| Security Issues and Fixes: www.kwark.org |
| Type |
Port |
Issue and Fix |
| Vulnerability |
xdm (6000/tcp) |
This X server accepts clients from anywhere. This
allows an attacker to connect to it and record any of your keystrokes.
Here is the server version : 11.0
Here is the server type :
Solution : use xauth or MIT cookies to restrict the access to this server
Risk factor : High
CVE : CVE-1999-0526
Nessus ID : 10407 |
| Vulnerability |
smtp (25/tcp) |
The remote host is running a version of the Exim MTA which is as old
as, or older than 4.21
There is a vulnerability in this server which might allow an attacker
to gain a shell on this host, although it currently is considered as being
unexploitable.
Solution : Upgrade to Exim 4.22
Risk Factor : High
CVE : CAN-2003-0743
BID : 8518
Nessus ID : 11828 |
| Informational |
smtp (25/tcp) |
An SMTP server is running on this port
Here is its banner :
220 kwark ESMTP Exim 3.36 #1 Tue, 16 Mar 2004 07:40:45 +0100
Nessus ID : 10330 |
| Informational |
smtp (25/tcp) |
Remote SMTP server banner :
220 kwark ESMTP Exim 3.36 #1 Tue, 16 Mar 2004 07:40:47 +0100
This is probably: Exim version 3.36
Nessus ID : 10263 |
| Informational |
smtp (25/tcp) |
This server could be fingerprinted as being Exim 2.12,3.12,3.22,3.33,3.35,4.01,4.12
Nessus ID : 11421 |
| Vulnerability |
ssh (22/tcp) |
You are running a version of OpenSSH which is older than 3.0.1.
Versions older than 3.0.1 are vulnerable to a flaw in which
an attacker may authenticate, provided that Kerberos V support
has been enabled (which is not the case by default).
It is also vulnerable as an excessive memory clearing bug,
believed to be unexploitable.
*** You may ignore this warning if this host is not using
*** Kerberos V
Solution : Upgrade to OpenSSH 3.0.1
Risk factor : Low (if you are not using Kerberos) or High (if kerberos is enabled)
CVE : CVE-2002-0083
BID : 3560, 4560, 4241
Nessus ID : 10802 |
| Vulnerability |
ssh (22/tcp) |
You are running a version of OpenSSH which is older than 3.7.1
Versions older than 3.7.1 are vulnerable to a flaw in the buffer management
functions which might allow an attacker to execute arbitrary commands on this
host.
An exploit for this issue is rumored to exist.
Note that several distribution patched this hole without changing
the version number of OpenSSH. Since Nessus solely relied on the
banner of the remote SSH server to perform this check, this might
be a false positive.
If you are running a RedHat host, make sure that the command :
rpm -q openssh-server
Returns :
openssh-server-3.1p1-13 (RedHat 7.x)
openssh-server-3.4p1-7 (RedHat 8.0)
openssh-server-3.5p1-11 (RedHat 9)
Solution : Upgrade to OpenSSH 3.7.1
See also : http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2
Risk factor : High
CVE : CAN-2003-0682, CAN-2003-0693, CAN-2003-0695
BID : 8628
Other references : RHSA:RHSA-2003:279-02, SuSE:SUSE-SA:2003:039
Nessus ID : 11837 |
| Vulnerability |
ssh (22/tcp) |
You are running a version of OpenSSH which is older than 3.1.
Versions prior than 3.1 are vulnerable to an off by one error
that allows local users to gain root access, and it may be
possible for remote users to similarly compromise the daemon
for remote access.
In addition, a vulnerable SSH client may be compromised by
connecting to a malicious SSH daemon that exploits this
vulnerability in the client code, thus compromising the
client system.
Solution : Upgrade to OpenSSH 3.1 or apply the patch for
prior versions. (See: http://www.openssh.org)
Risk factor : High
CVE : CVE-2002-0083
BID : 4241
Nessus ID : 10883 |
| Vulnerability |
ssh (22/tcp) |
You are running a version of OpenSSH which is older than 3.4
There is a flaw in this version that can be exploited remotely to
give an attacker a shell on this host.
Note that several distribution patched this hole without changing
the version number of OpenSSH. Since Nessus solely relied on the
banner of the remote SSH server to perform this check, this might
be a false positive.
