the remote host
to determine if a given patch has been applied or not. This is
the method Microsoft recommends to determine if a patch has been
applied.
If your Nessus scanner does not have administrative privileges when
doing a scan, then Nessus has to fall back to perform a patch audit
through the registry which may lead to false positives (especially
when using third party patch auditing tools) or to false negatives
(not all patches can be detected thru the registry).
Solution :
Reconfigure your scanner to use credentials with administrative
privileges
Risk factor :
None
Plugin output :
It was not possible to connect to \\UBUNTUSERVER810\ADMIN$
Nessus ID : 24786 |
| Warning |
pop3s (995/tcp) |
Synopsis :
The remote service supports the use of weak SSL ciphers.
Description :
The remote host supports the use of SSL ciphers that offer either weak
encryption or no encryption at all.
See also :
http://www.openssl.org/docs/apps/ciphers.html
Solution :
Reconfigure the affected application if possible to avoid use of weak
ciphers.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin output :
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Nessus ID : 26928 |
| Warning |
pop3s (995/tcp) |
Synopsis :
The remote service supports the use of anonymous SSL ciphers.
Description :
The remote host supports the use of anonymous SSL ciphers. While this
enables an administrator to set up a service that encrypts traffic
without having to generate and configure SSL certificates, it offers
no way to verify the remote host's identity and renders the service
vulnerable to a man-in-the-middle attack.
See also :
http://www.openssl.org/docs/apps/ciphers.html
Solution :
Reconfigure the affected application if possible to avoid use of weak
ciphers.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin output :
The remote server supports the following anonymous SSL ciphers :
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1
ADH-AES128-SHA Kx=DH Au=None Enc=AES(128) Mac=SHA1
ADH-AES256-SHA Kx=DH Au=None Enc=AES(256) Mac=SHA1
ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Nessus ID : 31705 |
| Informational |
pop3s (995/tcp) |
Synopsis :
The remote service encrypts communications using SSL.
Description :
This script detects which SSL ciphers are supported by the remote
service for encrypting communications.
See also :
http://www.openssl.org/docs/apps/ciphers.html
Risk factor :
None
Plugin output :
Here is the list of SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
High Strength Ciphers (>= 112-bit key)
SSLv3
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1
ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
TLSv1
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1
ADH-AES128-SHA Kx=DH Au=None Enc=AES(128) Mac=SHA1
ADH-AES256-SHA Kx=DH Au=None Enc=AES(256) Mac=SHA1
ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Nessus ID : 21643 |
| Informational |
pop3s (995/tcp) |
Synopsis :
A POP server is listening on the remote port.
Description :
The remote host is running a server that understands the Post Office
Protocol (POP), used by email clients to retrieve messages from a
server, possibly across a network link.
See also :
http://en.wikipedia.org/wiki/Post_Office_Protocol
Solution :
Disable this service if you do not use it.
Risk factor :
None
Plugin output :
Remote POP server banner :
+OK Dovecot ready.
Nessus ID : 10185 |
| Informational |
pop3s (995/tcp) |
Synopsis :
The remote server's SSL certificate has already expired or will expire
shortly.
Description :
This script checks expiry dates of certificates associated with SSL-
enabled services on the target and reports whether any have already
expired or will expire shortly.
Solution :
Purchase or generate a new SSL certificate to replace the existing
one.
Risk factor :
None
Plugin output :
The SSL certificate of the remote service is not valid before Jun 28 10:55:40 2009 GMT!
Nessus ID : 15901 |
| Informational |
pop3s (995/tcp) |
Synopsis :
This plugin displays the SSL certificate.
Description :
This plugin connects to every SSL-related port and attempts to
extract and dump the X.509 certificate.
