| Security Issues and Fixes: 172.20.100.59 |
| Type |
Port |
Issue and Fix |
| Warning |
smtp (25/tcp) |
; The remote SMTP server seems to allow the relaying. This means that;it allows spammers to use your mail server to send their mails to;the world, thus wasting your network bandwidth.;;Risk factor : Low / Medium;;Solution : configure your SMTP server so that it can't be used as a relay; any more.;CVE : CAN-1999-0512, CAN-2002-1278, CAN-2003-0285;BID : 6118, 7580, 8196;Nessus ID : 10262 |
| Informational |
smtp (25/tcp) |
An SMTP server is running on this port;Here is its banner : ;220 hope.fr.nessus.org ESMTP Postfix;;Nessus ID : 10330 |
| Informational |
smtp (25/tcp) |
A SMTP server is running on this port;Nessus ID : 14773 |
| Informational |
smtp (25/tcp) |
Remote SMTP server banner :;220 hope.fr.nessus.org ESMTP Postfix;;;;;This is probably: Postfix;Nessus ID : 10263 |
| Informational |
smtp (25/tcp) |
This server could be fingerprinted as being Postfix 2.0.4;Nessus ID : 11421 |
| Vulnerability |
ssh (22/tcp) |
;You are running a version of OpenSSH which is older than 3.7.1;;Versions older than 3.7.1 are vulnerable to a flaw in the buffer management;functions which might allow an attacker to execute arbitrary commands on this ;host.;;An exploit for this issue is rumored to exist.;;;Note that several distribution patched this hole without changing;the version number of OpenSSH. Since Nessus solely relied on the;banner of the remote SSH server to perform this check, this might;be a false positive.;;If you are running a RedHat host, make sure that the command :; rpm -q openssh-server; ;Returns :; openssh-server-3.1p1-13 (RedHat 7.x); openssh-server-3.4p1-7 (RedHat 8.0); openssh-server-3.5p1-11 (RedHat 9);;Solution : Upgrade to OpenSSH 3.7.1;See also : http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2; http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2;Risk factor : High;CVE : CAN-2003-0682, CAN-2003-0693, CAN-2003-0695;BID : 8628;Other references : RHSA:RHSA-2003:279, SuSE:SUSE-SA:2003:039;Nessus ID : 11837 |
| Warning |
ssh (22/tcp) |
;The remote SSH daemon supports connections made;using the version 1.33 and/or 1.5 of the SSH protocol.;;These protocols are not completely cryptographically;safe so they should not be used.;;Solution : ; If you use OpenSSH, set the option 'Protocol' to '2'; If you use SSH.com's set the option 'Ssh1Compatibility' to 'no'; ;Risk factor : Low;Nessus ID : 10882 |
| Warning |
ssh (22/tcp) |
;You are running OpenSSH-portable 3.6.1p1 or older.;;If PAM support is enabled, an attacker may use a flaw in this version;to determine the existence or a given login name by comparing the times;the remote sshd daemon takes to refuse a bad password for a non-existent;login compared to the time it takes to refuse a bad password for a;valid login.;;An attacker may use this flaw to set up a brute force attack against;the remote host.;;*** Nessus did not check whether the remote SSH daemon is actually;*** using PAM or not, so this might be a false positive;;Solution : Upgrade to OpenSSH-portable 3.6.1p2 or newer;Risk factor : Low;CVE : CAN-2003-0190;BID : 7342, 7467, 7482;Other references : RHSA:RHSA-2003:222-01;Nessus ID : 11574 |
| Warning |
ssh (22/tcp) |
