stdClass Object
(
[status] => 0
[sessionToken] => VhvF93vCXKScVlhxpEdguaawi4oFdXC8R7lkF3FXrkM4cI8EPKf$2BkoImFjzEkNnvugO$2F71ZQd5mjoCTE3tvLd5$2F5YnZRqpgGdchUbJKc
)
stdClass Object
(
[status] => 0
[scancount] => 2
[scans] => Array
(
[0] => stdClass Object
(
[scanuid] => 1100005104
[hostip] => 192.168.1.1
[time_queued] => 1406521085
[time_start] => 1406521141
[time_end] => 1406527742
[folder] => Unfiled
[type] => standard
)
[1] => stdClass Object
(
[scanuid] => 1100005103
[hostip] => 192.168.1.1
[time_queued] => 1406503436
[time_start] => 1406503441
[time_end] => 1406509921
[folder] => Unfiled
[type] => standard
)
)
)
stdClass Object
(
[status] => 0
[scaninfo] => stdClass Object
(
[basic] => stdClass Object
(
[scanuid] => 1100005104
[scantype] => portvuln
[scanattr] =>
[scanportstcp] =>
[promocode] => 0
[hostip] => 192.168.1.1
[detail_supplement] => 1
[title] => Standard Security Audit
[reporttype] => standard
[totalnaslentries] => 96
[merge] => 0
[mergelist] =>
[qjtime] => 1406521085
[sjtime] => 1406521141
[ejtime] => 1406527742
)
[risk] => stdClass Object
(
[high] => 17
[medium] => 6
[low] => 10
[other] => 63
)
[riskcatgrid] => stdClass Object
(
[Service detection:other] => 23
[General:other] => 10
[Windows:other] => 8
[RPC:low] => 2
[General:low] => 4
[Product detection:other] => 2
[Service detection:low] => 1
[CGI abuses:other] => 2
[Windows:medium] => 2
[Windows:low] => 2
[Useless services:medium] => 1
[General:medium] => 2
[Remote file access:high] => 2
[RPC:other] => 15
[Backdoors:high] => 2
[Service detection:high] => 1
[RPC:high] => 3
[Databases:other] => 1
[Denial of Service:high] => 4
[Default Accounts:other] => 2
[Windows:high] => 3
[Misc.:low] => 1
[General:high] => 1
[Denial of Service:medium] => 1
[Web Servers:high] => 1
)
[entries] => stdClass Object
(
[other] => stdClass Object
(
[1100005104_58] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.902799
[shortid] => 902799
[ip] => 192.168.1.1
[port] => mysql (3306/tcp)
[description] => MySQL can be accessed by remote attackers<BR>
[type] => LOG
[static_description] => <BR> Overview: The host is running a Database server and is prone to information<BR> disclosure vulnerability.<BR><BR> Vulnerability Insight:<BR> Do not restricting direct access of databases to the remote systems.<BR><BR> Impact:<BR> Successful exploitation could allow an attacker to obtain the sensitive<BR> information of the database.<BR><BR> Impact Level: Application<BR><BR> Affected Software/OS:<BR> MySQL<BR> IBM DB2<BR> PostgreSQL<BR> IBM solidDB<BR> Oracle Database<BR> Microsoft SQL Server<BR><BR> Workaround:<BR> Restrict Database access to remote systems.<BR><BR> References:<BR> https://www.pcisecuritystandards.org/security_standards/index.php?id=pci_dss_v1-2.pdf
[risk] => other
[title] => Database Open Access Vulnerability
[cat] => Databases
[cve] => NOCVE
[entrykey] => 1100005104_58
[shortkey] => 58
[baseline] => new
)
[1100005104_25] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.900348
[shortid] => 900348
[ip] => 192.168.1.1
[port] => general/tcp
[description] => CUPS version 1.5.3 running at location /admin/ was detected on the host<BR>
[type] => NOTE
[static_description] => <BR> Overview: This script detects the installed version of CUPS (Common UNIX<BR> Printing System) and sets the result in KB.
[risk] => other
[title] => CUPS Version Detection
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_25
[shortkey] => 25
[baseline] => new
)
[1100005104_26] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.900348
[shortid] => 900348
[ip] => 192.168.1.1
[port] => general/tcp
[description] => CUPS version 1.5.3 running at location / was detected on the host<BR>
[type] => NOTE
[static_description] => <BR> Overview: This script detects the installed version of CUPS (Common UNIX<BR> Printing System) and sets the result in KB.
[risk] => other
[title] => CUPS Version Detection
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_26
[shortkey] => 26
[baseline] => new
)
[1100005104_24] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.900348
[shortid] => 900348
[ip] => 192.168.1.1
[port] => general/tcp
[description] => CUPS version 1.5.3 running at location / was detected on the host<BR>
[type] => NOTE
[static_description] => <BR> Overview: This script detects the installed version of CUPS (Common UNIX<BR> Printing System) and sets the result in KB.
[risk] => other
[title] => CUPS Version Detection
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_24
[shortkey] => 24
[baseline] => new
)
[1100005104_94] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.810003
[shortid] => 810003
[ip] => 192.168.1.1
[port] => general/HOST-T
[description] => traceroute:192.168.1.100,192.168.1.1<BR>TCP ports:<BR>UDP ports:<BR><BR>
[type] => LOG
[static_description] => This NVT summarizes technical information about the scanned host<BR>collected during the scan.
[risk] => other
[title] => Host Summary
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_94
[shortkey] => 94
)
[1100005104_65] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.804449
[shortid] => 804449
[ip] => 192.168.1.1
[port] => microsoft-ds (445/tcp)
[description] => It was possible to log into the remote host using the SMB protocol.<BR><BR>
[type] => LOG
[static_description] => <BR> Summary:<BR> A number of known default credentials is tried for log in via SMB protocol.<BR><BR> Solution:<BR> Change the password as soon as possible.
[risk] => other
[title] => SMB Brute Force Logins With Default Credentials
[cat] => Default Accounts
[cve] => NOCVE
[entrykey] => 1100005104_65
[shortkey] => 65
)
[1100005104_64] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.804449
[shortid] => 804449
[ip] => 192.168.1.1
[port] => microsoft-ds (445/tcp)
[description] => It was possible to log into the remote host using the SMB protocol.<BR><BR>
[type] => LOG
[static_description] => <BR> Summary:<BR> A number of known default credentials is tried for log in via SMB protocol.<BR><BR> Solution:<BR> Change the password as soon as possible.