Risk factor :
None
Plugin output :
Subject Name:
Common Name: ubuntuserver810.home.gateway
Issuer Name:
Common Name: ubuntuserver810.home.gateway
Serial Number: 00 D9 1C C8 E2 3D 64 68 72
Version: 1
Signature Algorithm: SHA-1 With RSA Encryption
Not Valid Before: Jun 28 10:55:40 2009 GMT
Not Valid After: Jun 26 10:55:40 2019 GMT
Public Key Info:
Algorithm: RSA Encryption
Public Key: 00 D0 0C 8A 88 F9 8D 61 C9 1D 55 CB 1D 1F 42 D1 C5 08 C9 33
C4 6B 5D A0 B8 7A 79 9F 44 E4 B9 9F 6A 33 CB D6 F4 CE 3E 53
CC 4A D6 D9 5A 2A 83 0E F8 AF 5D B3 65 D1 F5 69 37 A1 00 17
44 3F 73 A9 8C F9 E0 7F 6C 41 B4 3E 75 38 E8 A3 C0 3D 36 89
EB AE F8 9C 8A E2 1D F1 45 DB 43 E4 69 7E ED 8D 99 37 B4 7F
C6 0A 40 96 8C 3C BF 76 39 D6 4E 40 94 FB 94 0B 27 EB 1F 48
C4 41 60 04 92 BA DB FF 2B
Exponent: 01 00 01
Signature: 00 A7 93 A1 3C C2 96 EA 77 D9 64 2D 4B 73 99 C7 5C C2 E6 30
CA A2 4D BF ED E2 77 4B 6C F8 8F 1E D2 74 17 E4 BC 39 CD 3D
F0 B1 C5 AF 13 B4 EE C0 5C EE 6B 1D BF 18 00 6A 47 BB FA FC
A7 10 42 96 6D 3F 26 63 52 28 E0 6B 71 68 1B 9A 64 10 67 DB
A7 68 15 CF A5 2A D3 D0 20 C4 4F AF 59 93 E7 F6 C4 96 7A 3A
DA B4 DF B6 7C 83 CA 89 45 37 DE 36 61 5C AE 4E ED 43 7E 63
67 F4 6F D1 AF 50 FC C9 E4
Nessus ID : 10863 |
| Informational |
pop3s (995/tcp) |
A POP3 server is running on this port through TLSv1.
Nessus ID : 22964 |
| Informational |
pop3s (995/tcp) |
A TLSv1 server answered on this port.
Nessus ID : 22964 |
| Informational |
ajp13 (8009/tcp) |
Synopsis :
There is an AJP connector listening on the remote host.
Description :
The remote host is running an AJP (Apache JServ Protocol) connector, a
service by which a standalone web server such as Apache communicates
over TCP with a Java servlet container such as Tomcat.
See also :
http://tomcat.apache.org/connectors-doc/
http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html
Risk factor :
None
Plugin output :
The connector listing on this port supports the ajp13 protocol.
Nessus ID : 21186 |
| Informational |
ssh (22/tcp) |
Synopsis :
Security patches are backported.
Description :
Security patches may have been 'back ported' to the remote SSH server
without changing its version number.
Banner-based checks have been disabled to avoid false positives.
Solution :
Give Nessus credentials to perform local checks.
Risk factor :
None
Nessus ID : 39520 |
| Informational |
ssh (22/tcp) |
Synopsis :
An SSH server is running on the remote host.
Description :
This plugin determines the versions of the SSH protocol supported by
the remote SSH daemon.
Risk factor :
None
Plugin output :
The remote SSH daemon supports the following versions of the
SSH protocol :
- 1.99
- 2.0
SSHv2 host key fingerprint : ca:5f:e1:e1:56:25:be:df:b1:ff:03:92:a3:11:bb:0a
Nessus ID : 10881 |
| Informational |
ssh (22/tcp) |
Synopsis :
An SSH server is listening on this port.
Description :
It is possible to obtain information about the remote SSH
server by sending an empty authentication request.
Risk factor :
None
Plugin output :
SSH version : SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1
SSH supported authentication : publickey,password
Nessus ID : 10267 |
| Informational |
ssh (22/tcp) |
An SSH server is running on this port.
Nessus ID : 22964 |
| Informational |
imap (143/tcp) |
An IMAP server is running on this port
Nessus ID : 11153 |
| Informational |
imap (143/tcp) |
Synopsis :
An IMAP server is running on the remote host.