If you are running a RedHat host, make sure that the command :
rpm -q openssh-server
Returns :
openssh-server-3.1p1-6
Solution : Upgrade to OpenSSH 3.4 or contact your vendor for a patch
Risk factor : High
CVE : CVE-2002-0639, CVE-2002-0640, CAN-2002-0639, CAN-2002-0640
BID : 5093
Nessus ID : 11031 |
| Vulnerability |
ssh (22/tcp) |
You are running a version of OpenSSH which is older than 3.0.2.
Versions prior than 3.0.2 are vulnerable to an environment
variables export that can allow a local user to execute
command with root privileges.
This problem affect only versions prior than 3.0.2, and when
the UseLogin feature is enabled (usually disabled by default)
Solution : Upgrade to OpenSSH 3.0.2 or apply the patch for prior
versions. (Available at: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH)
Risk factor : High (If UseLogin is enabled, and locally)
CVE : CVE-2001-0872
BID : 3614
Nessus ID : 10823 |
| Vulnerability |
ssh (22/tcp) |
You are running a version of OpenSSH older than OpenSSH 3.2.1
A buffer overflow exists in the daemon if AFS is enabled on
your system, or if the options KerberosTgtPassing or
AFSTokenPassing are enabled. Even in this scenario, the
vulnerability may be avoided by enabling UsePrivilegeSeparation.
Versions prior to 2.9.9 are vulnerable to a remote root
exploit. Versions prior to 3.2.1 are vulnerable to a local
root exploit.
Solution :
Upgrade to the latest version of OpenSSH
Risk factor : High
CVE : CVE-2002-0575, CAN-2002-0575
BID : 4560
Nessus ID : 10954 |
| Warning |
ssh (22/tcp) |
You are running a version of OpenSSH between 2.5.x and
2.9.x
Depending on the order of the user keys in
~/.ssh/authorized_keys2, sshd might fail to
apply the source IP based access control
restriction to the correct key.
This problem allows users to circumvent
the system policy and login from disallowed
source IP address.
Solution :
Upgrade to OpenSSH 2.9.9
Risk factor : Medium
CVE : CVE-2001-0816
BID : 3369
Nessus ID : 10771 |
| Warning |
ssh (22/tcp) |
You are running OpenSSH-portable 3.6.1 or older.
There is a flaw in this version which may allow an attacker to
bypass the access controls set by the administrator of this server.
OpenSSH features a mechanism which can restrict the list of
hosts a given user can log from by specifying a pattern
in the user key file (ie: *.mynetwork.com would let a user
connect only from the local network).
However there is a flaw in the way OpenSSH does reverse DNS lookups.
If an attacker configures his DNS server to send a numeric IP address
when a reverse lookup is performed, he may be able to circumvent
this mechanism.
Solution : Upgrade to OpenSSH 3.6.2 when it comes out
Risk Factor : Low
CVE : CAN-2003-0386
BID : 7831
Nessus ID : 11712 |
| Warning |
ssh (22/tcp) |
The remote SSH daemon supports connections made
using the version 1.33 and/or 1.5 of the SSH protocol.
These protocols are not completely cryptographically
safe so they should not be used.
Solution :
If you use OpenSSH, set the option 'Protocol' to '2'
If you use SSH.com's set the option 'Ssh1Compatibility' to 'no'
Risk factor : Low
Nessus ID : 10882 |
| Warning |
ssh (22/tcp) |
You are running OpenSSH-portable 3.6.1p1 or older.
If PAM support is enabled, an attacker may use a flaw in this version
to determine the existence or a given login name by comparing the times
the remote sshd daemon takes to refuse a bad password for a non-existent
login compared to the time it takes to refuse a bad password for a
valid login.
An attacker may use this flaw to set up a brute force attack against
the remote host.
*** Nessus did not check whether the remote SSH daemon is actually
*** using PAM or not, so this might be a false positive
Solution : Upgrade to OpenSSH-portable 3.6.1p2 or newer
Risk Factor : Low
CVE : CAN-2003-0190
BID : 7482, 7467, 7342
Other references : RHSA:RHSA-2003:222-01
Nessus ID : 11574 |
| Informational |
ssh (22/tcp) |
An ssh server is running on this port
Nessus ID : 10330 |
| Informational |
ssh (22/tcp) |
Remote SSH version : SSH-1.99-OpenSSH_2.5.2p2
Nessus ID : 10267 |
| Informational |
ssh (22/tcp) |
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.33
. 1.5
. 1.99
. 2.0
Nessus ID : 10881 |
| Informational |
unknown (111/tcp) |
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
Nessus ID : 10223 |
| Informational |
unknown (111/tcp) |
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111 |
| Warning |
unknown (747/tcp) |
The fam RPC service is running.