[risk] => other
[title] => SMB Brute Force Logins With Default Credentials
[cat] => Default Accounts
[cve] => NOCVE
[entrykey] => 1100005104_64
[shortkey] => 64
)
[1100005104_21] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.800109
[shortid] => 800109
[ip] => 192.168.1.1
[port] => http (80/tcp)
[description] => Detected PHP version: 5.4.4<BR>Location: tcp/80<BR>CPE: cpe:/a:php:php:5.4.4<BR><BR>Concluded from version identification result:<BR>X-Powered-By: PHP/5.4.4-14+deb7u12\r<BR><BR><BR>
[type] => LOG
[static_description] => Remote detection of PHP version.<BR> <BR>The script sends a connection request to the server and attempts to<BR>extract the version number from the reply.
[risk] => other
[title] => PHP Version Detection
[cat] => Product detection
[cve] => NOCVE
[entrykey] => 1100005104_21
[shortkey] => 21
)
[1100005104_79] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.103978
[shortid] => 103978
[ip] => 192.168.1.1
[port] => general/tcp
[description] => Open UDP ports: [None found]<BR>
[type] => LOG
[static_description] => Overview: Collects all open UDP ports of the<BR>UDP ports identified so far.
[risk] => other
[title] => Checks for open udp ports
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_79
[shortkey] => 79
)
[1100005104_34] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.103190
[shortid] => 103190
[ip] => 192.168.1.1
[port] => general/icmp
[description] => Overview:<BR>The remote host responded to an ICMP timestamp request. The Timestamp Reply is<BR>an ICMP message which replies to a Timestamp message. It consists of the<BR>originating timestamp sent by the sender of the Timestamp as well as a receive<BR>timestamp and a transmit timestamp. This information could theoretically be used<BR>to exploit weak time-based random number generators in other services.<BR><BR>See also:<BR>http://www.ietf.org/rfc/rfc0792.txt<BR>
[type] => LOG
[static_description] => Overview:<BR>The remote host responded to an ICMP timestamp request. The Timestamp Reply is<BR>an ICMP message which replies to a Timestamp message. It consists of the<BR>originating timestamp sent by the sender of the Timestamp as well as a receive<BR>timestamp and a transmit timestamp. This information could theoretically be used<BR>to exploit weak time-based random number generators in other services.<BR><BR>See also:<BR>http://www.ietf.org/rfc/rfc0792.txt
[risk] => other
[title] => ICMP Timestamp Detection
[cat] => Service detection
[cve] => CVE-1999-0524
[entrykey] => 1100005104_34
[shortkey] => 34
)
[1100005104_10] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.102011
[shortid] => 102011
[ip] => 192.168.1.1
[port] => microsoft-ds (445/tcp)
[description] => <BR>Overview:<BR>It is possible to extract OS, domain and SMB server information<BR>from the Session Setup AndX Response packet which is generated<BR>during NTLM authentication.<BR>Detected SMB workgroup: MINIX<BR>Detected SMB server: Samba 3.6.6<BR>Detected OS: Unix<BR><BR>
[type] => LOG
[static_description] => <BR>Overview:<BR>It is possible to extract OS, domain and SMB server information<BR>from the Session Setup AndX Response packet which is generated<BR>during NTLM authentication.<BR>
[risk] => other
[title] => SMB NativeLanMan
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_10
[shortkey] => 10
)
[1100005104_18] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.100152
[shortid] => 100152
[ip] => 192.168.1.1
[port] => mysql (3306/tcp)
[description] => Detected MySQL version: 5.5.37-0+wheezy1-log<BR>Location: 3306/tcp<BR>CPE: cpe:/a:mysql:mysql:5.5.37-<BR><BR>Concluded from version identification result:<BR><BR>5.5.37-0+wheezy1-log mysql_native_password <BR><BR>
[type] => LOG
[static_description] => Detect a running MySQL and store some information in KB
[risk] => other
[title] => MySQL Detection
[cat] => Product detection
[cve] => NOCVE
[entrykey] => 1100005104_18
[shortkey] => 18
)
[1100005104_13] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.100069
[shortid] => 100069
[ip] => 192.168.1.1
[port] => domain (53/tcp)
[description] => <BR><BR> Overview:<BR> A DNS Server is running at this Host.<BR> A Name Server translates domain names into IP addresses. This makes it<BR> possible for a user to access a website by typing in the domain name instead of<BR> the website's actual IP address.<BR>
[type] => NOTE
[static_description] => <BR><BR> Overview:<BR> A DNS Server is running at this Host.<BR> A Name Server translates domain names into IP addresses. This makes it<BR> possible for a user to access a website by typing in the domain name instead of<BR> the website's actual IP address.
[risk] => other
[title] => DNS Server Detection
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_13
[shortkey] => 13
)
[1100005104_12] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.100069
[shortid] => 100069
[ip] => 192.168.1.1
[port] => domain (53/udp)
[description] => <BR><BR> Overview:<BR> A DNS Server is running at this Host.<BR> A Name Server translates domain names into IP addresses. This makes it<BR> possible for a user to access a website by typing in the domain name instead of<BR> the website's actual IP address.<BR>
[type] => NOTE
[static_description] => <BR><BR> Overview:<BR> A DNS Server is running at this Host.<BR> A Name Server translates domain names into IP addresses. This makes it<BR> possible for a user to access a website by typing in the domain name instead of<BR> the website's actual IP address.
