Summary
This document reports on the results of an automatic security scan. The report first summarises the results found. Then, for each host, the report describes every issue found. Please consider the advice given in each description, in order to rectify the issue.
Vendor security updates are not trusted.
Overrides are on. When a result has an override, this report uses the threat of the override.
Information on overrides is included in the report.
Notes are included in the report.
This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level "Log" are not shown. Issues with the threat level "Debug" are not shown. Issues with the threat level "False Positive" are not shown. Only results with a minimum QoD of 70 are shown.
This report contains all 10 results selected by the filtering described above. Before filtering there were 35 results.
All dates are displayed using the timezone "Coordinated Universal Time", which is abbreviated "UTC".
| Scan started: | Sat May 20 04:57:49 2017 UTC |
| Scan ended: | Sat May 20 05:11:58 2017 UTC |
| Task: | win2k3 - full and deep |
Host Summary
| Host | Start | End | High | Medium | Low | Log | False Positive |
| 192.168.1.189 | May 20, 04:58:02 | May 20, 05:11:58 | 6 | 4 | 0 | 0 | 0 |
| Total: 1 | 6 | 4 | 0 | 0 | 0 |
Results per Host
Host 192.168.1.189
| Scanning of this host started at: | Sat May 20 04:58:02 2017 UTC |
| Number of results: | 10 |
Port Summary for Host 192.168.1.189
| Service (Port) | Threat Level |
| 135/tcp | Medium |
| 25/tcp | Medium |
| general/tcp | High |
| 80/tcp | High |
| 445/tcp | High |
Security Issues for Host 192.168.1.189
This host is missing a critical security update according to Microsoft Bulletin MS09-001.
Vulnerability was detected according to the Vulnerability Detection Method.
Successful exploitation could allow remote unauthenticated attackers to cause denying the service by sending a specially crafted network message to a system running the server service.
Impact Level: System/Network
Solution type: VendorFix
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx
Microsoft Windows 2K Service Pack 4 and prior. Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2003 Service Pack 2 and prior.
The issue is due to the way Server Message Block (SMB) Protocol software handles specially crafted SMB packets.
Details: Vulnerabilities in SMB Could Allow Remote Code Execution (958687) - Remote (OID: 1.3.6.1.4.1.25623.1.0.900233)
Version used: $Revision: 5502 $
| CVE: | CVE-2008-4114, CVE-2008-4834, CVE-2008-4835 |
| BID: | 31179 |
| Other: | http://www.milw0rm.com/exploits/6463 |
| http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx |
Microsoft Internet Information Services is prone to a buffer overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
Vulnerability was detected according to the Vulnerability Detection Method.
Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
Solution type: NoneAvailable
Windows 2003 is EOL. Please update to s supported vewrsion.
Microsoft Internet Information Services 6.0 running on Microsoft Windows Server 2003 R2 is vulnerable other versions may also be affected.
Check the version and if WebDAV is enabled.
Details: Microsoft Internet Information Services Buffer Overflow Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.140228)
Version used: $Revision: 5804 $
| Product: | cpe:/a:microsoft:iis:6.0 |
| Method: | Microsoft IIS Webserver Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900710) |
| CVE: | CVE-2017-7269 |
| BID: | 97127 |
| Other: | http://www.securityfocus.com/bid/97127 |
| http://www.microsoft.com | |
| https://github.com/edwardz246003/IIS_exploit |
The Microsoft IIS Web Server version on the remote host has reached the end of life and should not be used anymore.
The Microsoft IIS Web Server version has reached the end of life. Installed version: 6.0 EOL version: 6.0 EOL date: 2015-07-14
An end of life version of Microsoft IIS Web Server is not receiving any security updates from the vendor. Unfixed security vulnerabilities might be leveraged by an attacker to compromise the security of this host.
Solution type: VendorFix
The Microsoft IIS Web Server version is tightly coupled to the operation system on the remote host. Updating the operation system to a supported version is required.
Get the installed version with the help of the detect NVT and check if the version is unsupported.