Several versions of this service have a well-known buffer overflow condition
that allows intruders to execute arbitrary commands as root on this system.
Solution : disable this service in /etc/inetd.conf
See also : http://www.nai.com/nai_labs/asp_set/advisory/16_fam_adv.asp
Risk factor : High
CVE : CVE-1999-0059
BID : 353
Nessus ID : 10216 |
| Informational |
unknown (747/tcp) |
RPC program #391002 version 2 'sgi_fam' (fam) is running on this port
Nessus ID : 11111 |
| Informational |
unknown (111/udp) |
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
Nessus ID : 11111 |
| Informational |
unknown (53/tcp) |
BIND 'NAMED' is an open-source DNS server from ISC.org.
Many proprietary DNS servers are based on BIND source code.
The BIND based NAMED servers (or DNS servers) allow remote users
to query for version and type information. The query of the CHAOS
TXT record 'version.bind', will typically prompt the server to send
the information back to the querying source.
The remote bind version is : 8.4.4-NOESW
Solution :
Using the 'version' directive in the 'options' section will block
the 'version.bind' query, but it will not log such attempts.
Nessus ID : 10028 |
| Informational |
unknown (53/tcp) |
A DNS server is running on this port. If you do not use it, disable it.
Risk factor : Low
Nessus ID : 11002 |
| Informational |
unknown (139/tcp) |
An SMB server is running on this port
Nessus ID : 11011 |
| Warning |
unknown (137/udp) |
The following 7 NetBIOS names have been gathered :
KWARK = This is the computer name registered for workstation services by a WINS client.
KWARK = This is the current logged in user registered for this workstation.
KWARK
__MSBROWSE__
DUCK = Workgroup / Domain name
DUCK
DUCK = Workgroup / Domain name (part of the Browser elections)
. This SMB server seems to be a SAMBA server (this is not a security
risk, this is for your information). This can be told because this server
claims to have a null MAC address
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
Nessus ID : 10150 |
| Vulnerability |
unknown (80/tcp) |
The 'test-cgi' cgi is installed. This CGI has
a well known security flaw that lets an attacker read arbitrary
files with the privileges of the http daemon (usually root or nobody).
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CVE-1999-0070
BID : 2003
Nessus ID : 10282 |
| Vulnerability |
unknown (80/tcp) |
The 'guestbook.pl' is installed. This CGI has
a well known security flaw that lets anyone execute arbitrary
commands with the privileges of the http daemon (root or nobody).
Solution : remove it from /cgi-bin.
Risk factor : Serious
CVE : CAN-1999-1053
BID : 776
Nessus ID : 10099 |
| Vulnerability |
unknown (80/tcp) |
The remote host appears to be running a version of Apache which is older
than 1.3.29
There are several flaws in this version, which may allow an attacker to
possibly execute arbitrary code through mod_alias and mod_rewrite.
You should upgrade to 1.3.29 or newer.
*** Note that Nessus solely relied on the version number
*** of the remote server to issue this warning. This might
*** be a false positive
Solution : Upgrade to version 1.3.29
See also : http://www.apache.org/dist/httpd/Announcement.html
Risk factor : High
CVE : CAN-2003-0542
Nessus ID : 11915 |
| Vulnerability |
unknown (80/tcp) |
The remote host appears to be running a version of
Apache which is older than 1.3.28
There are several flaws in this version, which may allow
an attacker to disable the remote server remotely.
You should upgrade to 1.3.28 or newer.
*** Note that Nessus solely relied on the version number
*** of the remote server to issue this warning. This might
*** be a false positive
Solution : Upgrade to version 1.3.28
See also : http://www.apache.org/dist/httpd/Announcement.html
Risk factor : High
CVE : CAN-2003-0460, CAN-2002-0061
BID : 8226
Nessus ID : 11793 |
| Vulnerability |
unknown (80/tcp) |
RedHat Linux 6.0 installs by default a squid cache manager cgi script with
no restricted access permissions. This script could be used to perform a
port scan from the cgi-host machine.