;You are running OpenSSH-portable 3.6.1 or older.;;There is a flaw in this version which may allow an attacker to;bypass the access controls set by the administrator of this server.;;OpenSSH features a mechanism which can restrict the list of;hosts a given user can log from by specifying a pattern;in the user key file (ie: *.mynetwork.com would let a user;connect only from the local network).;;However there is a flaw in the way OpenSSH does reverse DNS lookups.;If an attacker configures his DNS server to send a numeric IP address;when a reverse lookup is performed, he may be able to circumvent;this mechanism.;;Solution : Upgrade to OpenSSH 3.6.2 when it comes out;Risk factor : Low;CVE : CAN-2003-0386;BID : 7831;Nessus ID : 11712 |
| Informational |
ssh (22/tcp) |
An ssh server is running on this port;Nessus ID : 10330 |
| Informational |
ssh (22/tcp) |
Remote SSH version : SSH-1.99-OpenSSH_3.5p1 FreeBSD-20030924;;Nessus ID : 10267 |
| Informational |
ssh (22/tcp) |
The remote SSH daemon supports the following versions of the;SSH protocol :;; . 1.33; . 1.5; . 1.99; . 2.0;;;SSHv1 host key fingerprint : 8c:89:f6:42:e3:83:1d:54:7e:6c:ed:e7:c2:37:65:2c;SSHv2 host key fingerprint : 82:3f:0c:11:9a:9f:2a:0b:ae:00:bb:58:d4:9d:67:9a;;Nessus ID : 10881 |
| Vulnerability |
ftp (21/tcp) |
The following directories are world-writeable. You should;correct this problem quickly; /incoming/;;Risk factor : Medium;;CVE : CAN-1999-0527;Nessus ID : 10332 |
| Warning |
ftp (21/tcp) |
;This FTP service allows anonymous logins. If you do not want to share data ;with anyone you do not know, then you should deactivate the anonymous account, ;since it may only cause troubles.;;The content of the remote FTP root is :; ;total 10;;-rw-r--r-- 1 0 operator 3 Sep 15 2003 .forward;;dr-xr-xr-x 2 0 operator 512 Jun 26 2003 bin;;dr-xr-xr-x 2 0 operator 512 Jun 26 2003 etc;;drwxrwxrwt 54 0 operator 1536 Oct 26 18:18 incoming;;drwxr-xr-x 6 0 operator 512 Mar 16 2004 pub;;; ;Risk factor : Low;CVE : CAN-1999-0497;Nessus ID : 10079 |
| Warning |
ftp (21/tcp) |
;The remote anonymous FTP server has a .forward file;set in its home. An attacker may use it to determine ;who is in charge of the FTP server and set up a social;engineering attack.;;The .forward file contains : ;xx;;;Solution : Delete the .forward file from ~ftp/ on this host;Risk factor : Low;Nessus ID : 11565 |
| Informational |
ftp (21/tcp) |
An FTP server is running on this port.;Here is its banner : ;220 hope.fr.nessus.org FTP server (Version 6.00LS) ready.;;Nessus ID : 10330 |
| Informational |
ftp (21/tcp) |
A FTP server is running on this port;Nessus ID : 14773 |
| Informational |
ftp (21/tcp) |
Remote FTP server banner :;220 hope.fr.nessus.org FTP server (Version 6.00LS) ready.;;;Nessus ID : 10092 |
| Informational |
ftp (21/tcp) |
Remote FTP server banner :;220 hope.fr.nessus.org FTP server (Version 6.00LS) ready.;;Nessus ID : 10092 |
| Informational |
ftp (21/tcp) |
Remote FTP server banner :;214- The following commands are recognized (* =>'s unimplemented).;; USER PORT TYPE MLFL* MRCP* DELE SYST RMD STOU ;; PASS LPRT STRU MAIL* ALLO CWD STAT XRMD SIZE ;; ACCT* EPRT MODE MSND* REST XCWD HELP PWD MDTM ;; SMNT* PASV RETR MSOM* RNFR LIST NOOP XPWD ;; REIN* LPSV STOR MSAM* RNTO NLST MKD CDUP ;; QUIT EPSV APPE MRSQ* ABOR SITE XMKD XCUP ;;214 Direct comments to ftp-bugs@hope.fr.nessus.org.;;;Nessus ID : 10092 |
| Vulnerability |
http (80/tcp) |
;The remote host appears to be running a version of Apache which is older ;than 1.3.32.;;There is a local buffer overflow in htpasswd command in this version, ;which may allow a local user to gain the privileges of the httpd process.;;*** Note that Nessus solely relied on the version number;*** of the remote server to issue this warning. This might;*** be a false positive;;See also : http://xforce.iss.net/xforce/xfdb/17413;Solution : Upgrade to Apache 1.3.32 when available;Risk factor : High;Nessus ID : 14771 |
