noway.toonux.com 09 January 2014



Similar documents
Cyber Security Scan Report

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Vulnerability Scan. January 6, 2015

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

My FreeScan Vulnerabilities Report

Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day. SSL Certificate - Subject Common Name Does Not Match Server FQDN

CIT 380: Securing Computer Systems

Running a Default Vulnerability Scan SAINTcorporation.com

ASV Scan Report Vulnerability Details PRESTO BIZ

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

Introduction of Intrusion Detection Systems

Running a Default Vulnerability Scan

Payment Card Industry (PCI) Executive Report 08/04/2014

COURCE TITLE DURATION LPI-202 Advanced Linux Professional Institute 40 H.

CS5008: Internet Computing

The Trivial Cisco IP Phones Compromise

Parallels Plesk Panel

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson

Automated Vulnerability Scan Results

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

VMware vcenter Log Insight Security Guide

1 Scope of Assessment

Chapter 17. Transport-Level Security

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

SNI Vulnerability Assessment Report

Topics in Network Security

Payment Card Industry (PCI) Executive Report 10/27/2015

Web Application Report

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Potential Targets - Field Devices

Learn Ethical Hacking, Become a Pentester

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Check list for web developers

SECURITY ADVISORY. December 2008 Barracuda Load Balancer admin login Cross-site Scripting

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

Payment Card Industry (PCI) Data Security Standard

Andreas Dittrich, Philipp Reinecke Testing of Network and System Security. example.

Cyber Essentials. Test Specification

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Penetration Testing Report Client: Business Solutions June 15 th 2015

Web App Security Audit Services

Project 2: Firewall Design (Phase I)

Introduction to Endpoint Security

Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

What is Web Security? Motivation

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

Web application security

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

FortiWeb 5.0, Web Application Firewall Course #251

VMware vcenter Log Insight Security Guide

Security: Attack and Defense

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

Chapter 9 Monitoring System Performance

Critical Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn

Configuring Security for SMTP Traffic

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

CMPT 471 Networking II

How To Protect Your Network From Attack From Outside From Inside And Outside

Intro to Firewalls. Summary

Device Log Export ENGLISH

Penetration Testing Scope Factors

8 steps to protect your Cisco router

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Internet Security [1] VU Engin Kirda

THREAT MODELLING FOR SQL SERVERS Designing a Secure Database in a Web Application

CS155: Computer and Network Security

2. Installing GFI LANguard Network Security Scanner

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

A S B

Windows Remote Access

NETWORK SECURITY HACKS

ncircle PCI Compliance Report for Techno Kitchen Detail Report

Security Vulnerabilities and Patches Explained IT Security Bulletin for the Government of Canada

Network Security Essentials Chapter 5

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

A Very Incomplete Diagram of Network Attacks

Introduction to Computer Security

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Design Notes for an Efficient Password-Authenticated Key Exchange Implementation Using Human-Memorable Passwords

TELE 301 Network Management. Lecture 16: Remote Terminal Services

Introduction to Computer Security

Payment Card Industry (PCI) Executive Report. Pukka Software

Thick Client Application Security

Networking for Caribbean Development

Network Security 2. Module 2 Configure Network Intrusion Detection and Prevention

Transport Level Security

Chapter 7. Firewalls

Transcription:

noway.toonux.com

p3.7 10 noway.toonux.com 88.190.52.71 Debian Linux 0 CRITICAL 0 HIGH 5 MEDIUM 2 LOW Running Services Service Service Name Risk General Linux Kernel Medium 22/TCP OpenSSH 5.5p1 Debian 6+squeeze4 (protocol 2.0) Medium 25/TCP Postfix smtpd Medium 80/TCP Apache httpd Medium New Vulnerabilities ordered by port Service Name CVSS Risk General/tcp VSEC Best Practices 6.0 Medium General/tcp TCP Sequence Number Approximation Reset Denial of Service Vulnerability 5.0 Medium General/tcp TCP timestamps 2.6 Low 22/tcp Denial of Service in OpenSSH 5.0 Medium 22/tcp openssh-server Forced Command Handling Information Disclosure Vulnerability 3.5 Low 25/tcp Check if Mailserver answer to VRFY and EXPN requests 5.0 Medium 25/tcp SMTP Server type and version 0.0 Info 80/tcp Apache Web Server ETag Header Information Disclosure Weakness 4.3 Medium 80/tcp HTTP Bad Method message 0.0 Info 80/tcp HTTP OPTIONS method 0.0 Info www.ikare-monitoring.fr 2