Solution :
If you are not using the box as a Squid www proxy/cache server then
uninstall the package by executing:
/etc/rc.d/init.d/squid stop ; rpm -e squid
If you want to continue using the Squid proxy server software, make the
following actions to tighten security access to the manager interface:
mkdir /home/httpd/protected-cgi-bin
mv /home/httpd/cgi-bin/cachemgr.cgi /home/httpd/protected-cgi-bin/
And add the following directives to /etc/httpd/conf/access.conf and
srm.conf:
--- start access.conf segment ---
# Protected cgi-bin directory for programs that
# should not have public access
order deny,allow
deny from all
allow from localhost
#allow from .your_domain.com
AllowOverride None
Options ExecCGI
--- end access.conf segment ---
--- start srm.conf segment ---
ScriptAlias /protected-cgi-bin/ /home/httpd/protected-cgi-bin/
--- end srm.conf segment ---
Risk factor : High
CVE : CVE-1999-0710
BID : 2059
Nessus ID : 10034 |
| Warning |
unknown (80/tcp) |
The remote web server seems to be vulnerable to the Cross Site Scripting vulnerability (XSS). The vulnerability is caused
by the result returned to the user when a non-existing file is requested (e.g. the result contains the JavaScript provided
in the request).
The vulnerability would allow an attacker to make the server present the user with the attacker's JavaScript/HTML code.
Since the content is presented by the server, the user will give it the trust
level of the server (for example, the trust level of banks, shopping centers, etc. would usually be high).
Sample url : http://194.109.195.58:80/<SCRIPT>alert('Vulnerable')</SCRIPT>.jsp
Risk factor : Medium
Solutions:
. Allaire/Macromedia Jrun:
- http://www.macromedia.com/software/jrun/download/update/
- http://www.securiteam.com/windowsntfocus/Allaire_fixes_Cross-Site_Scripting_security_vulnerability.html
. Microsoft IIS:
- http://www.securiteam.com/windowsntfocus/IIS_Cross-Site_scripting_vulnerability__Patch_available_.html
. Apache:
- http://httpd.apache.org/info/css-security/
. ColdFusion:
- http://www.macromedia.com/v1/handlers/index.cfm?ID=23047
. General:
- http://www.securiteam.com/exploits/Security_concerns_when_developing_a_dynamically_generated_web_site.html
- http://www.cert.org/advisories/CA-2000-02.html
BID : 5305, 7353, 7344, 8037, 9245
Nessus ID : 10815 |
| Warning |
unknown (80/tcp) |
Your webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
If you are using Sun ONE Web Server releases 6.0 SP2 and later, add the
following to the default object section in obj.conf:
<Client method="TRACE">
AuthTrans fn="set-variable"
remove-headers="transfer-encoding"
set-headers="content-length: -1"
error="501"
</Client>
If you are using Sun ONE Web Server releases 6.0 SP2 or below, compile
the NSAPI plugin located at:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
http://www.kb.cert.org/vuls/id/867593
Risk factor : Medium
Nessus ID : 11213 |
| Warning |
unknown (80/tcp) |
Here is a list of files which have been found on the remote web server.
Some of these files may contain copyrighted materials, such as commercial
movies or music files.
If any of this file actually contains copyrighted material and if
they are freely swapped around, your organization might be held liable
for copyright infringement by associations such as the RIAA or the MPAA.
- /gfx/cam/anim/20011109.Roodhaar-rilo.mpg
Solution : Delete all the copyrighted files
Nessus ID : 11778 |
| Warning |
unknown (80/tcp) |
Here is a list of files which have been found on the remote web server.
Some of these files may contain copyrighted materials, such as commercial
movies or music files.
If any of this file actually contains copyrighted material and if
they are freely swapped around, your organization might be held liable
for copyright infringement by associations such as the RIAA or the MPAA.
- /gfx/cam/anim/20020118.mpg
Solution : Delete all the copyrighted files
Nessus ID : 11778 |
| Warning |
unknown (80/tcp) |
Requesting the URI /server-status gives information about
the currently running Apache.
Risk factor : Low
Solution :
If you don't use this feature, comment the appropriate section in
your httpd.conf file. If you really need it, limit its access to
the administrator's machine.
Nessus ID : 10677 |
| Warning |
unknown (80/tcp) |
The remote host is running the 'Snif' CGI suite. There is a vulnerability in
it which may allow an attacker to insert a malicious HTML and/or Javascript
snipet in the response returned to a third party user (this problem is
known as a cross site scripting bug).