[risk] => other
[title] => DNS Server Detection
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_12
[shortkey] => 12
)
[1100005104_83] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.90011
[shortid] => 90011
[ip] => 192.168.1.1
[port] => general/SMBClient
[description] => OS Version = UNIX<BR>Domain = MINIX<BR>SMB Serverversion = Samba 3.6.6<BR><BR>
[type] => NOTE
[static_description] => Test remote host SMB Functions
[risk] => other
[title] => SMB Test
[cat] => Windows
[cve] => NOCVE
[entrykey] => 1100005104_83
[shortkey] => 83
)
[1100005104_84] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.90011
[shortid] => 90011
[ip] => 192.168.1.1
[port] => general/SMBClient
[description] => OS Version = UNIX<BR>Domain = MINIX<BR>SMB Serverversion = SAMBA 3.6.6<BR><BR>
[type] => NOTE
[static_description] => Test remote host SMB Functions
[risk] => other
[title] => SMB Test
[cat] => Windows
[cve] => NOCVE
[entrykey] => 1100005104_84
[shortkey] => 84
)
[1100005104_82] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.90011
[shortid] => 90011
[ip] => 192.168.1.1
[port] => general/SMBClient
[description] => OS Version = Unix<BR>Domain = MINIX<BR>SMB Serverversion = SAMBA 3.6.6<BR><BR>
[type] => NOTE
[static_description] => Test remote host SMB Functions
[risk] => other
[title] => SMB Test
[cat] => Windows
[cve] => NOCVE
[entrykey] => 1100005104_82
[shortkey] => 82
)
[1100005104_81] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.90011
[shortid] => 90011
[ip] => 192.168.1.1
[port] => general/SMBClient
[description] => OS Version = Unix<BR>Domain = MINIX<BR>SMB Serverversion = Samba 3.6.6<BR><BR>
[type] => NOTE
[static_description] => Test remote host SMB Functions
[risk] => other
[title] => SMB Test
[cat] => Windows
[cve] => NOCVE
[entrykey] => 1100005104_81
[shortkey] => 81
)
[1100005104_85] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.51662
[shortid] => 51662
[ip] => 192.168.1.1
[port] => general/tcp
[description] => Here is the route from 192.168.1.100 to 192.168.1.1:<BR><BR>192.168.1.100<BR>192.168.1.1<BR><BR>
[type] => LOG
[static_description] => A traceroute from the scanning server to the target system was<BR> conducted. This traceroute is provided primarily for informational<BR> value only. In the vast majority of cases, it does not represent a<BR> vulnerability. However, if the displayed traceroute contains any<BR> private addresses that should not have been publicly visible, then you<BR> have an issue you need to correct.<BR><BR> Solution : Block unwanted packets from escaping your network.
[risk] => other
[title] => Traceroute
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_85
[shortkey] => 85
)
[1100005104_20] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.51283
[shortid] => 51283
[ip] => 192.168.1.1
[port] => http (80/tcp)
[description] => Detected the existence of PHP version 5.4.4<BR>
[type] => NOTE
[static_description] => <BR>We have detected that the remote host has PHP<BR>installed.<BR><BR>Risk factor : None
[risk] => other
[title] => Detect the version of PHP running on host
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_20
[shortkey] => 20
)
[1100005104_62] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.14788
[shortid] => 14788
[ip] => 192.168.1.1
[port] => general/tcp
[description] => The following IP protocols are accepted on this host:<BR>1\tICMP<BR>2\tIGMP<BR>6\tTCP<BR>17\tUDP<BR>103\tPIM<BR>136\tUDPLite<BR><BR>
[type] => NOTE
[static_description] => <BR>This plugin detects the protocols understood by the remote IP stack.
[risk] => other
[title] => IP protocols scan
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_62
[shortkey] => 62
)
[1100005104_74] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.14674
[shortid] => 14674
[ip] => 192.168.1.1
[port] => domain (53/tcp)
[description] => identd reveals that this service is running as user root\r<BR><BR>
[type] => NOTE
[static_description] => <BR>This plugin uses identd (RFC 1413) to determine which user is <BR>running each service
[risk] => other
[title] => Identd scan
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_74
[shortkey] => 74
)
[1100005104_70] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.14674
[shortid] => 14674
[ip] => 192.168.1.1
[port] => ident (113/tcp)
[description] => identd reveals that this service is running as user identd\r<BR><BR>
[type] => NOTE
[static_description] => <BR>This plugin uses identd (RFC 1413) to determine which user is <BR>running each service
[risk] => other
[title] => Identd scan
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_70
[shortkey] => 70
)
[1100005104_69] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.14674
[shortid] => 14674
[ip] => 192.168.1.1
[port] => lds-distrib (6543/tcp)
[description] => identd reveals that this service is running as user root\r<BR><BR>
[type] => NOTE
[static_description] => <BR>This plugin uses identd (RFC 1413) to determine which user is <BR>running each service
[risk] => other
[title] => Identd scan
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_69
[shortkey] => 69
)
[1100005104_67] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.14674
[shortid] => 14674
[ip] => 192.168.1.1
[port] => microsoft-ds (445/tcp)
[description] => identd reveals that this service is running as user root\r<BR><BR>
[type] => NOTE
[static_description] => <BR>This plugin uses identd (RFC 1413) to determine which user is <BR>running each service
[risk] => other
[title] => Identd scan
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_67
[shortkey] => 67
)
[1100005104_73] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.14674
[shortid] => 14674
[ip] => 192.168.1.1
[port] => mysql (3306/tcp)
[description] => identd reveals that this service is running as user mysql\r<BR><BR>
[type] => NOTE
[static_description] => <BR>This plugin uses identd (RFC 1413) to determine which user is <BR>running each service
[risk] => other
[title] => Identd scan
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_73
[shortkey] => 73
)
[1100005104_72] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.14674
[shortid] => 14674
[ip] => 192.168.1.1
[port] => netbios-ssn (139/tcp)
[description] => identd reveals that this service is running as user root\r<BR><BR>
[type] => NOTE
[static_description] => <BR>This plugin uses identd (RFC 1413) to determine which user is <BR>running each service
[risk] => other
[title] => Identd scan
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_72
[shortkey] => 72
)
[1100005104_71] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.14674
[shortid] => 14674
[ip] => 192.168.1.1
[port] => nfs (2049/tcp)
[description] => identd reveals that this service is running as user root\r<BR><BR>
[type] => NOTE
[static_description] => <BR>This plugin uses identd (RFC 1413) to determine which user is <BR>running each service
[risk] => other
[title] => Identd scan
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_71
[shortkey] => 71
)
[1100005104_68] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.14674
[shortid] => 14674
[ip] => 192.168.1.1
[port] => sunrpc (111/tcp)
[description] => identd reveals that this service is running as user root\r<BR><BR>
[type] => NOTE
[static_description] => <BR>This plugin uses identd (RFC 1413) to determine which user is <BR>running each service
[risk] => other
[title] => Identd scan
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_68
[shortkey] => 68
)
[1100005104_75] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.14674
[shortid] => 14674
[ip] => 192.168.1.1
[port] => swat (901/tcp)
[description] => identd reveals that this service is running as user root\r<BR><BR>
[type] => NOTE
[static_description] => <BR>This plugin uses identd (RFC 1413) to determine which user is <BR>running each service
[risk] => other
[title] => Identd scan
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_75
[shortkey] => 75
)
[1100005104_87] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.12264
[shortid] => 12264
[ip] => 192.168.1.1
[port] => general/icmp
[description] => Here is the route recorded between 192.168.1.100 and 192.168.1.1 :<BR>192.168.1.1.<BR>192.168.1.1.<BR><BR>
[type] => NOTE
[static_description] => <BR>This plugin sends packets with the 'Record Route' option. <BR>It is a complement to traceroute.