New Vulnerabilities Description VSEC Best Practices 88.190.52.71:General/tcp (Jan 09, 2014 03:44:11 PM) Medium 6.0 Synopsis : Ikare run tests to check your compliance to Security Best Practices. Output: ssh 88.190.52.71 22 tcp OpenSSH 5.5p1 Debian 6+squeeze4 (protocol 2.0) smtp 88.190.52.71 25 tcp Postfix smtpd X509 Certificate signature validity: KO: error 18 at 0 depth lookup:self signed certificate,o K,, SSL Weak algorithms: KO: Accepted weak (40/56 bits) algorithm(s) (respectively 6 & 3) http 88.190.52.71 80 tcp Apache httpd HTTP OPTIONS: Warning: Allowed OPTIONS method TCP Sequence Number Approximation Reset Denial of Service Vulnerability Family Name: Denial of Service 88.190.52.71:General/tcp (Jan 09, 2014 03:58:04 PM) The host is running TCP services and is prone to denial of service vulnerability. The flaw is triggered when spoofed TCP Reset packets are received by the targeted TCP stack and will result in loss of availability for the attacked TCP services. Successful exploitation will allow remote attackers to guess sequence numbers and cause a denial of service to persistent TCP connections by repeatedly injecting a TCP RST packet. URL:http://www.osvdb.org/4030 URL:http://xforce.iss.net/xforce/xfdb/15886 URL:http://www.us-cert.gov/cas/techalerts/TA04-111A.html URL:http://www-01.ibm.com/support/docview.wss?uid=isg1IY55949 URL:http://www-01.ibm.com/support/docview.wss?uid=isg1IY55950 URL:http://www-01.ibm.com/support/docview.wss?uid=isg1IY62006 URL:http://www.microsoft.com/technet/security/Bulletin/MS05-019.mspx URL:http://www.microsoft.com/technet/security/bulletin/ms06-064.mspx URL:http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html URL:http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html CVE:CVE-2004-0230 Please see the referenced advisories for more information on obtaining and applying fixes. Medium 5.0 www.ikare-monitoring.fr 3

Denial of Service in OpenSSH Family Name: Denial of Service 88.190.52.71:22/tcp (Jan 09, 2014 03:58:04 PM) Medium 5.0 Denial of Service Vulnerability in OpenSSH The sshd_config configuration file indicates connection limits: - MaxStartups: maximal number of unauthenticated connections (default : 10) - LoginGraceTime: expiration duration of unauthenticated connections (default : 2 minutes) However, in this default configuration, an attacker can open 10 TCP sessions on port 22/tcp, and then reopen them every 2 minutes, in order to limit the probability of a legitimate client to a ccess to the service. Note: MaxStartups supports the 'random early drop' feature, which protects against this type of attack, but it is not enabled by default. An unauthenticated attacker can therefore open ten connections to OpenSSH, in order to forbid th e access to legitimate users. This plugin only check OpenSSH version and not test to exploit this vulnerability. Attackers to cause a denial of service (connection-slot exhaustion). URL:http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89 URL:http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156 URL:http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234 URL:http://vigilance.fr/vulnerability/OpenSSH-denial-of-service-via-MaxStartups-11256 CVE:CVE-2010-5107 Upgrade your OpenSSH to 6.2. or modify LoginGraceTime and MaxStartups on server configuration Check if Mailserver answer to VRFY and EXPN requests Family Name: SMTP problems 88.190.52.71:25/tcp (Jan 09, 2014 03:58:05 PM) The Mailserver on this host answers to VRFY and/or EXPN requests. VRFY and EXPN ask the server for information about an address. They are inherently unusable through firewalls, gateways, mail exchangers for part-time hosts, etc. OpenVAS suggests that, if you really want to publish this type of information, you use a mechanism that legitimate users actually know about, such as Finger or HTTP. URL:http://cr.yp.to/smtp/vrfy.html Disable VRFY and/or EXPN on your Mailserver. For postfix add 'disable_vrfy_command=yes' in 'main.cf'. For Sendmail add the option 'O PrivacyOptions=goaway'. Medium 5.0 www.ikare-monitoring.fr 4

