My FreeScan Vulnerabilities Report



Similar documents
1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Device Log Export ENGLISH

Internet Security [1] VU Engin Kirda

SNI Vulnerability Assessment Report

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day. SSL Certificate - Subject Common Name Does Not Match Server FQDN

CS5008: Internet Computing

Chapter 4 Firewall Protection and Content Filtering

Running a Default Vulnerability Scan SAINTcorporation.com

SonicWALL PCI 1.1 Implementation Guide

The Trivial Cisco IP Phones Compromise

ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Linux MDS Firewall Supplement

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

IIS, FTP Server and Windows

Chapter 9 Monitoring System Performance

Firewall Server 7.2. Release Notes. What's New in Firewall Server 7.2

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

EXPLORER. TFT Filter CONFIGURATION

Linux Network Security

Security perimeter white paper. Configuring a security perimeter around JEP(S) with IIS SMTP

Fundamentals of UNIX Lab Networking Commands (Estimated time: 45 min.)

Linux MPS Firewall Supplement

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Payment Card Industry (PCI) Executive Report. Pukka Software

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Basic Exchange Setup Guide

Firewalls. Network Security. Firewalls Defined. Firewalls

Step-by-Step Configuration

NETASQ MIGRATING FROM V8 TO V9

FTP e TFTP. File transfer protocols PSA1

Configuring Global Protect SSL VPN with a user-defined port

Firewalls (IPTABLES)

Lab Objectives & Turn In

Check Point FW-1/VPN-1 NG/FP3

SECURE FTP CONFIGURATION SETUP GUIDE

qliqdirect Active Directory Guide

How to Secure a Groove Manager Web Site

Running a Default Vulnerability Scan

Application Note. Using a Windows NT Domain / Active Directory for User Authentication NetScreen Devices 8/15/02 Jay Ratford Version 1.

Client Server Registration Protocol

Web Application Firewall

GlobalSCAPE DMZ Gateway, v1. User Guide

Step-by-Step Configuration

7.1. Remote Access Connection

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

NETASQ SSO Agent Installation and deployment

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Topics in Network Security

Preparing for GO!Enterprise MDM On-Demand Service

Basic Exchange Setup Guide

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Setting Up Scan to SMB on TaskALFA series MFP s.

Chapter 12 Supporting Network Address Translation (NAT)

Security Guidelines for MapInfo Discovery 1.1

Guideline for setting up a functional VPN

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

SECURITY ADVISORY FROM PATTON ELECTRONICS

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

CMPT 471 Networking II

If you examine a typical data exchange on the command connection between an FTP client and server, it would probably look something like this:

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

RemotelyAnywhere Getting Started Guide

About Firewall Protection

Cyber Security Scan Report

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

1. LAB SNIFFING LAB ID: 10

Firewall Firewall August, 2003

FREQUENTLY ASKED QUESTIONS

enicq 5 System Administrator s Guide

December P Xerox App Studio 3.0 Information Assurance Disclosure

Configuring the WT-4 for ftp (Ad-hoc Mode)

General Network Security

Lotus Domino Security

Parallels Plesk Panel

Payment Card Industry (PCI) Data Security Standard

Chapter 4 Firewall Protection and Content Filtering

A S B

GFI White Paper PCI-DSS compliance and GFI Software products

Rapid Vulnerability Assessment Report

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Device LinkUP + Desktop LP Guide RDP

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

RSA SecurID Ready Implementation Guide

TECHNICAL NOTE TNOI27

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Locking down a Hitachi ID Suite server

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

MadCap Software. Upgrading Guide. Pulse

Stateful Firewalls. Hank and Foo

Secure configuration document

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

Transcription:

Page 1 of 6 My FreeScan Vulnerabilities Report Print Help For 66.40.6.179 on Feb 07, 008 Thank you for trying FreeScan. Below you'll find the complete results of your scan, including whether or not the IP you provided is exposed to any vulnerabilities. For detected vulnerabilities, a complete description of the issue, possible consequences if exploited, and an assigned severity level are provided. Follow links to verified remedies to fix these issues before they can be exploited. FreeScan is just one component of QualysGuard. To experience all of QualysGuard's vulnerability management capabilities (both perimeter and internal) sign up for a free 7-day trial of QualysGuard. With your trial, you will receive customized network mapping with access to an unlimited number of scans and get comprehensive reports that include vulnerability trending, business risk assessment, risk matrixes, policy & compliance reporting and much more. Sign up now for your Free 7-day Trial Email this Free Network Security Scan to a colleague. Summary for 66.40.6.179 Vulnerabilities 1 Severity 5 (Urgent) 0 Severity 4 (Critical) 1 Severity 3 (Serious) 4 Severity (Medium) Severity 1 (Minimum) 8 Total List of Vulnerabilities for 66.40.6.179 Severity Analysis 5 Writeable Root Directory on Anonymous FTP Server 3 Mail Server Accepts Plaintext Credentials Anonymous Access to FTP with a Blank Password Allowed Multiple Vendor ftpd PASV Mode Data Channel Hijacking Vulnerability Accessible Anonymous FTP Server Account Brute Force Possible Through IIS NTLM Authentication Scheme 1 Microsoft IIS Authentication Method Disclosure Vulnerability 1 ICMP Timestamp Request Detailed Vulnerabilities for 66.40.6.179 Severity Analysis

