| Security Issues and Fixes: 192.168.1.92 |
| Type |
Port |
Issue and Fix |
| Informational |
ssh (22/tcp) |
An ssh server is running on this port
Nessus ID : 10330 |
| Informational |
ssh (22/tcp) |
Synopsis :
The remote service offers an insecure cryptographic protocol
Description :
The remote SSH daemon supports connections made
using the version 1.33 and/or 1.5 of the SSH protocol.
These protocols are not completely cryptographically
safe so they should not be used.
Solution :
Disable compatibility with version 1 of the protocol.
Risk factor :
Low / CVSS Base Score : 3
(AV:R/AC:H/Au:NR/C:P/A:N/I:N/B:C)
CVE : CVE-2001-0361
BID : 2344
Other references : OSVDB:2116
Nessus ID : 10882 |
| Informational |
ssh (22/tcp) |
Synopsis :
A SSH server is running on the remote host.
Description :
This plugin determines which versions of the SSH protocol
the remote SSH daemon supports.
Risk factor :
None
Plugin output :
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.33
. 1.5
. 1.99
. 2.0
SSHv1 host key fingerprint : 85:6c:aa:98:29:50:d7:97:84:98:c7:8d:ea:ba:cb:64
SSHv2 host key fingerprint : 24:01:c4:14:27:e5:4c:a3:6a:44:0a:b3:91:9f:c5:08
Nessus ID : 10881 |
| Informational |
ssh (22/tcp) |
Synopsis :
An SSH server is listening on this port.
Description :
It is possible to obtain information about the remote SSH
server by sending an empty authentication request.
Risk factor :
None
Plugin output :
SSH version : SSH-1.99-OpenSSH_3.9p1
SSH supported authentication : publickey,gssapi-with-mic,password
Nessus ID : 10267 |
| Informational |
general/udp |
For your information, here is the traceroute from 192.168.1.97 to 192.168.1.92 :
192.168.1.97
192.168.1.92
Nessus ID : 10287 |
| Informational |
general/icmp |
Synopsis :
It is possible to determine the exact time set on the remote host.
Description :
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution :
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp
replies (14).
Risk factor :
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Plugin output :
The difference between the local and remote clocks is 35942 seconds
CVE : CVE-1999-0524
Nessus ID : 10114 |
| Informational |
general/tcp |
Synopsis :
The remote service implements TCP timestamps.
Description :
The remote host implements TCP timestamps, as defined by RFC1323.
A side effect of this feature is that the uptime of the remote
host can be sometimes be computed.
See also :
http://www.ietf.org/rfc/rfc1323.txt
Risk factor :
None
Nessus ID : 25220 |
| Informational |
general/tcp |
Information about this scan :
Nessus version : 3.0.6
Plugin feed version : 200706261310
Type of plugin feed : Release
Scanner IP : 192.168.1.97
Port scanner(s) : nessus_tcp_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 0
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
Max hosts : 20
Max checks : 4
Scan Start Date : 2007/7/27 20:10
Scan duration : 137 sec
Nessus ID : 19506 |
| Informational |
general/tcp |
Remote operating system : Linux Kernel 2.6
Confidence Level : 70
Method : SinFP
The remote host is running Linux Kernel 2.6
Nessus ID : 11936 |
| Informational |
general/tcp |
Synopsis :
The remote host seems to be a VMWare virtual machine.
Description :
According to the MAC address of its network adapter, the remote host
is a VMWare virtual machine running.
Since it is physically accessible through the network, you should
ensure that its configuration matches the one of your corporate
security policy.
Risk factor :
None
Nessus ID : 20094 |
| Informational |
general/tcp |
Using the remote HTTP banner, it is possible to guess that the
Linux distribution installed on the remote host is :
- Red Hat Enterprise Linux 4
Nessus ID : 18261 |
| Informational |
ftp (21/tcp) |
An FTP server is running on this port.
Here is its banner :
220 (vsFTPd 2.0.1)
Nessus ID : 10330 |
| Informational |
ftp (21/tcp) |
Synopsis :
Anonymous logins are allowed on the remote FTP server.
Description :
This FTP service allows anonymous logins. If you do not want to share data
with anyone you do not know, then you should deactivate the anonymous account,
since it can only cause troubles.
Risk factor :
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
CVE : CVE-1999-0497
Nessus ID : 10079 |
| Informational |
ftp (21/tcp) |
Synopsis :
An FTP server is listening on this port
Description :
It is possible to obtain the banner of the remote FTP server
by connecting to the remote port.
Risk factor :
None
Plugin output :
The remote FTP banner is :
220 (vsFTPd 2.0.1)
Nessus ID : 10092 |
| Informational |
http (80/tcp) |
A web server is running on this port
Nessus ID : 10330 |
| Informational |
http (80/tcp) |
Synopsis :
Debugging functions are enabled on the remote HTTP server.
Description :
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject to
cross-site-scripting attacks, dubbed XST for "Cross-Site-Tracing", when
used in conjunction with various weaknesses in browsers.
An attacker may use this flaw to trick your legitimate web users to give
him their credentials.
Solution :
Disable these methods.
See also :
http://www.kb.cert.org/vuls/id/867593
Risk factor :
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Solution :
Add the following lines for each virtual host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
Plugin output :
The server response from a TRACE request is :
TRACE /Nessus1554194497.html HTTP/1.1
Connection: Close
Host: 192.168.1.92
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8
CVE : CVE-2004-2320
BID : 9506, 9561, 11604
Other references : OSVDB:877, OSVDB:3726
Nessus ID : 11213 |
| Informational |
http (80/tcp) |
Synopsis :
Some information about the remote HTTP configuration can be
extracted.
Description :
This test gives some information about the remote HTTP protocol - the version
used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem
Solution :
None.
Risk factor :
None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)
Plugin output :
Protocol version : HTTP/1.1
SSL : no
Pipelining : no
Keep-Alive : no
Options allowed : GET,HEAD,POST,OPTIONS,TRACE
Headers :
Date: Fri, 27 Jul 2007 00:13:22 GMT
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Content-Length: 3985
Connection: close
Content-Type: text/html; charset=UTF-8
Nessus ID : 24260 |
| Informational |
http (80/tcp) |
Synopsis :
A web server is running on the remote host.
Description :
This plugin attempts to determine the type and the version of
the remote web server.
Risk factor :
None
Plugin output :
The remote web server type is :
Apache/2.0.52 (Red Hat)
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Nessus ID : 10107 |
| Informational |
http (80/tcp) |
Synopsis :
It is possible to enumerate web directories.
Description :
This plugin attempts to determine the presence of various
common dirs on the remote web server.
Risk factor :
None
Plugin output :
The following directories were discovered:
/cgi-bin, /error, /icons, /manual
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Other references : OWASP:OWASP-CM-006
Nessus ID : 11032 |