OpenVAS Scan Report
This report gives details on hosts that were tested and issues that were found. Please follow the recommended steps and procedures to eradicate these threats.

Scan Details
Hosts which were alive and responding during test 1
Number of security holes found 0
Number of security warnings found 2
Number of security notes found 38
Number of false positives found 0


Host List
Host(s) Possible Issue
192.168.1.105 Security warning(s) found
[ return to top ]


Analysis of Host
Address of Host Port/Service Issue regarding Port
192.168.1.105 http (80/tcp) Security note(s) found
192.168.1.105 pop3 (110/tcp) Security note(s) found
192.168.1.105 epmap (135/tcp) Security warning(s) found
192.168.1.105 netbios-ssn (139/tcp) Security note(s) found
192.168.1.105 smtp (25/tcp) Security note(s) found
192.168.1.105 microsoft-ds (445/tcp) Security note(s) found
192.168.1.105 blackjack (1025/tcp) Security note(s) found
192.168.1.105 kyoceranetdev (1063/tcp) Security note(s) found
192.168.1.105 rdrmshc (1075/tcp) Security note(s) found
192.168.1.105 dab-sti-c (1076/tcp) Security note(s) found
192.168.1.105 imgames (1077/tcp) Security note(s) found
192.168.1.105 enpp (2968/tcp) Security note(s) found
192.168.1.105 general/tcp Security note(s) found
192.168.1.105 ssh (22/tcp) No Information
192.168.1.105 netbios-ns (137/udp) Security warning(s) found
192.168.1.105 general/SMB Security note(s) found
192.168.1.105 general/SMBClient Security note(s) found


Security Issues and Fixes: 192.168.1.105
Type Port Issue and Fix
Informational http (80/tcp) A web server is running on this port
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10330
Informational http (80/tcp) The remote web server type is :

Microsoft-IIS/6.0

OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10107
Informational http (80/tcp)
Synopsis :

This web server leaks a private IP address through its HTTP headers.

Description :

This may expose internal IP addresses that are usually hidden or masked
behind a Network Address Translation (NAT) Firewall or proxy server.

There is a known issue with IIS 4.0 doing this in its default configuration.

See also :

http://support.microsoft.com/support/kb/articles/Q218/1/80.ASP
See the Bugtraq reference for a full discussion.

Risk factor :

None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)

Plugin output :

This web server leaks the following private IP address : 192.168.1.105
CVE : CVE-2000-0649
BID : 1499
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10759
Informational http (80/tcp) The following directories were discovered:
/_vti_bin, /images

While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards

Other references : OWASP:OWASP-CM-006
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.11032
Informational http (80/tcp) The remote IIS server *seems* to be Microsoft IIS 6.0 - w2k3 build 3790

OpenVAS ID : 1.3.6.1.4.1.25623.1.0.11874
Informational http (80/tcp) \nServer: Microsoft-IIS/6.0\nOperating System Type: Windows Server 2003\nX-AspNet-Version: 1.1.4322\nX-Powered-By: ASP.NET
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.101018
Informational pop3 (110/tcp) A pop3 server is running on this port
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10330
Informational pop3 (110/tcp)
The remote POP3 servers leak information about the software it is running,
through the login banner. This may assist an attacker in choosing an attack
strategy.

Versions and types should be omitted where possible.

The version of the remote POP3 server is :
+OK Microsoft Windows Service Version 1.0 ready.

Solution : Change the login banner to something generic.
Risk factor : Low
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10185
Warning epmap (135/tcp)
Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.

An attacker may use this fact to gain more knowledge
about the remote host.

Solution : filter incoming traffic to this port.
Risk factor : Low
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10736
Informational netbios-ssn (139/tcp) An SMB server is running on this port
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.11011
Informational smtp (25/tcp) An SMTP server is running on this port
Here is its banner :
220 win2kr2 Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Mon, 29 Jun 2009 10:24:36 -0700
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10330
Informational smtp (25/tcp) Remote SMTP server banner :
220 win2kr2 Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Mon, 29 Jun 2009 10:29:08 -0700

OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10263
Informational microsoft-ds (445/tcp) A CIFS server is running on this port
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.11011
Informational microsoft-ds (445/tcp) It was possible to log into the remote host using user defined
login/password combinations :

OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10394
Informational blackjack (1025/tcp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.

An attacker may use this fact to gain more knowledge
about the remote host.


Here is the list of DCE services running on this port:

UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.1.105[1025]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access

UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
Endpoint: ncacn_ip_tcp:192.168.1.105[1025]
Annotation: IPSec Policy agent endpoint
Named pipe : spoolss
Win32 service or process : spoolsv.exe
Description : Spooler service



Solution : filter incoming traffic to this port.
Risk factor : Low
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10736
Informational kyoceranetdev (1063/tcp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.

An attacker may use this fact to gain more knowledge
about the remote host.


Here is the list of DCE services running on this port:

UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.1.105[1063]

UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.1.105[1063]

UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.1.105[1063]

UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.1.105[1063]



Solution : filter incoming traffic to this port.
Risk factor : Low
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10736
Informational rdrmshc (1075/tcp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.

An attacker may use this fact to gain more knowledge
about the remote host.


Here is the list of DCE services running on this port:

UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:192.168.1.105[1075]

UUID: 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3
Endpoint: ncacn_ip_tcp:192.168.1.105[1075]

UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.1.105[1075]



Solution : filter incoming traffic to this port.
Risk factor : Low
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10736
Informational dab-sti-c (1076/tcp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.

An attacker may use this fact to gain more knowledge
about the remote host.