[risk] => other
[title] => Record route
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_87
[shortkey] => 87
)
[1100005104_53] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11951
[shortid] => 11951
[ip] => 192.168.1.1
[port] => domain (53/udp)
[description] => <BR>Nessus was not able to reliable identify the remote DNS server type.<BR>It might be :<BR>ISC BIND 9.2.2rc1<BR>The fingerprint differs from these known signatures on 3 points.<BR>If you know which DNS server this host is actually running, please send this signature to <BR>dns-signatures@nessus.org : <BR>4q:5:5:1q:1:1:1q:1q:1q:5:0AAXD:5:5:5Z0:5:5:4q:4q:4q:5:5:5:0AAXD:<BR>
[type] => NOTE
[static_description] => <BR>This script attempts to identify the remote DNS server type and version<BR>by sending various invalid requests to the remote DNS server and analyzing<BR>the error codes returned.<BR><BR>See also : http://cr.yp.to/surveys/dns1.html<BR>Risk factor : None
[risk] => other
[title] => DNS Server Fingerprint
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_53
[shortkey] => 53
)
[1100005104_43] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11111
[shortid] => 11111
[ip] => 192.168.1.1
[port] => sunrpc (111/tcp)
[description] => RPC program #100021 version 1 'nlockmgr' is running on port 59978<BR>RPC program #100021 version 3 'nlockmgr' is running on port 59978<BR>RPC program #100021 version 4 'nlockmgr' is running on port 59978<BR><BR>
[type] => NOTE
[static_description] => <BR>This script calls the DUMP RPC on the port mapper, to obtain the<BR>list of all registered programs.
[risk] => other
[title] => rpcinfo -p
[cat] => RPC
[cve] => NOCVE
[entrykey] => 1100005104_43
[shortkey] => 43
)
[1100005104_41] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11111
[shortid] => 11111
[ip] => 192.168.1.1
[port] => sunrpc (111/tcp)
[description] => RPC program #100005 version 3 'mountd' (mount showmount) is running on port 40962<BR><BR>
[type] => NOTE
[static_description] => <BR>This script calls the DUMP RPC on the port mapper, to obtain the<BR>list of all registered programs.
[risk] => other
[title] => rpcinfo -p
[cat] => RPC
[cve] => NOCVE
[entrykey] => 1100005104_41
[shortkey] => 41
)
[1100005104_42] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11111
[shortid] => 11111
[ip] => 192.168.1.1
[port] => sunrpc (111/tcp)
[description] => RPC program #100005 version 1 'mountd' (mount showmount) is running on port 41576<BR><BR>
[type] => NOTE
[static_description] => <BR>This script calls the DUMP RPC on the port mapper, to obtain the<BR>list of all registered programs.
[risk] => other
[title] => rpcinfo -p
[cat] => RPC
[cve] => NOCVE
[entrykey] => 1100005104_42
[shortkey] => 42
)
[1100005104_40] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11111
[shortid] => 11111
[ip] => 192.168.1.1
[port] => sunrpc (111/tcp)
[description] => RPC program #100005 version 2 'mountd' (mount showmount) is running on port 39798<BR><BR>
[type] => NOTE
[static_description] => <BR>This script calls the DUMP RPC on the port mapper, to obtain the<BR>list of all registered programs.
[risk] => other
[title] => rpcinfo -p
[cat] => RPC
[cve] => NOCVE
[entrykey] => 1100005104_40
[shortkey] => 40
)
[1100005104_39] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11111
[shortid] => 11111
[ip] => 192.168.1.1
[port] => sunrpc (111/tcp)
[description] => RPC program #100003 version 2 'nfs' (nfsprog) is running on port 2049<BR>RPC program #100003 version 3 'nfs' (nfsprog) is running on port 2049<BR>RPC program #100003 version 4 'nfs' (nfsprog) is running on port 2049<BR>RPC program #100227 version 2 'nfs_acl' is running on port 2049<BR>RPC program #100227 version 3 'nfs_acl' is running on port 2049<BR><BR>
[type] => NOTE
[static_description] => <BR>This script calls the DUMP RPC on the port mapper, to obtain the<BR>list of all registered programs.
[risk] => other
[title] => rpcinfo -p
[cat] => RPC
[cve] => NOCVE
[entrykey] => 1100005104_39
[shortkey] => 39
)
[1100005104_38] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11111
[shortid] => 11111
[ip] => 192.168.1.1
[port] => sunrpc (111/tcp)
[description] => RPC program #391002 version 2 'sgi_fam' (fam) is running on port 738<BR><BR>
[type] => NOTE
[static_description] => <BR>This script calls the DUMP RPC on the port mapper, to obtain the<BR>list of all registered programs.
[risk] => other
[title] => rpcinfo -p
[cat] => RPC
[cve] => NOCVE
[entrykey] => 1100005104_38
[shortkey] => 38
)
[1100005104_44] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11111
[shortid] => 11111
[ip] => 192.168.1.1
[port] => sunrpc (111/tcp)
[description] => RPC program #100024 version 1 'status' is running on port 60173<BR><BR>
[type] => NOTE
[static_description] => <BR>This script calls the DUMP RPC on the port mapper, to obtain the<BR>list of all registered programs.
[risk] => other
[title] => rpcinfo -p
[cat] => RPC
[cve] => NOCVE
[entrykey] => 1100005104_44
[shortkey] => 44
)
[1100005104_37] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11111
[shortid] => 11111
[ip] => 192.168.1.1
[port] => sunrpc (111/tcp)
[description] => RPC program #100000 version 4 'portmapper' (portmap sunrpc rpcbind) is running on port 111<BR>RPC program #100000 version 3 'portmapper' (portmap sunrpc rpcbind) is running on port 111<BR>RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on port 111<BR><BR>
[type] => NOTE
[static_description] => <BR>This script calls the DUMP RPC on the port mapper, to obtain the<BR>list of all registered programs.