Description :
An IMAP (Internet Message Access Protocol) server is
installed and running on the remote host.
Risk factor :
None
Plugin output :
The remote imap server banner is :
* OK Dovecot ready.
Nessus ID : 11414 |
| Informational |
domain (53/tcp) |
Synopsis :
A DNS server is listening on the remote host.
Description :
The remote service is a Domain Name System (DNS) server, which
provides a mapping between hostnames and IP addresses.
See also :
http://en.wikipedia.org/wiki/Domain_Name_System
Solution :
Disable this service if it is not needed or restrict access to
internal hosts only if the service is available externally.
Risk factor :
None
Nessus ID : 11002 |
| Informational |
pop3 (110/tcp) |
Synopsis :
A POP server is listening on the remote port.
Description :
The remote host is running a server that understands the Post Office
Protocol (POP), used by email clients to retrieve messages from a
server, possibly across a network link.
See also :
http://en.wikipedia.org/wiki/Post_Office_Protocol
Solution :
Disable this service if you do not use it.
Risk factor :
None
Plugin output :
Remote POP server banner :
+OK Dovecot ready.
Nessus ID : 10185 |
| Informational |
pop3 (110/tcp) |
A POP3 server is running on this port.
Nessus ID : 22964 |
| Warning |
http-alt (8080/tcp) |
Synopsis :
The remote web server contains a JSP application that is affected by a
cross-site scripting vulnerability.
Description :
The remote web server includes an example JSP application, 'cal2.jsp',
that fails to sanitize user-supplied input before using it to generate
dynamic content. An unauthenticated remote attacker may be able to
leverage this issue to inject arbitrary HTML or script code into a
user's browser to be executed within the security context of the
affected site.
See also :
http://www.securityfocus.com/archive/1/501538/30/0/threaded
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-4.html
Solution :
Either undeploy the Tomcat examples web application, apply the
appropriate patch referenced in the vendor advisory, or upgrade to
Tomcat 6.0.20 / 5.5.28 / 4.1.40 when they become available.
Risk factor :
Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
Plugin output :
Nessus was able to exploit the issue using the following URL :
http://192-168-1-104.tpgi.com.au:8080/examples/jsp/cal/cal2.jsp?time=8am%20STYLE%3dxss%3ae%2f**%2fxpression(try%7ba%3dfirstTime%7dcatch(e)%7bfirstTime%3d1%3balert('tomcat_sample_cal2_xss2.nasl')%7d)%3b
NB: use Internet Explorer to test this.
CVE : CVE-2009-0781
Nessus ID : 35806 |
| Warning |
http-alt (8080/tcp) |
Synopsis :
The remote web server contains example files.
Description :
Example JSPs and Servlets are installed in the remote Apache Tomcat
servlet/JSP container. These files should be removed as they may help
an attacker uncover information about the remote Tomcat install or
host itself. Or they may themselves contain vulnerabilities such as
cross-site scripting issues.
Solution :
Review the files and delete those that are not needed.
Risk factor :
None
Plugin output :
The following default files were found :
/examples/servlets/index.html
/examples/jsp/snp/snoop.jsp
/examples/jsp/index.html
Nessus ID : 12085 |
| Informational |
http-alt (8080/tcp) |
Synopsis :
Some information about the remote HTTP configuration can be extracted.
Description :
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem.
Risk factor :
None
Plugin output :
Protocol version : HTTP/1.1
SSL : no
Pipelining : yes
Keep-Alive : no
Options allowed : GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
Headers :
Server: Apache-Coyote/1.1
ETag: W/"2085-1246186652000"
Last-Modified: Sun, 28 Jun 2009 10:57:32 GMT
Content-Type: text/html
Content-Length: 2085
Date: Sun, 28 Jun 2009 01:12:15 GMT
Nessus ID : 24260 |
| Informational |
http-alt (8080/tcp) |
Synopsis :
The remote web server reports its version number on error pages.
