Transcription

Nessus ReportReport16/Aug/2012:14:52:10 GMTHomeFeed: Commercial use of the report is prohibitedAny time Nessus is used in a commercial environment you MUST maintain an activesubscription to the ProfessionalFeed in order to be compliant with our license ofessionalfeed

Table Of ContentsVulnerabilities By Host. 5 192.168.56.3. 6Vulnerabilities By Plugin.97 25216 (1) - Samba NDR MS-RPC Request Heap-Based Remote Buffer Overflow. 98 32314 (1) - Debian OpenSSH/OpenSSL Package Random Number Generator Weakness. 99 55523 (1) - vsftpd Smiley Face Backdoor. 100 10205 (1) - rlogin Service Detection.101 10481 (1) - MySQL Unpassworded Account Check.102 36171 (1) - phpMyAdmin Setup Script Configuration Parameters Arbitrary PHP Code Injection(PMASA-2009-4).103 42411 (1) - Microsoft Windows SMB Shares Unprivileged Access. 104 55976 (1) - Apache HTTP Server Byte Range DoS. 105 59088 (1) - PHP PHP-CGI Query String Parameter Injection Arbitrary Code Execution.107 10056 (1) - /doc Directory Browsable. 109 10079 (1) - Anonymous FTP Enabled.110 10203 (1) - rexecd Service Detection.111 11213 (1) - HTTP TRACE / TRACK Methods Allowed.112 11229 (1) - Web Server info.php / phpinfo.php Detection. 114 11356 (1) - NFS Exported Share Information Disclosure.115 15901 (1) - SSL Certificate Expiry.117 20007 (1) - SSL Version 2 (v2) Protocol Detection.118 26928 (1) - SSL Weak Cipher Suites Supported. 119 31705 (1) - SSL Anonymous Cipher Suites Supported.121 36083 (1) - phpMyAdmin file path Parameter Vulnerabilities (PMASA-2009-1). 123 42256 (1) - NFS Shares World Readable. 124 42873 (1) - SSL Medium Strength Cipher Suites Supported. 125 45411 (1) - SSL Certificate with Wrong Hostname. 126 46803 (1) - PHP expose php Information Disclosure. 127 49142 (1) - phpMyAdmin setup.php Verbose Server Name XSS (PMASA-2010-7). 128 51192 (1) - SSL Certificate Cannot Be Trusted. 129 51425 (1) - phpMyAdmin error.php BBcode Tag XSS (PMASA-2010-9). 130 52611 (1) - SMTP Service STARTTLS Plaintext Command Injection.131 57582 (1) - SSL Self-Signed Certificate. 133 57608 (1) - SMB Signing Disabled. 134 57792 (1) - Apache HTTP Server httpOnly Cookie Information Disclosure. 135 26194 (2) - Web Server Uses Plain Text Authentication Forms. 136 34324 (2) - FTP Supports Clear Text Authentication. 138 10407 (1) - X Server Detection. 139 34850 (1) - Web Server Uses Basic Authentication Without HTTPS. 140 42263 (1) - Unencrypted Telnet Server.141 53491 (1) - SSL / TLS Renegotiation DoS. 142 11219 (30) - Nessus SYN scanner.143 11111 (10) - RPC Services Enumeration. 145 22964 (8) - Service Detection.147

11154 (3) - Unknown Service Detection: Banner Retrieval.148 10092 (2) - FTP Server Detection. 150 10107 (2) - HTTP Server Type and Version. 151 10662 (2) - Web mirroring. 152 11002 (2) - DNS Server Detection. 154 11011 (2) - Microsoft Windows SMB Service Detection.155 11032 (2) - Web Server Directory Enumeration. 156 11419 (2) - Web Server Office File Inventory. 157 17975 (2) - Service Detection (GET request).158 24004 (2) - WebDAV Directory Enumeration. 159 24260 (2) - HyperText Transfer Protocol (HTTP) Information. 160 39463 (2) - HTTP Server Cookies Set. 161 42057 (2) - Web Server Allows Password Auto-Completion. 163 43111 (2) - HTTP Methods Allowed (per directory). 165 49704 (2) - External URLs.167 49705 (2) - Gathered email Addresses. 168 10028 (1) - DNS Server BIND version Directive Remote Version Disclosure. 170 10114 (1) - ICMP Timestamp Request Remote Date Disclosure.171 10150 (1) - Windows NetBIOS / SMB Remote Host Information Disclosure.172 10223 (1) - RPC portmapper Service Detection.173 10263 (1) - SMTP Server Detection. 174 10267 (1) - SSH Server Type and Version Information. 175 10281 (1) - Telnet Server Detection. 176 10287 (1) - Traceroute Information.177 10342 (1) - VNC Software Detection.178 10394 (1) - Microsoft Windows SMB Log In Possible.179 10395 (1) - Microsoft Windows SMB Shares Enumeration. 180 10397 (1) - Microsoft Windows SMB LanMan Pipe Server Listing Disclosure. 181 10437 (1) - NFS Share Export List.182 10719 (1) - MySQL Server Detection. 183 10785 (1) - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure. 184 10859 (1) - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration. 185 10860 (1) - SMB Use Host SID to Enumerate Local Users. 186 10863 (1) - SSL Certificate Information.188 10881 (1) - SSH Protocol Versions Supported.189 11153 (1) - Service Detection (HELP Request). 190 11422 (1) - Web Server Unconfigured - Default Install Page Present. 191 11424 (1) - WebDAV Detection. 192 11819 (1) - TFTP Daemon Detection. 193 11936 (1) - OS Identification.194 17219 (1) - phpMyAdmin Detection. 195 17651 (1) - Microsoft Windows SMB : Obtains the Password Policy. 196 18261 (1) - Apache Banner Linux Distribution Disclosure.197 19288 (1) - VNC Server Security Type Detection. 198 19506 (1) - Nessus Scan Information.199 20108 (1) - Web Server / Application favicon.ico Vendor Fingerprinting. 200 21186 (1) - AJP Connector Detection. 201