| Vulnerability |
http (80/tcp) |
;The remote host appears to be running a version of Apache which is older ;than 1.3.32.;;There is a local buffer overflow in htpasswd command in this version, ;which may allow a local user to gain the privileges of the httpd process.;;*** Note that Nessus solely relied on the version number;*** of the remote server to issue this warning. This might;*** be a false positive;;See also : http://xforce.iss.net/xforce/xfdb/17413;Solution : Upgrade to Apache 1.3.32 when available;Risk factor : High;Nessus ID : 14771 |
| Vulnerability |
http (80/tcp) |
;The target is running an Apache web server that may not properly handle;access controls. In effect, on big-endian 64-bit platforms, Apache;fails to match allow or deny rules containing an IP address but not a;netmask. ;;***** Nessus has determined the vulnerability exists only by looking at;***** the Server header returned by the web server running on the target.;***** If the target is not a big-endian 64-bit platform, consider this a ;***** false positive. ;;Additional information on the vulnerability can be found at :;; - http://www.apacheweek.com/features/security-13; - http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722; - http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850;;Solution : Upgrade to Apache version 1.3.31 or newer.;Risk factor : Medium;CVE : CAN-2003-0993;BID : 9829;Other references : GLSA:GLSA 200405-22, MDKSA:MDKSA-2004:046, OpenPKG-SA:OpenPKG-SA-2004.021, SSA:SSA:2004-133-01, TSLSA:TSLSA-2004-0027;Nessus ID : 14177 |
| Vulnerability |
http (80/tcp) |
;The target is running an Apache web server that may not properly handle;access controls. In effect, on big-endian 64-bit platforms, Apache;fails to match allow or deny rules containing an IP address but not a;netmask. ;;***** Nessus has determined the vulnerability exists only by looking at;***** the Server header returned by the web server running on the target.;***** If the target is not a big-endian 64-bit platform, consider this a ;***** false positive. ;;Additional information on the vulnerability can be found at :;; - http://www.apacheweek.com/features/security-13; - http://marc.theaimsgroup.com/?l=apache-cvs&m=107869603013722; - http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23850;;Solution : Upgrade to Apache version 1.3.31 or newer.;Risk factor : Medium;CVE : CAN-2003-0993;BID : 9829;Other references : GLSA:GLSA 200405-22, MDKSA:MDKSA-2004:046, OpenPKG-SA:OpenPKG-SA-2004.021, SSA:SSA:2004-133-01, TSLSA:TSLSA-2004-0027;Nessus ID : 14177 |
| Warning |
http (80/tcp) |
;The remote web server seems to have its default welcome page set.;It probably means that this server is not used at all.;;Solution : Disable this service, as you do not use it;Risk factor : Low;Nessus ID : 11422 |
| Warning |
http (80/tcp) |
;The target is running an Apache web server which allows for the;injection of arbitrary escape sequences into its error logs. An;attacker might use this vulnerability in an attempt to exploit similar;vulnerabilities in terminal emulators. ;;***** Nessus has determined the vulnerability exists only by looking at;***** the Server header returned by the web server running on the target.;;Solution : Upgrade to Apache version 1.3.31 or 2.0.49 or newer.;Risk factor : Low;CVE : CAN-2003-0020;BID : 9930;Other references : APPLE-SA:APPLE-SA-2004-05-03, CLSA:CLSA-2004:839, HPSB:HPSBUX01022, RHSA:RHSA-2003:139-07, RHSA:RHSA-2003:243-07, MDKSA:MDKSA-2003:050, OpenPKG-SA:OpenPKG-SA-2004.021-apache, SSA:SSA:2004-133-01, SuSE-SA:SuSE-SA:2004:009, TLSA:TLSA-2004-11, TSLSA:TSLSA-2004-0017;Nessus ID : 12239 |