[risk] => other
[title] => rpcinfo -p
[cat] => RPC
[cve] => NOCVE
[entrykey] => 1100005104_37
[shortkey] => 37
)
[1100005104_47] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11111
[shortid] => 11111
[ip] => 192.168.1.1
[port] => sunrpc (111/udp)
[description] => RPC program #100005 version 2 'mountd' (mount showmount) is running on port 35248<BR><BR>
[type] => NOTE
[static_description] => <BR>This script calls the DUMP RPC on the port mapper, to obtain the<BR>list of all registered programs.
[risk] => other
[title] => rpcinfo -p
[cat] => RPC
[cve] => NOCVE
[entrykey] => 1100005104_47
[shortkey] => 47
)
[1100005104_46] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11111
[shortid] => 11111
[ip] => 192.168.1.1
[port] => sunrpc (111/udp)
[description] => RPC program #100003 version 2 'nfs' (nfsprog) is running on port 2049<BR>RPC program #100003 version 3 'nfs' (nfsprog) is running on port 2049<BR>RPC program #100003 version 4 'nfs' (nfsprog) is running on port 2049<BR>RPC program #100227 version 2 'nfs_acl' is running on port 2049<BR>RPC program #100227 version 3 'nfs_acl' is running on port 2049<BR><BR>
[type] => NOTE
[static_description] => <BR>This script calls the DUMP RPC on the port mapper, to obtain the<BR>list of all registered programs.
[risk] => other
[title] => rpcinfo -p
[cat] => RPC
[cve] => NOCVE
[entrykey] => 1100005104_46
[shortkey] => 46
)
[1100005104_48] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11111
[shortid] => 11111
[ip] => 192.168.1.1
[port] => sunrpc (111/udp)
[description] => RPC program #100021 version 1 'nlockmgr' is running on port 35563<BR>RPC program #100021 version 3 'nlockmgr' is running on port 35563<BR>RPC program #100021 version 4 'nlockmgr' is running on port 35563<BR><BR>
[type] => NOTE
[static_description] => <BR>This script calls the DUMP RPC on the port mapper, to obtain the<BR>list of all registered programs.
[risk] => other
[title] => rpcinfo -p
[cat] => RPC
[cve] => NOCVE
[entrykey] => 1100005104_48
[shortkey] => 48
)
[1100005104_49] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11111
[shortid] => 11111
[ip] => 192.168.1.1
[port] => sunrpc (111/udp)
[description] => RPC program #100024 version 1 'status' is running on port 37753<BR><BR>
[type] => NOTE
[static_description] => <BR>This script calls the DUMP RPC on the port mapper, to obtain the<BR>list of all registered programs.
[risk] => other
[title] => rpcinfo -p
[cat] => RPC
[cve] => NOCVE
[entrykey] => 1100005104_49
[shortkey] => 49
)
[1100005104_51] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11111
[shortid] => 11111
[ip] => 192.168.1.1
[port] => sunrpc (111/udp)
[description] => RPC program #100005 version 1 'mountd' (mount showmount) is running on port 60580<BR><BR>
[type] => NOTE
[static_description] => <BR>This script calls the DUMP RPC on the port mapper, to obtain the<BR>list of all registered programs.
[risk] => other
[title] => rpcinfo -p
[cat] => RPC
[cve] => NOCVE
[entrykey] => 1100005104_51
[shortkey] => 51
)
[1100005104_50] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11111
[shortid] => 11111
[ip] => 192.168.1.1
[port] => sunrpc (111/udp)
[description] => RPC program #100005 version 3 'mountd' (mount showmount) is running on port 46804<BR><BR>
[type] => NOTE
[static_description] => <BR>This script calls the DUMP RPC on the port mapper, to obtain the<BR>list of all registered programs.
[risk] => other
[title] => rpcinfo -p
[cat] => RPC
[cve] => NOCVE
[entrykey] => 1100005104_50
[shortkey] => 50
)
[1100005104_45] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11111
[shortid] => 11111
[ip] => 192.168.1.1
[port] => sunrpc (111/udp)
[description] => RPC program #100000 version 4 'portmapper' (portmap sunrpc rpcbind) is running on port 111<BR>RPC program #100000 version 3 'portmapper' (portmap sunrpc rpcbind) is running on port 111<BR>RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on port 111<BR><BR>
[type] => NOTE
[static_description] => <BR>This script calls the DUMP RPC on the port mapper, to obtain the<BR>list of all registered programs.
[risk] => other
[title] => rpcinfo -p
[cat] => RPC
[cve] => NOCVE
[entrykey] => 1100005104_45
[shortkey] => 45
)
[1100005104_15] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11032
[shortid] => 11032
[ip] => 192.168.1.1
[port] => http (80/tcp)
[description] => The following directories were discovered:<BR>/icons, /javascript, /manual<BR><BR>While this is not, in and of itself, a bug, you should manually inspect <BR>these directories to ensure that they are in compliance with company<BR>security standards<BR><BR>
[type] => NOTE
[static_description] => <BR>This plugin attempts to determine the presence of various<BR>common dirs on the remote web server
[risk] => other
[title] => Directory Scanner
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_15
[shortkey] => 15
)
[1100005104_16] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11032
[shortid] => 11032
[ip] => 192.168.1.1
[port] => ipp (631/tcp)
[description] => The following directories were discovered:<BR>/admin, /admin-bak, /admin-old, /admin.back, /admin_, /administration, /administrator, /adminuser, /adminweb, /classes, /es, /help, /helpdesk, /printers, /fr<BR><BR>While this is not, in and of itself, a bug, you should manually inspect <BR>these directories to ensure that they are in compliance with company<BR>security standards<BR><BR>
[type] => NOTE
[static_description] => <BR>This plugin attempts to determine the presence of various<BR>common dirs on the remote web server
[risk] => other
[title] => Directory Scanner
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_16
[shortkey] => 16
)
[1100005104_7] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11011
[shortid] => 11011
[ip] => 192.168.1.1
[port] => microsoft-ds (445/tcp)
[description] => A CIFS server is running on this port<BR>
[type] => NOTE
[static_description] => <BR>This script detects wether port 445 and 139 are open and<BR>if thet are running SMB servers.<BR><BR>Risk factor : None
[risk] => other
[title] => SMB on port 445
[cat] => Windows
[cve] => NOCVE
[entrykey] => 1100005104_7
[shortkey] => 7
)
[1100005104_8] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11011
[shortid] => 11011
[ip] => 192.168.1.1
[port] => netbios-ssn (139/tcp)
[description] => An SMB server is running on this port<BR>
[type] => NOTE
[static_description] => <BR>This script detects wether port 445 and 139 are open and<BR>if thet are running SMB servers.<BR><BR>Risk factor : None
[risk] => other
[title] => SMB on port 445
[cat] => Windows
[cve] => NOCVE
[entrykey] => 1100005104_8
[shortkey] => 8
)
[1100005104_95] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10919
[shortid] => 10919
[ip] => 192.168.1.1
[port] => ipp (631/tcp)
[description] => This port was detected as being open by a port scanner but is now closed.<BR>This service might have been crashed by a port scanner or by a plugin<BR><BR>
[type] => NOTE
[static_description] => <BR>This plugin checks if the port scanners did not kill a service.