Solution: None at this time - disable this CGI suite
Risk factor: Medium
BID : 9179
Nessus ID : 11949 |
| Warning |
unknown (80/tcp) |
The remote host is running 'My Little Forum', a free CGI suite to manage
discussion forums.
This PHP/MySQL based forum suffers from a Cross Site Scripting vulnerability.
This can be exploited by including arbitrary HTML or even JavaScript code in
the parameters (forum_contact, category and page), which will be executed in
user's browser session when viewed.
Risk factor : Medium
Nessus ID : 11960 |
| Warning |
unknown (80/tcp) |
Agora is a CGI based e-commerce package. Due to poor input validation,
Agora allows an attacker to execute cross-site scripting attacks.
For example:
http://www.example.com/store/agora.cgi?cart_id=<SCRIPT>alert(document.domain)</SCRIPT>&xm=on&product=HTML
Solution : At the time of writing this test, no solution was available
for this problem. However, a new version of Agora may become available
at http://www.agoracgi.com. Please check the Agora CGI web site or
contact your vendor for the latest version.
Risk factor : High
CVE : CVE-2001-1199
BID : 3702
Nessus ID : 10836 |
| Warning |
unknown (80/tcp) |
Some Web Servers use a file called /robot(s).txt to make search engines and
any other indexing tools visit their WebPages more frequently and
more efficiently.
By connecting to the server and requesting the /robot(s).txt file, an
attacker may gain additional information about the system they are
attacking.
Such information as, restricted directories, hidden directories, cgi script
directories and etc. Take special care not to tell the robots not to index
sensitive directories, since this tells attackers exactly which of your
directories are sensitive.
The file 'robots.txt' contains the following:
# robots.txt file voor kwark.org
# 20020605,jip
# see www.kwark.org
User-agent: *
Disallow: /cgi-bin/sources
Disallow: /tv/
Disallow: /mp3/
Disallow: /Sites/
Disallow: /tmp
Disallow: /Gfx/Icons
Disallow: /gfx/icons
Disallow: /Gfx/cam/follow
Disallow: /y
#200301
Disallow: /Gfx/2002/incoming/
#200302
Disallow: /Gfx/Icons
#200305
Disallow: /x/awstats/
Disallow: /awstats
Disallow: /stats/analog.html
User-agent: Scooter
Disallow: *
User-agent: psbot
Disallow: /gfx
User-agent: psbot/0.1
Disallow: /gfx
User-agent: Slurp
Disallow: *
Disallow: /gfx
Disallow: /Gfx/2002
Disallow: /Gfx/2001
Disallow: /Gfx/2000
Disallow: /Gfx/Patrick
Disallow: /Gfx
User-agent: ZyBorg
Disallow: /gfx
User-agent: ia_archiver
Disallow: /gfx
User-agent: MSNBOT
Disallow: *
Risk factor : Medium
Nessus ID : 10302 |
| Informational |
unknown (80/tcp) |
The following directories were discovered:
/batch, /bin, /cgi-bin, /css, /gfx, /htbin, /icons, /incoming, /php, /pub, /server-status, /stats, /mp3, /tv, /Sites, /Gfx/Icons, /Gfx/cam/follow, /Gfx/2002/incoming, /x/awstats, /awstats, /Gfx, /Gfx/Patrick
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
The following directories require authentication:
/tmp, /y
Nessus ID : 11032 |
| Informational |
unknown (80/tcp) |
The following CGI have been discovered :
Syntax : cginame (arguments [default value])
/tv/index.pl (Interval [now] SortOrder [timed] WarnFav [on] )
/Gfx/2004/ (tmpl [image-foaf] D=A?tmpl [image-foaf] )
/XML/rss/ (M [A] N [A] D=D [] S [A] )
/tv/today.pl (end [20min] prut [] )
/y/person-admin.pl (imageid [/gfx/2004] )
/Gfx/2004 (tmpl [image-foaf] )
/x/lsgfx (woc [] 400 [] off=30;num=30;woc=;400=;q [] num [30] q [] off [0] )
/css/ (M [A] N [A] D=D [] S [A] )
/Gfx/ (autonext [60] random [1] )
/x/comments.pl (abouttitle [] action [add] name [] url [] about [] email [] )
/server-status (refresh [900] )
Nessus ID : 10662 |
| Informational |
unknown (80/tcp) |
This web server was fingerprinted as Apache/1.3.27-9 on Linux w/ mod_fastcgi?E
which is consistent with the displayed banner: Apache/1.3.27 (Unix) mod_gzip/1.3.26.1a mod_perl/1.27
Nessus ID : 11919 |
| Informational |
unknown (80/tcp) |
The remote web server type is :
Apache/1.3.27 (Unix) mod_gzip/1.3.26.1a mod_perl/1.27
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Nessus ID : 10107 |
| Informational |
unknown (80/tcp) |
An information leak occurs on Apache based web servers
whenever the UserDir module is enabled. The vulnerability allows an external
attacker to enumerate existing accounts by requesting access to their home
directory and monitoring the response.