Details: Microsoft IIS Web Server End Of Life Detection (OID: 1.3.6.1.4.1.25623.1.0.108114)
Version used: $Revision: 5809 $
| Product: | cpe:/a:microsoft:iis:6.0 |
| Method: | Microsoft IIS Webserver Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900710) |
| Other: | https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20Internet%20Information%20Services |
This host is missing a critical security update according to Microsoft Bulletin MS10-012.
Vulnerability was detected according to the Vulnerability Detection Method.
Successful exploitation will allow remote attackers to execute arbitrary code or cause a denial of service or bypass the authentication mechanism via brute force technique. Impact Level: System/Application
Solution type: VendorFix
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms10-012.mspx
Microsoft Windows 7 Microsoft Windows 2000 Service Pack and prior Microsoft Windows XP Service Pack 3 and prior Microsoft Windows Vista Service Pack 2 and prior Microsoft Windows Server 2003 Service Pack 2 and prior Microsoft Windows Server 2008 Service Pack 2 and prior
- An input validation error exists while processing SMB requests and can be exploited to cause a buffer overflow via a specially crafted SMB packet. - An error exists in the SMB implementation while parsing SMB packets during the Negotiate phase causing memory corruption via a specially crafted SMB packet. - NULL pointer dereference error exists in SMB while verifying the 'share' and 'servername' fields in SMB packets causing denial of service. - A lack of cryptographic entropy when the SMB server generates challenges during SMB NTLM authentication and can be exploited to bypass the authentication mechanism.
Details: Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468) (OID: 1.3.6.1.4.1.25623.1.0.902269)
Version used: $Revision: 5437 $
| CVE: | CVE-2010-0020, CVE-2010-0021, CVE-2010-0022, CVE-2010-0231 |
| CERT: | DFN-CERT-2010-0192 |
| Other: | http://secunia.com/advisories/38510/ |
| http://support.microsoft.com/kb/971468 | |
| http://www.vupen.com/english/advisories/2010/0345 | |
| http://www.microsoft.com/technet/security/bulletin/ms10-012.mspx |
This host is running Linux and prone to remote denial of service vulnerability.
Vulnerability was detected according to the Vulnerability Detection Method.
Successful exploitation may allow remote attackers to cause a kernel crash, denying service to legitimate users. Impact Level: System
Upgrade to Linux Kernel version 3.0.17, 3.1.9 or 3.2.1 For updates refer to http://www.kernel.org
Linux Kernels above or equal to 2.6.36
The flaw is due to an error in IGMP protocol implementation, which can be exploited to cause a kernel crash via specially crafted IGMP queries.
Details: Linux Kernel IGMP Remote Denial Of Service Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.802295)
Version used: $Revision: 5888 $
| CVE: | CVE-2012-0207 |
| BID: | 51343 |
| CERT: | DFN-CERT-2012-2075, DFN-CERT-2012-1697, DFN-CERT-2012-1272, DFN-CERT-2012-0426, DFN-CERT-2012-0360, DFN-CERT-2012-0241 |
| Other: | http://secunia.com/advisories/47472 |
| http://www.exploit-db.com/exploits/18378 | |
| http://www.securitytracker.com/id/1026526 | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876 | |
| http://womble.decadent.org.uk/blog/igmp-denial-of-service-in-linux-cve-2012-0207.html | |
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27 |
The host is running Microsoft IIS Webserver with WebDAV Module and is prone to remote authentication bypass vulnerability.
Vulnerability was detected according to the Vulnerability Detection Method.
Successful exploitation will let the attacker craft malicious UNICODE characters and send it over the context of IIS Webserver where WebDAV is enabled. As a result due to lack of security implementation check it will let the user fetch password protected directories without any valid authentications.
Impact Level: Application
Solution type: VendorFix
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS09-020.mspx
Microsoft Internet Information Services version 5.0 to 6.0
Workaround: Disable WebDAV or Upgrade to Microsoft IIS 7.0 http://www.microsoft.com/technet/security/advisory/971492.mspx
Due to the wrong implementation of UNICODE characters support (WebDAV extension) for Microsoft IIS Server which fails to decode the requested URL properly. Unicode character checks are being done after IIS Server internal security check, which lets the attacker execute any crafted UNICODE character in the HTTP requests to get information on any password protected directories without any authentication schema.