[risk] => other
[title] => Check open ports
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_95
[shortkey] => 95
)
[1100005104_22] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10662
[shortid] => 10662
[ip] => 192.168.1.1
[port] => ipp (631/tcp)
[description] => The following CGI have been discovered :<BR><BR>Syntax : cginame (arguments [default value])<BR><BR>/help/accounting.html (SEARCH [Search] CLEAR [Clear] PRINTABLE [YES] QUERY [] TOPIC [Getting+Started] )<BR>/help/options.html (SEARCH [Search] CLEAR [Clear] QUERY [] TOPIC [Getting+Started] )<BR>/help/sharing.html (QUERY [] TOPIC [Getting+Started] )<BR>/admin/ (org.cups.sid [be037472c7280e1ababf0986c7e00ea7] OP [add-printer] )<BR>/help/translation.html (QUERY [] TOPIC [Getting+Started] )<BR>/help/policies.html (SEARCH [Search] CLEAR [Clear] TOPIC [Getting+Started] QUERY [] )<BR>/printers/ (FIRST [{FIRST}] CLEAR [Clear] ORDER [dec 3c] WHICH_JOBS [] QUERY [] )<BR>/jobs 94 (which_jobs [completed] )<BR>/help/glossary.html (QUERY [] TOPIC [Getting+Started] )<BR>/jobs 74 (which_jobs [all] )<BR>/help/cgi.html (QUERY [] TOPIC [Getting+Started] )<BR>/help/overview.html (SEARCH [Search] CLEAR [Clear] PRINTABLE [YES] QUERY [] TOPIC [Getting Started] )<BR>/help/standard.html (QUERY [] TOPIC [Getting+Started] )<BR>/help/network.html (QUERY [] TOPIC [Getting+Started] )<BR>/jobs (which_jobs [completed] )<BR>/jobs/ (job_id [4811] FIRST [{FIRST}] CLEAR [Clear] job_printer_uri [/printers/hp_laserjet_1300] ORDER [asc] org.cups.sid [966fb5fec09c4f9f608f5235214b698c] WHICH_JOBS [] QUERY [] OP [restart-job] )<BR>/help/license.html (QUERY [] TOPIC [Getting+Started] )<BR>/help/whatsnew.html (SEARCH [Search] CLEAR [Clear] PRINTABLE [YES] QUERY [] TOPIC [Getting+Started] )<BR>/help/ (SEARCH [Search] CLEAR [Clear] QUERY [] TOPIC [Getting+Started] )<BR>/help/security.html (SEARCH [Search] CLEAR [Clear] PRINTABLE [YES] QUERY [] TOPIC [Getting+Started] )<BR>/classes/ (CLEAR [Clear] QUERY [] )<BR>/admin/log/error_log ()<BR>/admin/log/access_log ()<BR>/help/kerberos.html (SEARCH [Search] CLEAR [Clear] PRINTABLE [YES] QUERY [] TOPIC [Getting+Started] )<BR><BR>
[type] => NOTE
[static_description] => <BR>This script makes a mirror of the remote web site(s)<BR>and extracts the list of CGIs that are used by the remote<BR>host.<BR><BR>Risk factor : None
[risk] => other
[title] => Web mirroring
[cat] => CGI abuses
[cve] => NOCVE
[entrykey] => 1100005104_22
[shortkey] => 22
)
[1100005104_11] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10394
[shortid] => 10394
[ip] => 192.168.1.1
[port] => microsoft-ds (445/tcp)
[description] => It was possible to log into the remote host using the SMB protocol.<BR><BR>
[type] => LOG
[static_description] => <BR> This script attempts to logon into the remote host using <BR> login/password credentials.
[risk] => other
[title] => SMB log in
[cat] => Windows
[cve] => NOCVE
[entrykey] => 1100005104_11
[shortkey] => 11
)
[1100005104_23] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10386
[shortid] => 10386
[ip] => 192.168.1.1
[port] => http (80/tcp)
[description] => <BR>This web server is [mis]configured in that it<BR>does not return '404 Not Found' error codes when<BR>a non-existent file is requested, perhaps returning<BR>a site map, search page or authentication page instead.<BR><BR>Nessus enabled some counter measures for that, however<BR>they might be insufficient. If a great number of security<BR>holes are produced for this port, they might not all be accurate<BR>
[type] => NOTE
[static_description] => <BR>This web server is [mis]configured in that it<BR>does not return '404 Not Found' error codes when<BR>a non-existent file is requested, perhaps returning<BR>a site map, search page or authentication page instead.<BR><BR>Nessus enabled some counter measures for that, however<BR>they might be insufficient. If a great number of security<BR>holes are produced for this port, they might not all be accurate
[risk] => other
[title] => No 404 check
[cat] => CGI abuses
[cve] => NOCVE
[entrykey] => 1100005104_23
[shortkey] => 23
)
[1100005104_2] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10330
[shortid] => 10330
[ip] => 192.168.1.1
[port] => http (80/tcp)
[description] => A web server is running on this port<BR>
[type] => LOG
[static_description] => This plugin attempts to guess which<BR>service is running on the remote ports. For instance,<BR>it searches for a web server which could listen on<BR>another port than 80 and set the results in the plugins<BR>knowledge base.
[risk] => other
[title] => Services
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_2
[shortkey] => 2
)
[1100005104_0] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10330
[shortid] => 10330
[ip] => 192.168.1.1
[port] => ident (113/tcp)
[description] => An identd server is running on this port<BR>
[type] => LOG
[static_description] => This plugin attempts to guess which<BR>service is running on the remote ports. For instance,<BR>it searches for a web server which could listen on<BR>another port than 80 and set the results in the plugins<BR>knowledge base.