Description :
Apache Tomcat appears to be running on the remote host and reporting
its version number on the default error pages. A remote attacker
could use this information to mount further attacks.
See also :
http://wiki.apache.org/tomcat/FAQ/Miscellaneous#Q6
http://jcp.org/en/jsr/detail?id=315
Solution :
Replace the default error pages with custom error pages to hide
the version number. Refer to the Apache wiki or the Java Servlet
Specification for more information.
Risk factor :
None
Plugin output :
Nessus detected the following version number on an Apache Tomcat
404 page :
6.0.18
Nessus ID : 39446 |
| Informational |
http-alt (8080/tcp) |
Synopsis :
A web server is running on the remote host.
Description :
This plugin attempts to determine the type and the version of
the remote web server.
Risk factor :
None
Plugin output :
The remote web server type is :
Coyote HTTP/1.1 Connector
Nessus ID : 10107 |
| Informational |
http-alt (8080/tcp) |
A web server is running on this port.
Nessus ID : 22964 |
| Warning |
http (80/tcp) |
Synopsis :
Debugging functions are enabled on the remote web server.
Description :
The remote webserver supports the TRACE and/or TRACK methods. TRACE
and TRACK are HTTP methods which are used to debug web server
connections.
In addition, it has been shown that servers supporting the TRACE
method are subject to cross-site scripting attacks, dubbed XST for
"Cross-Site Tracing", when used in conjunction with various weaknesses
in browsers. An attacker may use this flaw to trick your legitimate
web users to give him their credentials.
See also :
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.apacheweek.com/issues/03-01-24
http://www.kb.cert.org/vuls/id/288308
http://www.kb.cert.org/vuls/id/867593
Solution :
Disable these methods.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Solution :
Add the following lines for each virtual host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2
support disabling the TRACE method natively via the 'TraceEnable'
directive.
Plugin output :
Nessus sent the following TRACE request :
------------------------------ snip ------------------------------
TRACE /Nessus2089244743.html HTTP/1.1
Connection: Close
Host: 192-168-1-104.tpgi.com.au
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8
------------------------------ snip ------------------------------
and received the following response from the remote server :
------------------------------ snip ------------------------------
HTTP/1.1 200 OK
Date: Sun, 28 Jun 2009 01:12:14 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-2ubuntu4 with Suhosin-Patch
Connection: close
Transfer-Encoding: chunked
Content-Type: message/http
TRACE /Nessus2089244743.html HTTP/1.1
Connection: Close
Host: 192-168-1-104.tpgi.com.au
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8
------------------------------ snip ------------------------------
CVE : CVE-2003-1567, CVE-2004-2320
BID : 9506, 9561, 11604, 33374
Other references : OSVDB:877, OSVDB:3726, OSVDB:5648
Nessus ID : 11213 |
| Informational |
http (80/tcp) |
Synopsis :
Security patches are backported.
Description :
Security patches may have been 'back ported' to the remote HTTP server
without changing its version number.
Banner-based checks have been disabled to avoid false positives.
Solution :
Give Nessus credentials to perform local checks.
Risk factor :
None
Nessus ID : 39521 |
| Informational |
http (80/tcp) |
Synopsis :
Some information about the remote HTTP configuration can be extracted.
Description :
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem.
Risk factor :
None
Plugin output :
Protocol version : HTTP/1.1
SSL : no
Pipelining : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Sun, 28 Jun 2009 01:12:16 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-2ubuntu4 with Suhosin-Patch
Last-Modified: Sun, 28 Jun 2009 01:12:16 GMT
ETag: W/"1bdc2-2d-46d668167d500"
Accept-Ranges: bytes
Content-Length: 45
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Nessus ID : 24260 |
| Informational |
http (80/tcp) |
Synopsis :
A web server is running on the remote host.
Description :
This plugin attempts to determine the type and the version of
the remote web server.
Risk factor :
None
Plugin output :
The remote web server type is :
Apache/2.2.9 (Ubuntu) PHP/5.2.6-2ubuntu4 with Suhosin-Patch
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Nessus ID : 10107 |
| Informational |
http (80/tcp) |
A web server is running on this port.