Details: Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.900711)
Version used: $Revision: 4702 $
| Product: | cpe:/a:microsoft:iis:6.0 |
| Method: | Microsoft IIS Webserver Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900710) |
| CVE: | CVE-2009-1535 |
| BID: | 34993 |
| Other: | http://view.samurajdata.se/psview.php?id=023287d6&page=2 |
| http://www.microsoft.com/technet/security/advisory/971492.mspx | |
| http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html | |
| http://downloads.securityfocus.com/vulnerabilities/exploits/34993.rb | |
| http://downloads.securityfocus.com/vulnerabilities/exploits/34993.txt |
The Microsoft Windows Simple Mail Transfer Protocol (SMTP) Server is prone to a DNS spoofing vulnerability.
Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.
Vulnerability was detected according to the Vulnerability Detection Method.
This issue is reported to be patched in Microsoft security advisory MS10-024 please see the references for more information.
Details: Microsoft Windows SMTP Server DNS spoofing vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100624)
Version used: $Revision: 5323 $
| CVE: | CVE-2010-1690, CVE-2010-1689 |
| BID: | 39910, 39908 |
| Other: | http://www.securityfocus.com/bid/39910 |
| http://www.securityfocus.com/bid/39908 | |
| http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html | |
| http://www.microsoft.com | |
| http://www.coresecurity.com/content/CORE-2010-0424-windows-stmp-dns-query-id-bugs | |
| http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx |
The Microsoft Windows Simple Mail Transfer Protocol (SMTP) Server is prone to a denial-of-service vulnerability and to to an information-disclosure vulnerability.
Successful exploits of the denial-of-service vulnerability will cause the affected SMTP server to stop responding, denying service to legitimate users.
Attackers can exploit the information-disclosure issue to gain access to sensitive information. Any information obtained may lead to further attacks.
Vulnerability was detected according to the Vulnerability Detection Method.
Microsoft released fixes to address this issue. Please see the references for more information.
Details: Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability (OID: 1.3.6.1.4.1.25623.1.0.100596)
Version used: $Revision: 5323 $
| CVE: | CVE-2010-0024, CVE-2010-0025 |
| BID: | 39308, 39381 |
| CERT: | DFN-CERT-2010-0523 |
| Other: | http://www.securityfocus.com/bid/39308 |
| http://www.securityfocus.com/bid/39381 | |
| http://www.microsoft.com | |
| http://support.avaya.com/css/P8/documents/100079218 | |
| http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx |
Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.
Here is the list of DCE services running on this host via the TCP protocol:
Port: 1025/tcp
UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:192.168.1.189[1025]
UUID: 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3
Endpoint: ncacn_ip_tcp:192.168.1.189[1025]
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.1.189[1025]
Port: 1026/tcp
UUID: 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3
Endpoint: ncacn_ip_tcp:192.168.1.189[1026]
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.1.189[1026]
Port: 1027/tcp
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:192.168.1.189[1027]
Port: 1029/tcp
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
Endpoint: ncacn_ip_tcp:192.168.1.189[1029]
Named pipe : lsass
Win32 service or process : lsass.exe
Description : SAM access
Note: DCE services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
An attacker may use this fact to gain more knowledge about the remote host.
Solution type: Mitigation
Filter incoming traffic to this port.
Details: DCE Services Enumeration Reporting (OID: 1.3.6.1.4.1.25623.1.0.10736)
Version used: $Revision: 4998 $
Ensure that the server is running the latest stable Service Pack
The remote IIS server *seems* to be Microsoft IIS 6.0 - w2k3 build 3790
Solution type: VendorFix
The Patch level (Service Pack) of the remote IIS server appears to be lower than the current IIS service pack level. As each service pack typically contains many security patches, the server may be at risk.
Caveat: This test makes assumptions of the remote patch level based on static return values (Content-Length) within the IIS Servers 404 error message. As such, the test can not be totally reliable and should be manually confirmed.
Details: IIS Service Pack - 404 (OID: 1.3.6.1.4.1.25623.1.0.11874)
Version used: $Revision: 4703 $
| Product: | cpe:/a:microsoft:iis:6.0 |
| Method: | Microsoft IIS Webserver Version Detection (OID: 1.3.6.1.4.1.25623.1.0.900710) |