Page of 6 5 Consequences: Writeable Root Directory on Anonymous FTP Server Qualys ID : 700 CVE ID : CVE-1999-057 The Anonymous FTP server has a world writeable root directory. The root directory of your anonymous FTP server can therefore be written-to by any anonymous user. Writeable anonymous FTP servers are commonly abused by unauthorized users to upload movies, pornography, pirated software and other "warez". Sometimes the secondary storage is completely filled up resulting in performance degradation or even complete failure. For some FTP servers, the FTP root directory contains configuration files. Allowing write permissions may allow an anonymous user to overwrite these configuration files. In addition for UNIX, unauthorized users could place a ".forward" or an ".rhosts" file in this directory. ".forward" files may contain commands to be executed each time the anonymous user receives an e-mail message. ".rhosts" files contain hostnames from which any user will be able to connect to this host without a password. Thus, the unauthorized user can add the.rhosts file using their own hostname. They can then log in with rsh, rlogin or rexec service. These two files are commonly used to compromise servers. Disable write access for unauthorized users in the root directory of the FTP server. For UNIX: $ chmod o-w path/to/ftp/root/directory For Microsoft IIS 6: 1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS).. In IIS Manager, expand the local computer, expand the FTP Sites folder, right-click the FTP site in question, and click Properties. 3. Click the Home Directory tab and deselect the Write checkbox; click OK. 4. For advanced permissions, refer to step and click Permissions instead of Properties; then click Advanced Permissions. For other versions of IIS, please refer to the Microsoft website. 3 Mail Server Accepts Plaintext Credentials Qualys ID : 74147 Port : 5 Your Mail Server responds to the EHLO command which implies that it uses the ESMTP protocol. ESMTP uses the AUTH command which indicates an authentication mechanism to the server. If the server supports the requested authentication mechanism, it performs an authentication protocol exchange to authenticate and identify the user. Optionally, it also negotiates a security layer for subsequent protocol interactions. Your server accepts PLAIN or LOGIN as one of the AUTH parameters. The authentication credentials are transmitted in plaintext over the network and no encryption is performed. Consequences: Malicious users could obtain mail server credentials by sniffing the traffic. This can allow unauthorized users to use the mail server as an open mail relay. It may also lead to compromise of account credentials that can be used to access other mail services like POP3 and IMAP. Disable the plaintext authentication methods on your SMTP server for unencrypted (non-ssl/tls) sessions. You may consider using more advanced challenge-based authentication methods like CRAM-MD5 or DIGEST-MD5. Please contact your vendor for configuration information. Also check RFC 554 and RFC 487 for more details.

Page 3 of 6 Anonymous Access to FTP with a Blank Password Allowed Qualys ID : 7001 CVE ID : CVE-1999-0497 Users can access the FTP server using the "anonymous" or "ftp"account with a blank password. Some FTP server software is installed with Anonymous access enabled by default. Vulnerable systems include RedHat Linux installations and Microsoft IIS (Internet Information Server) installations. Consequences: The FTP server may contain sensitive files because anonymous FTP servers are often used to exchange files between different users. These files can be downloaded by anybody who visits this FTP server. Anonymous FTP is often used for "bounce attacks". Bounce attacks enable unauthorized users to scan networks, hosts and ports behind a firewall. This can result in internal networks, VPN and Intranets being compromised. You should first decide if you really require the FTP service on this host. If you use it to exchange files between users, you should either use a dedicated password-protected account, or, by default, an unreadable but writeable directory. The security of this last option depends on the secrecy of the filenames you upload and download from this directory. Therefore, avoid guessable filenames like "backup", "accounting" or "project". Multiple Vendor ftpd PASV Mode Data Channel Hijacking Vulnerability Qualys ID : 7177 CVE ID : CVE-1999-0351 Some FTP servers are vulnerable to hijacking of data connections when PASV mode is in use. In particular, these FTP servers are vulnerable: the ftpd included with Caldera Open UNIX and Unixware, and versions of RedHat prior to Version 6.0. (This is not a complete list.) The FTP server is transferred to FTP PASV mode, when the client issues PASV command through the control connection made to the server (usually 1/tcp). The server starts listening on a TCP port and responds to the client, letting it know that it is ready for the data connection establishment. The port number that the client is expected to connect to is included in the response to the PASV command. An attacker can connect to the FTP server's listening port before the client connects and thereby receive data intended for the client. To exploit this vulnerability, the attacker must intercept or guess the listening port number that the server will use, then try to connect before the client. If the server uses some predicatble port numbers, this vulnerability is trivial to exploit. Caldera reported that the Open UNIX/Unixware ftpd selects predictable PASV mode port numbers. Note: In order to detect this vulnerability, authentication of the FTP server is required. Consequences: By exploiting this vulnerability, remote attackers can hijack data connections and successfully retrieve data before the client. This is a generic FTP server vulnerablility, affecting all FTP servers. Apply a patch from your vendor. For more details, see this Cert Advisory. Contact your vendor to obtain either a patch or a not vulnerable version of the software.