Nessus ID : 22964 |
| Informational |
smtp (25/tcp) |
Synopsis :
An SMTP server is listening on the remote port.
Description :
The remote host is running a mail (SMTP) server on this port.
Since SMTP servers are the targets of spammers, it is recommended you
disable it if you do not use it.
Solution :
Disable this service if you do not use it, or filter incoming traffic
to this port.
Risk factor :
None
Plugin output :
Remote SMTP server banner :
220 ubuntuserver810.home.gateway ESMTP Postfix (Ubuntu)
Nessus ID : 10263 |
| Informational |
smtp (25/tcp) |
An SMTP server is running on this port.
Nessus ID : 22964 |
| Warning |
imaps (993/tcp) |
Synopsis :
The remote service supports the use of anonymous SSL ciphers.
Description :
The remote host supports the use of anonymous SSL ciphers. While this
enables an administrator to set up a service that encrypts traffic
without having to generate and configure SSL certificates, it offers
no way to verify the remote host's identity and renders the service
vulnerable to a man-in-the-middle attack.
See also :
http://www.openssl.org/docs/apps/ciphers.html
Solution :
Reconfigure the affected application if possible to avoid use of weak
ciphers.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin output :
The remote server supports the following anonymous SSL ciphers :
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1
ADH-AES128-SHA Kx=DH Au=None Enc=AES(128) Mac=SHA1
ADH-AES256-SHA Kx=DH Au=None Enc=AES(256) Mac=SHA1
ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Nessus ID : 31705 |
| Warning |
imaps (993/tcp) |
Synopsis :
The remote service supports the use of weak SSL ciphers.
Description :
The remote host supports the use of SSL ciphers that offer either weak
encryption or no encryption at all.
See also :
http://www.openssl.org/docs/apps/ciphers.html
Solution :
Reconfigure the affected application if possible to avoid use of weak
ciphers.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin output :
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Nessus ID : 26928 |
| Informational |
imaps (993/tcp) |
Synopsis :
The remote service encrypts communications using SSL.
Description :
This script detects which SSL ciphers are supported by the remote
service for encrypting communications.
See also :
http://www.openssl.org/docs/apps/ciphers.html
Risk factor :
None
Plugin output :
Here is the list of SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
High Strength Ciphers (>= 112-bit key)
SSLv3
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1
ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
TLSv1
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1
ADH-AES128-SHA Kx=DH Au=None Enc=AES(128) Mac=SHA1
ADH-AES256-SHA Kx=DH Au=None Enc=AES(256) Mac=SHA1
ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Nessus ID : 21643 |
| Informational |
imaps (993/tcp) |
An IMAP server is running on this port
Nessus ID : 11153 |
| Informational |
imaps (993/tcp) |
Synopsis :
The remote server's SSL certificate has already expired or will expire
shortly.
Description :
This script checks expiry dates of certificates associated with SSL-
enabled services on the target and reports whether any have already
expired or will expire shortly.
Solution :
Purchase or generate a new SSL certificate to replace the existing
one.
Risk factor :
None
Plugin output :
The SSL certificate of the remote service is not valid before Jun 28 10:55:40 2009 GMT!
Nessus ID : 15901 |
| Informational |
imaps (993/tcp) |
Synopsis :
This plugin displays the SSL certificate.
Description :
This plugin connects to every SSL-related port and attempts to
extract and dump the X.509 certificate.