| Warning |
http (80/tcp) |
;The target is running an Apache web server which allows for the;injection of arbitrary escape sequences into its error logs. An;attacker might use this vulnerability in an attempt to exploit similar;vulnerabilities in terminal emulators. ;;***** Nessus has determined the vulnerability exists only by looking at;***** the Server header returned by the web server running on the target.;;Solution : Upgrade to Apache version 1.3.31 or 2.0.49 or newer.;Risk factor : Low;CVE : CAN-2003-0020;BID : 9930;Other references : APPLE-SA:APPLE-SA-2004-05-03, CLSA:CLSA-2004:839, HPSB:HPSBUX01022, RHSA:RHSA-2003:139-07, RHSA:RHSA-2003:243-07, MDKSA:MDKSA-2003:050, OpenPKG-SA:OpenPKG-SA-2004.021-apache, SSA:SSA:2004-133-01, SuSE-SA:SuSE-SA:2004:009, TLSA:TLSA-2004-11, TSLSA:TSLSA-2004-0017;Nessus ID : 12239 |
| Warning |
http (80/tcp) |
;The remote web server appears to be running a version of Apache that is older;than version 1.3.33.;;This version is vulnerable to a local buffer overflow in the get_tag();function of the module 'mod_include' when a specially crafted document ;with malformed server-side includes is requested though an HTTP session.;;Successful exploitation can lead to execution of arbitrary code with ;escalated privileges, but requires that server-side includes (SSI) is enabled.;;Solution: Disable SSI or upgrade to a newer version when available.;Risk factor: Medium;CVE : CAN-2004-0940;BID : 11471;Nessus ID : 15554 |
| Warning |
http (80/tcp) |
;The remote web server appears to be running a version of Apache that is older;than version 1.3.33.;;This version is vulnerable to a local buffer overflow in the get_tag();function of the module 'mod_include' when a specially crafted document ;with malformed server-side includes is requested though an HTTP session.;;Successful exploitation can lead to execution of arbitrary code with ;escalated privileges, but requires that server-side includes (SSI) is enabled.;;Solution: Disable SSI or upgrade to a newer version when available.;Risk factor: Medium;CVE : CAN-2004-0940;BID : 11471;Nessus ID : 15554 |
| Warning |
http (80/tcp) |
;The remote web server appears to be running a version of Apache that is older;than version 1.3.32.;;This version is vulnerable to a heap based buffer overflow in proxy_util.c;for mod_proxy. This issue may lead remote attackers to cause a denial of ;service and possibly execute arbitrary code on the server.;;Solution: Don't use mod_proxy or upgrade to a newer version.;Risk factor: Medium;CVE : CAN-2004-0492;BID : 10508;Nessus ID : 15555 |
| Warning |
http (80/tcp) |
;The remote web server appears to be running a version of Apache that is older;than version 1.3.32.;;This version is vulnerable to a heap based buffer overflow in proxy_util.c;for mod_proxy. This issue may lead remote attackers to cause a denial of ;service and possibly execute arbitrary code on the server.;;Solution: Don't use mod_proxy or upgrade to a newer version.;Risk factor: Medium;CVE : CAN-2004-0492;BID : 10508;Nessus ID : 15555 |
| Warning |
http (80/tcp) |