Page 4 of 6 Note: This vulnerability has not been completely eliminated. Preventing IP addresses other than that of the client from connecting to data ports breaks RFC compliance, and does not prevent attacks from the client address (perhaps other internal hosts if NAT is in use). Data ports are now randomly selected by the server, making them more difficult to guess before the client connects. Accessible Anonymous FTP Server Qualys ID : 7000 CVE ID : CVE-1999-0497 Users can access the FTP server using the "anonymous" account with any password. Some FTP server software is installed with Anonymous access enabled by default. Vulnerable systems include RedHat Linux installations and Microsoft IIS (Internet Information Server) installations. Consequences: The FTP server may contain sensitive files because anonymous FTP servers are often used to exchange files between different users. These files can be downloaded by anybody who visits this FTP server. Anonymous FTP is often used for "bounce attacks". Bounce attacks enable unauthorized users to scan networks, hosts and ports behind a firewall. This can result in internal networks, VPN and Intranets being compromised. You should first decide if you really require the FTP service on this host. If you use it to exchange files between users, you should either use a dedicated password-protected account, or, by default, an unreadable but writeable directory. The security of this last option depends on the secrecy of the filenames you upload and download from this directory. Therefore, avoid guessable filenames like "backup", "accounting" or "project". Consequences: Account Brute Force Possible Through IIS NTLM Authentication Scheme Qualys ID : 86693 CVE ID : CVE-00-0419 Port : 80 NTLM authentication is enabled on the Microsoft IIS Web server. This allows a remote user to perform account brute force by requesting a non-existing HTTP resource or an existing HTTP resource that does not actually require authentication. Requests would include the "Authorization: NTLM" field. If the host has an account lockout policy in place, a remote user may exploit this vulnerability to lockout a local user, provided that the name of the local user is known. If the host does not have an account lockout policy in place, a remote user may exploit this vulnerability to brute force user passwords. Note that the Windows user list may sometimes be obtained by exploiting other vulnerabilities. Windows also has a few easy-to-guess default names for built-in accounts: "Administrator" for administering the computer/domain, "Guest" for guest access, "IUSR_<MachineName>" for anonymous access to IIS, and "IWAM_<Machinename>" for IIS to start out of process applications. Here the machine name <Machinename> may be obtained via Windows UDP Netbios NS (port 137). Among the above built-in accounts, the account lockout policy, even if it is in place, does not apply to the administrator account. So if the host uses a default name of "Administrator" for the administrator account, the password brute force of this account is possible through the IIS authentication interface. In addition, if the request has the NTLMSSP_REQUEST_TARGET flag on, the Web server may respond to the request with an NTLM challenge that contains sensitive host information, such as the Windows server and domain in which the authentication will be checked. Currently there are no vendor supplied patches available for this issue.

Page 5 of 6 As a workaround, disable NTLM authentication for your Web server. This can be done by unchecking "Integrated Windows Authentication" within "Authentication Method" under "Directory Security" in "Default Web Site Properties". Microsoft IIS Authentication Method Disclosure Vulnerability Qualys ID : 86316 CVE ID : CVE-00-0419 Port : 80 Microsoft IIS supports Basic and NTLM authentication. It has been reported that the authentication methods supported by a given IIS server can be revealed to an attacker through the inspection of returned error messages, even when anonymous access is also granted. 1 When a valid authentication request is submitted (for either method) with an invalid username and password, an error message is returned. This happens even if anonymous access to the requested resource is allowed. Consequences: If this vulnerability is successfully exploited, a malicious user can learn what authentication method is used. This information can then be used in further intelligent attacks against the server, or in a brute force password attack against a known user name. Currently there are no vendor supplied patches available. ICMP Timestamp Request Qualys ID : 8003 CVE ID : CVE-1999-054 Port : N/A ICMP (Internet Control and Error Message Protocol) is a protocol encapsulated in IP packets. It's principal purpose is to provide a protocol layer able to inform gateways of the inter-connectivity and accessibility of other gateways or hosts. "ping" is a well-known program for determining if a host is up or down. It uses ICMP echo packets. ICMP timestamp packets are used to synchronize clocks between hosts. Consequences: Unauthorized users can obtain information about your network by sending ICMP timestamp packets. For example, the internal systems clock should not be disclosed since some internal daemons use this value to calculate ID or sequence numbers (i.e., on SunOS servers). 1 You can filter ICMP messages of type "Timestamp" and "Timestamp Reply" at the firewall level. Some system administrators choose to filter most types of ICMP messages for various reasons. For example, they may want to protect their internal hosts from ICMP-based Denial Of Service attacks, such as the Ping of Death or Smurf attacks. However, you should never filter ALL ICMP messages, as some of them ("Don't Fragment", "Destination Unreachable", "Source Quench", etc) are necessary for proper behavior of Operating System TCP/IP stacks. It may be wiser to contact your network consultants for advice, since this issue impacts your overall network reliability and security.

Page 6 of 6 Copyright 008 Qualys, Inc. Privacy Policy

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information