Solution:
1) Disable this feature by changing 'UserDir public_html' (or whatever) to
'UserDir disabled'.
Or
2) Use a RedirectMatch rewrite rule under Apache -- this works even if there
is no such entry in the password file, e.g.:
RedirectMatch ^/~(.*)$ http://my-target-webserver.somewhere.org/$1
Or
3) Add into httpd.conf:
ErrorDocument 404 http://localhost/sample.html
ErrorDocument 403 http://localhost/sample.html
(NOTE: You need to use a FQDN inside the URL for it to work properly).
Additional Information:
http://www.securiteam.com/unixfocus/5WP0C1F5FI.html
Risk factor : Low
CVE : CAN-2001-1013
BID : 3335
Nessus ID : 10766 |
| Informational |
unknown (80/tcp) |
The remote host is running mod_gzip whose status can be
obtained by requesting /mod_gzip_status.
If you do not use this module, disable it completely.
Solution : Change the directive 'mod_gzip_command_version' to something secret
Risk Factor : Low
Nessus ID : 11685 |
| Vulnerability |
unknown (5432/tcp) |
The remote PostgreSQL server might be vulnerable to various flaws
which may allow an attacker who has the rights to query the remote
database to obtain a shell on this host.
*** Nessus was not able to remotely determine the version of the
*** remote PostgreSQL server, so this might be a false positive
Solution : Upgrade to postgresql 7.3.4 or newer
Risk factor : High
CVE : CAN-2003-0901
BID : 8741
Other references : RHSA:RHSA-2003:313-01
Nessus ID : 11916 |
| Vulnerability |
unknown (5432/tcp) |
The remote PostgreSQL server might be vulnerable to various flaws
which may allow an attacker who has the rights to query the remote
database to obtain a shell on this host.
*** Nessus was not able to remotely determine the version of the
*** remote PostgreSQL server, so this might be a false positive
Solution : Upgrade to postgresql 7.2.3 or newer
Risk factor : High
CVE : CAN-2002-1402, CAN-2002-1401, CAN-2002-1400, CAN-2002-1397, CAN-2002-1399
BID : 6610, 6614, 5527, 5497, 6615, 6611, 6612, 6613, 7075
Other references : RHSA:RHSA-2003:0010-10
Nessus ID : 11456 |
| Informational |
unknown (53/udp) |
A DNS server is running on this port. If you do not use it, disable it.
Risk factor : Low
Nessus ID : 11002 |
| Informational |
unknown (53/udp) |
The remote name server could be fingerprinted as being one of the following :
ISC BIND 8.3
ISC BIND 8.4
Nessus ID : 11951 |
| Vulnerability |
unknown (119/tcp) |
The remote version of INN is older
than version 1.6.
A lot of security holes have been found
older versions of INN. You should upgrade
to avoid any trouble.
Solution : upgrade to version 1.6 or newer.
Risk factor : High
CVE : CVE-1999-0705, CVE-1999-0043, CVE-1999-0247
BID : 616
Nessus ID : 10129 |
| Informational |
unknown (119/tcp) |
This NNTP server allows unauthenticated connections
For your information, we counted 233 newsgroups on this NNTP server:
8 in the alt hierarchy, 4 in rec, 0 in biz, 5 in sci, 2 in soc, 1 in misc, 0 in news, 42 in comp, 0 in talk, 0 in humanities.
Although this server says it allows posting, we were unable to send a message
(posted in alt.test)
Nessus ID : 11033 |
| Informational |
unknown (119/tcp) |
Remote NNTP server version : 200 kwark.ow.nl InterNetNews NNRP server INN 1.4 22-Dec-93 ready (posting ok).
Nessus ID : 10159 |
| Warning |
unknown (6699/tcp) |
The remote server seems to be a WinMX Peer-to-Peer client,
which may not be suitable for a business environment.
Solution : Uninstall this software
Risk factor : Low
Nessus ID : 11847 |