Risk factor :
None
Plugin output :
Subject Name:
Common Name: ubuntuserver810.home.gateway
Issuer Name:
Common Name: ubuntuserver810.home.gateway
Serial Number: 00 D9 1C C8 E2 3D 64 68 72
Version: 1
Signature Algorithm: SHA-1 With RSA Encryption
Not Valid Before: Jun 28 10:55:40 2009 GMT
Not Valid After: Jun 26 10:55:40 2019 GMT
Public Key Info:
Algorithm: RSA Encryption
Public Key: 00 D0 0C 8A 88 F9 8D 61 C9 1D 55 CB 1D 1F 42 D1 C5 08 C9 33
C4 6B 5D A0 B8 7A 79 9F 44 E4 B9 9F 6A 33 CB D6 F4 CE 3E 53
CC 4A D6 D9 5A 2A 83 0E F8 AF 5D B3 65 D1 F5 69 37 A1 00 17
44 3F 73 A9 8C F9 E0 7F 6C 41 B4 3E 75 38 E8 A3 C0 3D 36 89
EB AE F8 9C 8A E2 1D F1 45 DB 43 E4 69 7E ED 8D 99 37 B4 7F
C6 0A 40 96 8C 3C BF 76 39 D6 4E 40 94 FB 94 0B 27 EB 1F 48
C4 41 60 04 92 BA DB FF 2B
Exponent: 01 00 01
Signature: 00 A7 93 A1 3C C2 96 EA 77 D9 64 2D 4B 73 99 C7 5C C2 E6 30
CA A2 4D BF ED E2 77 4B 6C F8 8F 1E D2 74 17 E4 BC 39 CD 3D
F0 B1 C5 AF 13 B4 EE C0 5C EE 6B 1D BF 18 00 6A 47 BB FA FC
A7 10 42 96 6D 3F 26 63 52 28 E0 6B 71 68 1B 9A 64 10 67 DB
A7 68 15 CF A5 2A D3 D0 20 C4 4F AF 59 93 E7 F6 C4 96 7A 3A
DA B4 DF B6 7C 83 CA 89 45 37 DE 36 61 5C AE 4E ED 43 7E 63
67 F4 6F D1 AF 50 FC C9 E4
Nessus ID : 10863 |
| Informational |
imaps (993/tcp) |
A TLSv1 server answered on this port.
Nessus ID : 22964 |
| Informational |
netbios-ssn (139/tcp) |
Synopsis :
A file / print sharing service is listening on the remote host.
Description :
The remote service understands the CIFS (Common Internet File System)
or Server Message Block (SMB) protocol, used to provide shared access
to files, printers, etc between nodes on a network.
Risk factor :
None
Plugin output :
An SMB server is running on this port.
Nessus ID : 11011 |
| Warning |
microsoft-ds (445/tcp) |
Synopsis :
It is possible to log into the remote host.
Description :
The remote host is running one of the Microsoft Windows operating
systems. It was possible to log into it as a guest user using a
random account.
Solution :
In the group policy change the setting for
'Network access: Sharing and security model for local accounts' from
'Guest only - local users authenticate as Guest' to
'Classic - local users authenticate as themselves'.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE : CVE-1999-0505
Nessus ID : 26919 |
| Informational |
microsoft-ds (445/tcp) |
Synopsis :
It is possible to retrieve the remote host's password policy using the
supplied credentials.
Description :
Using the supplied credentials it was possible to extract the password
policy for the remote Windows host. The password policy must be
conform to the Informational System Policy.
Risk factor :
None
Plugin output :
The following password policy is defined on the remote host:
Minimum password len: 5
Password history len: 0
Maximum password age (d): No limit
Password must meet complexity requirements: Disabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 1800
Time between failed logon (s): 1800
Number of invalid logon before locked out (s): 0
Nessus ID : 17651 |
| Informational |
microsoft-ds (445/tcp) |
Synopsis :
It is possible to enumerate local users.
Description :
Using the host SID, it is possible to enumerate local users on the
remote Windows system.
Risk factor :
None
Plugin output :
- nobody (id 501, Guest account)
Note that, in addition to the Administrator and Guest accounts, Nessus
has enumerated only those local users with IDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.
CVE : CVE-2000-1200
BID : 959
Other references : OSVDB:714
Nessus ID : 10860 |
| Informational |
microsoft-ds (445/tcp) |
Synopsis :
It is possible to obtain the host SID for the remote host.
Description :
By emulating the call to LsaQueryInformationPolicy(), it was possible
to obtain the host SID (Security Identifier).
The host SID can then be used to get the list of local users.