[risk] => other
[title] => Services
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_0
[shortkey] => 0
)
[1100005104_4] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10330
[shortid] => 10330
[ip] => 192.168.1.1
[port] => ipp (631/tcp)
[description] => A web server is running on this port<BR>
[type] => LOG
[static_description] => This plugin attempts to guess which<BR>service is running on the remote ports. For instance,<BR>it searches for a web server which could listen on<BR>another port than 80 and set the results in the plugins<BR>knowledge base.
[risk] => other
[title] => Services
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_4
[shortkey] => 4
)
[1100005104_1] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10330
[shortid] => 10330
[ip] => 192.168.1.1
[port] => mysql (3306/tcp)
[description] => An unknown service is running on this port.<BR>It is usually reserved for MySQL<BR>
[type] => LOG
[static_description] => This plugin attempts to guess which<BR>service is running on the remote ports. For instance,<BR>it searches for a web server which could listen on<BR>another port than 80 and set the results in the plugins<BR>knowledge base.
[risk] => other
[title] => Services
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_1
[shortkey] => 1
)
[1100005104_3] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10330
[shortid] => 10330
[ip] => 192.168.1.1
[port] => swat (901/tcp)
[description] => A web server is running on this port<BR>
[type] => LOG
[static_description] => This plugin attempts to guess which<BR>service is running on the remote ports. For instance,<BR>it searches for a web server which could listen on<BR>another port than 80 and set the results in the plugins<BR>knowledge base.
[risk] => other
[title] => Services
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_3
[shortkey] => 3
)
[1100005104_9] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10150
[shortid] => 10150
[ip] => 192.168.1.1
[port] => netbios-ns (137/udp)
[description] => The following 5 NetBIOS names have been gathered :<BR> DT3 = This is the computer name registered for workstation services by a WINS client.<BR> DT3 = This is the current logged in user registered for this workstation.<BR> DT3 = Computer name<BR> MINIX = Workgroup / Domain name (part of the Browser elections)<BR> MINIX = Workgroup / Domain name<BR><BR>. This SMB server seems to be a SAMBA server (this is not a security<BR>risk, this is for your information). This can be told because this server <BR>claims to have a null MAC address<BR><BR>If you do not want to allow everyone to find the NetBios name<BR>of your computer, you should filter incoming traffic to this port.<BR>
[type] => LOG
[static_description] => The NetBIOS port is open (UDP:137). A remote attacker may use this to gain<BR>access to sensitive information such as computer name, workgroup/domain<BR>name, currently logged on user name, etc.<BR><BR>Solution: Block those ports from outside communication
[risk] => other
[title] => Using NetBIOS to retrieve information from a Windows host
[cat] => Windows
[cve] => NOCVE
[entrykey] => 1100005104_9
[shortkey] => 9
)
[1100005104_5] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10107
[shortid] => 10107
[ip] => 192.168.1.1
[port] => http (80/tcp)
[description] => The remote web server type is :<BR><BR>Apache\r<BR><BR>and the 'ServerTokens' directive is ProductOnly<BR>Apache does not permit to hide the server type.<BR><BR>
[type] => NOTE
[static_description] => This detects the HTTP Server's type and version.<BR><BR>Solution: Configure your server to use an alternate name like <BR> 'Wintendo httpD w/Dotmatrix display'<BR>Be sure to remove common logos like apache_pb.gif.<BR>With Apache, you can set the directive 'ServerTokens Prod' to limit<BR>the information emanating from the server in its response headers.
[risk] => other
[title] => HTTP Server type and version
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_5
[shortkey] => 5
)
[1100005104_6] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10107
[shortid] => 10107
[ip] => 192.168.1.1
[port] => ipp (631/tcp)
[description] => The remote web server type is :<BR><BR>CUPS/1.5\r<BR><BR>
[type] => NOTE
[static_description] => This detects the HTTP Server's type and version.<BR><BR>Solution: Configure your server to use an alternate name like <BR> 'Wintendo httpD w/Dotmatrix display'<BR>Be sure to remove common logos like apache_pb.gif.<BR>With Apache, you can set the directive 'ServerTokens Prod' to limit<BR>the information emanating from the server in its response headers.
[risk] => other
[title] => HTTP Server type and version
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_6
[shortkey] => 6
)
)
[low] => stdClass Object
(
[1100005104_19] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.51865
[shortid] => 51865
[ip] => 192.168.1.1
[port] => mysql (3306/tcp)
[description] => Detected MySQL version 5.5.37-0+wheezy1-log<BR>
[type] => NOTE
[static_description] => <BR>We've detect the remote host is running a MySQL server.<BR>We've noted the version number for other tests.<BR>You may wish to reconsider whether or not any address<BR>on the internet should have the right to connect to<BR>your server.<BR><BR>Risk factor : Low
[risk] => low
[title] => Detect existence of MySQL Server
[cat] => Service detection
[cve] => NOCVE
[entrykey] => 1100005104_19
[shortkey] => 19
[baseline] => new
)
[1100005104_77] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.51663
[shortid] => 51663
[ip] => 192.168.1.1
[port] => general/tcp
[description] => The remote host responds to ICMP timestamp requests.<BR>Unless you have a reason for allowing remote systems to determine<BR>your system clock, it is recommended that you block/filter ICMP<BR>Timestamp requests (type 13) and responses (type 14).<BR><BR>Solution : Block unnecessary traffic.<BR><BR>Risk factor : Low<BR>
[type] => NOTE
[static_description] => The remote host responds to ICMP timestamp requests.<BR>Unless you have a reason for allowing remote systems to determine<BR>your system clock, it is recommended that you block/filter ICMP<BR>Timestamp requests (type 13) and responses (type 14).<BR><BR>Solution : Block unnecessary traffic.<BR><BR>Risk factor : Low
[risk] => low
[title] => ICMP timestamp request
[cat] => Misc.