;Your webserver supports the TRACE and/or TRACK methods. TRACE and TRACK;are HTTP methods which are used to debug web server connections. ;;It has been shown that servers supporting this method are subject;to cross-site-scripting attacks, dubbed XST for;"Cross-Site-Tracing", when used in conjunction with;various weaknesses in browsers.;;An attacker may use this flaw to trick your;legitimate web users to give him their ;credentials.;;Solution: Disable these methods.;;;If you are using Apache, add the following lines for each virtual;host in your configuration file :;; RewriteEngine on; RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK); RewriteRule .* - [F];;If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE;requests or to permit only the methods needed to meet site requirements;and policy.;;If you are using Sun ONE Web Server releases 6.0 SP2 and later, add the;following to the default object section in obj.conf:; <Client method="TRACE">; AuthTrans fn="set-variable"; remove-headers="transfer-encoding"; set-headers="content-length: -1"; error="501"; </Client>;;If you are using Sun ONE Web Server releases 6.0 SP2 or below, compile;the NSAPI plugin located at:; http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603;;;See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf; http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html; http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603; http://www.kb.cert.org/vuls/id/867593;;Risk factor : Medium;Nessus ID : 11213 |
| Informational |
http (80/tcp) |
A web server is running on this port;Nessus ID : 10330 |
| Informational |
http (80/tcp) |
The following directories were discovered:;/cgi-bin, /icons, /manual;;While this is not, in and of itself, a bug, you should manually inspect ;these directories to ensure that they are in compliance with company;security standards;;Nessus ID : 11032 |
| Informational |
http (80/tcp) |
The following directories were discovered:;/cgi-bin, /icons, /manual;;While this is not, in and of itself, a bug, you should manually inspect ;these directories to ensure that they are in compliance with company;security standards;;Nessus ID : 11032 |
| Informational |
http (80/tcp) |
The following CGI have been discovered :;;Syntax : cginame (arguments [default value]);;/manual/howto/ (D [A] M [A] N [A] D=D [] S [A] );;;Directory index found at /manual/howto/;;Nessus ID : 10662 |
| Informational |
http (80/tcp) |
The remote web server type is :;;Apache/1.3.29 (Unix);;;;Solution : You can set the directive 'ServerTokens Prod' to limit;the information emanating from the server in its response headers.;Nessus ID : 10107 |
| Warning |
exec (512/tcp) |
;The rexecd service is open. This service is design to ;allow users of a network to execute commands remotely.;;;However, rexecd does not provide any good means of authentication, so it ;may be abused by an attacker to scan a third party host.;;Solution : comment out the 'exec' line in /etc/inetd.conf and restart the ;inetd process;;Risk factor : Medium;CVE : CAN-1999-0618;Nessus ID : 10203 |
| Warning |
nessus (1241/tcp) |
A Nessus Daemon is listening on this port.;Nessus ID : 10147 |
| Informational |
nessus (1241/tcp) |
A TLSv1 server answered on this port;;Nessus ID : 10330 |
| Informational |
nessus (1241/tcp) |
Here is the TLSv1 server certificate:;Certificate:; Data:; Version: 3 (0x2); Serial Number: 1 (0x1); Signature Algorithm: md5WithRSAEncryption; Issuer: C=FR, ST=none, L=Paris, O=Nessus Users United, OU=Certification Authority for hope.fr.nessus.org, CN=hope.fr.nessus.org/emailAddress=ca@hope.fr.nessus.org; Validity; Not Before: Oct 7 15:03:38 2004 GMT; Not After : Oct 7 15:03:38 2005 GMT; Subject: C=FR, ST=none, L=Paris, O=Nessus Users United, OU=Server certificate for hope.fr.nessus.org, CN=hope.fr.nessus.org/emailAddress=nessusd@hope.fr.nessus.org; Subject Public Key Info:; Public Key Algorithm: rsaEncryption; RSA Public Key: (1024 bit); Modulus (1024 