Risk factor :
None
Plugin output :
The remote host SID value is :
1-5-21-883710179-3836327781-3827999253
CVE : CVE-2000-1200
BID : 959
Nessus ID : 10859 |
| Informational |
microsoft-ds (445/tcp) |
Synopsis :
It is possible to obtain network information.
Description :
It was possible to obtain the browse list of the remote Windows system
by send a request to the LANMAN pipe. The browse list is the list of
the nearest Windows systems of the remote host.
Risk factor :
None
Plugin output :
Here is the browse list of the remote host :
UBUNTUSERVER810 ( os : 0.0 )
Other references : OSVDB:300
Nessus ID : 10397 |
| Informational |
microsoft-ds (445/tcp) |
Synopsis :
It is possible to log into the remote Windows host with a NULL
session.
Description :
The remote host is running Microsoft Windows, and it was possible to
log into it using a NULL session (ie, with no login or password). An
unauthenticated remote attacker can leverage this issue to get
information about the remote host.
See also :
http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP
http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP
Risk factor :
None
CVE : CVE-2002-1117
BID : 494
Nessus ID : 26920 |
| Informational |
microsoft-ds (445/tcp) |
Synopsis :
It is possible to enumerate remote network shares.
Description :
By connecting to the remote host using a NULL (or guest) session
Nessus was able to enumerate the network share names.
Risk factor :
None
Plugin output :
Here are the SMB shares available on the remote host:
- print$
- IPC$
Nessus ID : 10395 |
| Informational |
microsoft-ds (445/tcp) |
Synopsis :
A file / print sharing service is listening on the remote host.
Description :
The remote service understands the CIFS (Common Internet File System)
or Server Message Block (SMB) protocol, used to provide shared access
to files, printers, etc between nodes on a network.
Risk factor :
None
Plugin output :
A CIFS server is running on this port.
Nessus ID : 11011 |
| Informational |
microsoft-ds (445/tcp) |
Synopsis :
It is possible to log into the remote host.
Description :
The remote host is running one of the Microsoft Windows operating
systems. It was possible to log into it using one of the following
account :
- NULL session
- Guest account
- Given Credentials
See also :
http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP
http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP
Risk factor :
None
Plugin output :
- NULL sessions are enabled on the remote host
- Remote users are authenticated as 'Guest'
CVE : CVE-1999-0504, CVE-1999-0505, CVE-1999-0506, CVE-2000-0222, CVE-2002-1117, CVE-2005-3595
BID : 494, 990, 11199
Nessus ID : 10394 |
| Informational |
microsoft-ds (445/tcp) |
Synopsis :
It is possible to obtain information about the remote operating
system.
Description :
It is possible to get the remote operating system name and
version (Windows and/or Samba) by sending an authentication
request to port 139 or 445.
Risk factor :
None
Plugin output :
The remote Operating System is : Unix
The remote native lan manager is : Samba 3.2.3
The remote SMB Domain Name is : UBUNTUSERVER810
Nessus ID : 10785 |
| Informational |
microsoft-ds (445/tcp) |
Synopsis :
An SMB server is running on the remote host.
Description :
The remote host is running Samba, a CIFS/SMB server for Unix.
See also :
http://www.samba.org/
Risk factor :
None
Nessus ID : 25240 |
| Informational |
netbios-ns (137/udp) |
Synopsis :
It is possible to obtain the network name of the remote host.
Description :
The remote host listens on udp port 137 and replies to NetBIOS nbtscan
requests. By sending a wildcard request it is possible to obtain the
name of the remote system and the name of its domain.
Risk factor :
None
Plugin output :
The following 5 NetBIOS names have been gathered :
UBUNTUSERVER810 = Computer name
UBUNTUSERVER810 = Messenger Service
UBUNTUSERVER810 = File Server Service
WORKGROUP = Browser Service Elections
WORKGROUP = Workgroup / Domain name
This SMB server seems to be a SAMBA server (MAC address is NULL).
Other references : OSVDB:13577Nessus ID : 10150 |