Here is the list of DCE services running on this port:

UUID: 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3
Endpoint: ncacn_ip_tcp:192.168.1.105[1076]

UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.1.105[1076]



Solution : filter incoming traffic to this port.
Risk factor : Low
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10736
Informational imgames (1077/tcp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.

An attacker may use this fact to gain more knowledge
about the remote host.


Here is the list of DCE services running on this port:

UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.1.105[1077]



Solution : filter incoming traffic to this port.
Risk factor : Low
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10736
Informational enpp (2968/tcp) A web server is running on this port
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10330
Informational enpp (2968/tcp) The remote web server type is :

Microsoft-IIS/6.0

OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10107
Informational enpp (2968/tcp) The following directories were discovered:
/help, /images

While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards

Other references : OWASP:OWASP-CM-006
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.11032
Informational enpp (2968/tcp) The remote IIS server *seems* to be Microsoft IIS 6.0 - w2k3 build 3790

OpenVAS ID : 1.3.6.1.4.1.25623.1.0.11874
Informational general/tcp ICMP based OS fingerprint results:

Microsoft Windows 2003 Server Enterprise Edition (accuracy 100%)
Microsoft Windows 2003 Server Standard Edition (accuracy 100%)
Microsoft Windows XP SP2 (accuracy 100%)


OpenVAS ID : 1.3.6.1.4.1.25623.1.0.102002
Informational general/tcp Nikto could not be found in your system path.
OpenVAS was unable to execute Nikto and to perform the scan you
requested.
Please make sure that Nikto is installed and that nikto.pl or nikto is
available in the PATH variable defined for your environment.
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.14260
Informational general/tcp Information about this scan :

OpenVAS version : 2.0.1
Plugin feed version : 200906251300
Type of plugin feed : OpenVAS NVT Feed
Scanner IP : 192.168.1.106
Port scanner(s) : openvas_tcp_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Max hosts : 20
Max checks : 4
Scan duration : unknown (ping_host.nasl not launched?)

OpenVAS ID : 1.3.6.1.4.1.25623.1.0.19506
Warning netbios-ns (137/udp) The following 4 NetBIOS names have been gathered :
WIN2KR2 = This is the computer name registered for workstation services by a WINS client.
WORKGROUP = Workgroup / Domain name
WIN2KR2 = Computer name
WORKGROUP = Workgroup / Domain name (part of the Browser elections)
The remote host has the following MAC address on its adapter :
00:0c:29:10:6e:15

If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.

Risk factor : Medium
CVE : CAN-1999-0621
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.10150
Informational general/SMB WINDOWS\system32\Dnsapi.dll not found/no access ->

CVE : CVE-2008-0087
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.90020
Informational general/SMB WINDOWS\system32\Dnsapi.dll not found/no access -> Domain=[WORKGROUP] OS=[Windows Server 2003 3790 Service Pack 1] Server=[Windows Server 2003 5.2]
tree connect failed: NT_STATUS_ACCESS_DENIED

CVE : CVE-2008-0087
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.90020
Informational general/SMB .NET V2xx not found/no access -> Domain=[WORKGROUP] OS=[Windows Server 2003 3790 Service Pack 1] Server=[Windows Server 2003 5.2]
tree connect failed: NT_STATUS_ACCESS_DENIED

CVE : CVE-2007-0043
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.90010
Informational general/SMB .NET V2xx not found/no access ->

CVE : CVE-2007-0043
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.90010
Informational general/SMB WINDOWS\system32\drivers\mrxdav.sys not found/no access -> Domain=[WORKGROUP] OS=[Windows Server 2003 3790 Service Pack 1] Server=[Windows Server 2003 5.2]
tree connect failed: NT_STATUS_ACCESS_DENIED

CVE : CVE-2008-0080
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.90015
Informational general/SMB WINDOWS\system32\drivers\mrxdav.sys not found/no access ->

CVE : CVE-2008-0080
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.90015
Informational general/SMB WINDOWS\system32\Msjint40.dll not found/no access -> Domain=[WORKGROUP] OS=[Windows Server 2003 3790 Service Pack 1] Server=[Windows Server 2003 5.2]
tree connect failed: NT_STATUS_ACCESS_DENIED

CVE : CVE-2007-6026
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.90024
Informational general/SMB WINDOWS\system32\Msjet40.dll not found/no access -> Domain=[WORKGROUP] OS=[Windows Server 2003 3790 Service Pack 1] Server=[Windows Server 2003 5.2]
tree connect failed: NT_STATUS_ACCESS_DENIED

CVE : CVE-2007-6026
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.90024
Informational general/SMB WINDOWS\system32\Msjet40.dll not found/no access ->

CVE : CVE-2007-6026
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.90024
Informational general/SMB WINDOWS\system32\Msjint40.dll not found/no access ->

CVE : CVE-2007-6026
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.90024
Informational general/SMB WINDOWS\system32\Msjet40.dll not found/no access ->

CVE : CVE-2007-6026
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.90024
Informational general/SMB WINDOWS\system32\Msjet40.dll not found/no access -> Domain=[WORKGROUP] OS=[Windows Server 2003 3790 Service Pack 1] Server=[Windows Server 2003 5.2]
tree connect failed: NT_STATUS_ACCESS_DENIED

CVE : CVE-2007-6026
OpenVAS ID : 1.3.6.1.4.1.25623.1.0.90024
Informational general/SMBClient OS Version = WINDOWS SERVER 2003 3790 SERVICE PACK 1
Domain = WORKGROUP
SMB Serverversion = WINDOWS SERVER 2003 5.2

OpenVAS ID : 1.3.6.1.4.1.25623.1.0.90011
This file was generated by the OpenVAS security scanner.