Apache Web Server ETag Header Information Disclosure Weakness Family Name: Web application abuses 88.190.52.71:80/tcp (Jan 09, 2014 03:58:04 PM) A weakness has been discovered in Apache web servers that are configured to use the FileETag directive. Due to the way in which Apache generates ETag response headers, it may be possible for an attacker to obtain sensitive information regarding server files. Specifically, ETag header fields returned to a client contain the file's inode number. Exploitation of this issue may provide an attacker with information that may be used to launch further attacks against a target network. OpenBSD has released a patch that addresses this issue. Inode numbers returned from the server are now encoded using a private hash to avoid the release of sensitive information. URL:https://www.securityfocus.com/bid/6939 URL:http://httpd.apache.org/docs/mod/core.html#fileetag URL:http://www.openbsd.org/errata32.html URL:http://support.novell.com/docs/Tids/Solutions/10090670.html CVE:CVE-2003-1418 OpenBSD has released a patch to address this issue. Novell has released TID10090670 to advise users to apply the available workaround of disabling the directive in the configuration file for Apache releases on NetWare. Please see the attached Technical Information Document for further details. Medium 4.3 openssh-server Forced Command Handling Information Disclosure Vulnerability 88.190.52.71:22/tcp (Jan 09, 2014 03:58:04 PM) The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. OpenSSH before 5.7 is affected URL:http://www.securityfocus.com/bid/51702 URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445 URL:http://packages.debian.org/squeeze/openssh-server URL:https://downloads.avaya.com/css/P8/documents/100161262 CVE:CVE-2012-0814 Updates are available. Please see the references for more information. Low 3.5 www.ikare-monitoring.fr 5

TCP timestamps 88.190.52.71:General/tcp (Jan 09, 2014 03:58:05 PM) Low 2.6 The remote host implements TCP timestamps and therefore allows to compute the uptime. The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed. URL:http://www.ietf.org/rfc/rfc1323.txt To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime. To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled' Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled. The default behavior of the TCP/IP stack on this Systems is, to not use the Timestamp options when initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in their synchronize (SYN) segment. See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152 SMTP Server type and version 88.190.52.71:25/tcp (Jan 09, 2014 03:58:05 PM) This detects the SMTP Server's type and version by connecting to the server and processing the buffer received. This information gives potential attackers additional information about the system they are attacking. Versions and Types should be omitted where possible. NOXREF Change the login banner to something generic. Info 0.0 HTTP Bad Method message Family Name: Web application abuses 88.190.52.71:80/tcp (Jan 09, 2014 03:58:04 PM) HTTP Bad Method message leak same informations than OPTIONS method The OPTIONS Method provides a list of the methods that are supported by the web server, it represents a request for information about the communication options available on the request/response chain identified by the Request-URI. Info 0.0 www.ikare-monitoring.fr 6

The OPTIONS Method may expose sensitive information that may help an malicious user to prepare more advanced attacks. URL: It's recommended to change the HTTP Bad Method message HTTP OPTIONS method Family Name: Web application abuses 88.190.52.71:80/tcp (Jan 09, 2014 03:58:05 PM) HTTP OPTIONS method is enabled on this web server The OPTIONS method provides a list of the methods that are supported by the web server, it represents a request for information about the communication options available on the request/response chain identified by the Request-URI. The OPTIONS method may expose sensitive information that may help an malicious user to prepare more advanced attacks. URL: It's recommended to disable OPTIONS Method on the web server. Info 0.0 www.ikare-monitoring.fr 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information