21643 (1) - SSL Cipher Suites Supported.202 22227 (1) - RMI Registry Detection.203 25220 (1) - TCP/IP Timestamps Supported. 204 25240 (1) - Samba Server Detection.205 26024 (1) - PostgreSQL Server Detection.206 35371 (1) - DNS Server hostname.bind Map Hostname Disclosure. 207 35373 (1) - DNS Server DNSSEC Aware Resolver. 208 35716 (1) - Ethernet Card Manufacturer Detection. 209 39446 (1) - Apache Tomcat Default Error Page Version Detection. 210 39519 (1) - Backported Security Patch Detection (FTP). 211 39520 (1) - Backported Security Patch Detection (SSH). 212 39521 (1) - Backported Security Patch Detection (WWW).213 40665 (1) - Protected Web Page Detection. 214 40984 (1) - Browsable Web Directories. 215 42088 (1) - SMTP Service STARTTLS Command Support. 216 45410 (1) - SSL Certificate commonName Mismatch. 218 45590 (1) - Common Platform Enumeration (CPE).219 50845 (1) - OpenSSL Detection. 220 51891 (1) - SSL Session Resume Supported. 221 52703 (1) - vsftpd Detection. 222 53335 (1) - RPC portmapper (TCP). 223 54615 (1) - Device Type. 224 56984 (1) - SSL / TLS Versions Supported.225 57041 (1) - SSL Perfect Forward Secrecy Cipher Suites Supported. 226 60119 (1) - Microsoft Windows SMB Share Permissions Enumeration. 227Hosts Summary (Executive).228 192.168.56.3. 229

Vulnerabilities By Host

192.168.56.3Scan InformationStart time:Thu Aug 16 13:55:54 2012End time:Thu Aug 16 14:52:04 2012Host InformationNetbios Name:METASPLOITABLEIP:192.168.56.3MAC Address:08:00:27:b9:7e:58OS:Linux Kernel 2.6 on Ubuntu 8.04 (hardy)Results sults Details0/icmp10114 - ICMP Timestamp Request Remote Date DisclosureSynopsisIt is possible to determine the exact time set on the remote host.DescriptionThe remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set onthe targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authenticationprotocols.Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, butusually within 1000 seconds of the actual system time.SolutionFilter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).Risk EFCWE:200Plugin Information:Publication date: 1999/08/01, Modification date: 2012/06/18Portsicmp/0The difference between the local and remote clocks is -13832 seconds.0/tcp25220 - TCP/IP Timestamps SupportedSynopsisThe remote service implements TCP timestamps.DescriptionThe remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptimeof the remote host can sometimes be computed.See Also6

http://www.ietf.org/rfc/rfc1323.txtSolutionn/aRisk FactorNonePlugin Information:Publication date: 2007/05/16, Modification date: 2011/03/20Portstcp/035716 - Ethernet Card Manufacturer DetectionSynopsisThe manufacturer can be deduced from the Ethernet OUI.DescriptionEach ethernet MAC address starts with a 24-bit 'Organizationally Unique Identifier'.These OUI are registered by IEEE.See n/aRisk FactorNonePlugin Information:Publication date: 2009/02/19, Modification date: 2011/03/27Portstcp/0The following card manufacturers were identified :08:00:27:b9:7e:58 : CADMUS COMPUTER SYSTEMS18261 - Apache Banner Linux Distribution DisclosureSynopsisThe name of the Linux distribution running on the remote host was found in the banner of the web