bit):; 00:d6:9e:95:97:8d:17:41:a3:1b:c0:7a:2a:38:06:; ae:3c:5b:0d:25:4c:6c:d3:9b:91:2c:c6:72:d0:95:; 77:9c:7e:8c:e0:70:0e:2d:06:e9:fe:2a:e7:89:0e:; 4f:77:0f:c1:c3:4c:ec:03:59:31:cd:5b:a0:a8:6f:; 82:64:90:b7:71:9c:ab:b2:00:55:36:92:22:85:91:; 58:56:80:17:9e:57:82:b1:22:81:46:23:41:48:bb:; 48:82:58:69:2e:db:09:cc:0d:60:0e:c0:ce:8f:48:; 07:51:7b:2c:17:60:d8:d6:f1:25:eb:8f:7e:de:14:; df:ad:9a:b9:33:21:00:1c:8f; Exponent: 65537 (0x10001); X509v3 extensions:; Netscape Cert Type: ; SSL Server; X509v3 Key Usage: ; Digital Signature, Non Repudiation, Key Encipherment; Netscape Comment: ; OpenSSL Generated Certificate; X509v3 Subject Key Identifier: ; C1:91:57:94:5E:51:A2:46:C6:DD:71:71:28:AC:5E:48:CB:6A:C8:B8; X509v3 Authority Key Identifier: ; keyid:65:1C:84:AB:83:29:20:64:F2:A9:D1:C5:A9:0B:44:C6:DF:D3:AB:22; DirName:/C=FR/ST=none/L=Paris/O=Nessus Users United/OU=Certification Authority for hope.fr.nessus.org/CN=hope.fr.nessus.org/emailAddress=ca@hope.fr.nessus.org; serial:00;; X509v3 Subject Alternative Name: ; email:nessusd@hope.fr.nessus.org; X509v3 Issuer Alternative Name: ; <EMPTY>;; Signature Algorithm: md5WithRSAEncryption; 5e:f2:a6:31:78:c0:65:42:64:29:2a:4c:47:10:a8:2f:68:44:; 35:54:a2:37:5f:07:e3:6a:9d:83:c3:59:53:d1:38:3a:8b:92:; 78:2a:9b:ea:bd:69:23:11:87:59:e1:a8:7d:78:75:e7:4f:6d:; c0:d7:ab:af:35:a3:f2:46:1c:54:c7:43:d0:af:88:dd:f3:fb:; b9:0b:83:7a:ca:cb:00:85:bf:0e:e5:06:c9:c5:81:01:88:41:; 3d:6e:14:92:7f:a4:5f:cf:63:87:e0:cf:7a:b4:09:25:c6:3c:; cb:23:39:60:e8:d3:77:73:08:af:8d:01:ec:92:81:95:6f:3a:; c6:9b;This TLSv1 server does not accept SSLv2 connections.;This TLSv1 server does not accept SSLv3 connections.;;Nessus ID : 10863 |
| Informational |
mysql (3306/tcp) |
An unknown service is running on this port.;It is usually reserved for MySQL;Nessus ID : 10330 |
| Informational |
tftp (69/udp) |
;The remote host is running a tftpd server.;;Solution : If you do not use this service, you should disable it.;Risk factor : Low;Nessus ID : 11819 |
| Informational |
general/udp |
For your information, here is the traceroute to 172.20.100.59 : ;172.20.100.55;172.20.100.59;;Nessus ID : 10287 |
| Warning |
general/tcp |
;The remote host does not discard TCP SYN packets which;have the FIN flag set.;;Depending on the kind of firewall you are using, an;attacker may use this flaw to bypass its rules.;;See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html; http://www.kb.cert.org/vuls/id/464113; ;Solution : Contact your vendor for a patch;Risk factor : Medium;BID : 7487;Nessus ID : 11618 |
| Informational |
general/tcp |
172.20.100.59 resolves as ftp.corp.tenablesecurity.com.;Nessus ID : 12053 |
| Informational |
general/tcp |
The remote host is running one of these operating systems : ;FreeBSD 4.9;FreeBSD 4.8;FreeBSD 4.7;Nessus ID : 11936 |
| Warning |
general/icmp |
;The remote system does not have its clock synchronised accurately. ;;If the clock is not synchronised precisely then the reliability of key protocols, ;such as Kerberos, may be impacted. In addition, audit trail information will be ;inaccurate and potentially inadmissible should a forensic analysis be required.;;The finding was detected via the ICMP TIMESTAMP protocol which had a drift value of ;177 seconds.;;Note: This finding is as a result of comparing the remote host to the local host. ;Needless to say that if the local hosts clock is not itself synchronised, then the results will be misleading.;;Solution: Synchronise the hosts clock to a source of known precision using a reliable ;mechanism, such as NTP.;;Risk factor: Low;Nessus ID : 15538 |