[cve] => NOCVE
[entrykey] => 1100005104_77
[shortkey] => 77
)
[1100005104_17] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11936
[shortid] => 11936
[ip] => 192.168.1.1
[port] => general/tcp
[description] => Nessus was not able to reliably identify the remote operating system. It might be:<BR>Clark Connect Firewall<BR>The fingerprint differs from these known signatures on 2 points.<BR>If you know what operating system this host is running, please send this signature to<BR>os-signatures@nessus.org : <BR>:1:1:0:64:1:64:1:0:64:1:0:64:1:>64:64:0:1:1:2:1:1:1:1:0:64:14480:MSTNW:4:1:1<BR>
[type] => NOTE
[static_description] => <BR>This script attempts to identify the Operating System type and version by<BR>various ways :<BR><BR>- If the remote host is a Windows host, it will attempt to determine its<BR> OS type by sending MSRPC packets on port 135 and guess the OS based on<BR> the results<BR><BR>- If the remote host has a NTP client listening on port 123, this script will<BR> try to ask for the operating system version this way<BR><BR>- Otherwise, this script determines the remote operating system by sending more <BR>or less incorrect ICMP requests using the techniques outlined in Ofir Arkin's <BR>paper 'ICMP Usage In Scanning'.<BR><BR>An attacker may use this to identify the kind of the remote operating<BR>system and gain further knowledge about this host.<BR><BR>See also : http://www.sys-security.com/html/projects/icmp.html (icmp os identification)<BR>Risk factor : Low
[risk] => low
[title] => OS Identification
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_17
[shortkey] => 17
[baseline] => new
)
[1100005104_30] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11919
[shortid] => 11919
[ip] => 192.168.1.1
[port] => http (80/tcp)
[description] => OpenVAS was not able to reliably identify this server. It might be:<BR>WebMail/1.0 [IA WebMail Server version 3.1?]<BR>MLdonkey<BR>MiniServ/0.01 [Webmin]<BR>Gordano Web Server v5.06.0016<BR>The fingerprint differs from these known signatures on 8 point(s)<BR><BR>
[type] => NOTE
[static_description] => <BR>This script tries to identify the HTTP Server type and version by<BR>sending more or less incorrect requests.<BR><BR>An attacker may use this to identify the kind of the remote web server<BR>and gain further knowledge about this host.<BR><BR>Suggestions for defense against fingerprinting are presented in<BR>http://acsac.org/2002/abstracts/96.html<BR><BR>See also : http://ujeni.murkyroc.com/hmap/<BR> http://seclab.cs.ucdavis.edu/papers/hmap-thesis.pdf<BR> <BR>Risk factor : Low
[risk] => low
[title] => HMAP
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_30
[shortkey] => 30
)
[1100005104_31] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11919
[shortid] => 11919
[ip] => 192.168.1.1
[port] => ipp (631/tcp)
[description] => OpenVAS was not able to exactly identify this server. It might be:<BR>CUPS/1.1<BR>The fingerprint differs from these known signatures on 11 point(s)<BR><BR>If you know what this server is and if you are using an up to date version<BR>of this script, please send this signature to www-signatures@openvas.org :<BR>200:200:200:505:400:400:---:400:200:400:400:200:405:405:405:200:400:403:---:200:---:---:---:400::CUPS/1.5<BR><BR>Try to provide as much information as you can: software & operating <BR>system release, sub-version, patch numbers, and specific configuration <BR>options, if any.<BR>
[type] => NOTE
[static_description] => <BR>This script tries to identify the HTTP Server type and version by<BR>sending more or less incorrect requests.<BR><BR>An attacker may use this to identify the kind of the remote web server<BR>and gain further knowledge about this host.<BR><BR>Suggestions for defense against fingerprinting are presented in<BR>http://acsac.org/2002/abstracts/96.html<BR><BR>See also : http://ujeni.murkyroc.com/hmap/<BR> http://seclab.cs.ucdavis.edu/papers/hmap-thesis.pdf<BR> <BR>Risk factor : Low
[risk] => low
[title] => HMAP
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_31
[shortkey] => 31
[baseline] => new
)
[1100005104_28] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10859
[shortid] => 10859
[ip] => 192.168.1.1
[port] => microsoft-ds (445/tcp)
[description] => The host Security Identifier (SID) can be obtained remotely. Its value is :<BR><BR>DT3 : 5-21-1967626547-313393682-1737967816<BR><BR>An attacker can use it to obtain the list of the local users of this host<BR>Solution : filter the ports 137-139 and 445<BR>Risk factor : Low<BR><BR>
[type] => INFO
[static_description] => <BR><BR>This script emulates the call to LsaQueryInformationPolicy()<BR>to obtain the domain (or host) SID (Security Identifier).<BR><BR>The domain/host SID can then be used to get the list<BR>of users of the domain or the list of local users<BR><BR>Risk factor : Low
[risk] => low
[title] => SMB get host SID
[cat] => Windows
[cve] => CVE-2000-1200
[entrykey] => 1100005104_28
[shortkey] => 28
)
[1100005104_60] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10728
[shortid] => 10728
[ip] => 192.168.1.1
[port] => domain (53/tcp)
[description] => <BR>It was possible to determine that the remote BIND<BR>server is running bind 9.x by querying it for the AUTHORS<BR>map.<BR><BR>It is recommended you change the source code to prevent<BR>attackers from fingerprinting your server.<BR><BR>Risk factor : Low<BR>
[type] => NOTE
[static_description] => <BR>It was possible to determine that the remote BIND<BR>server is running bind 9.x by querying it for the AUTHORS<BR>map.<BR><BR>It is recommended you change the source code to prevent<BR>attackers from fingerprinting your server.<BR><BR>Risk factor : Low
[risk] => low
[title] => Determine if Bind 9 is running
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_60
[shortkey] => 60
)
[1100005104_80] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10397
[shortid] => 10397
[ip] => 192.168.1.1
[port] => microsoft-ds (445/tcp)
[description] => Here is the browse list of the remote host : <BR><BR>DT3 - <BR>NFS - <BR><BR><BR>This is potentially dangerous as this may help the attack<BR>of a potential hacker by giving him extra targets to check for<BR><BR>Solution : filter incoming traffic to this port<BR>Risk factor : Low<BR><BR>
[type] => INFO
[static_description] => <BR>This script obtains the remote host browse<BR>list using the \PIPE\LANMAN transaction pipe<BR><BR>Risk factor : Low
[risk] => low
[title] => SMB LanMan Pipe Server browse listing
[cat] => Windows
[cve] => NOCVE
[entrykey] => 1100005104_80
[shortkey] => 80
)
[1100005104_14] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10223
[shortid] => 10223
[ip] => 192.168.1.1
[port] => sunrpc (111/tcp)
[description] => <BR>The RPC portmapper is running on this port.<BR><BR>An attacker may use it to enumerate your list<BR>of RPC services. We recommend you filter traffic<BR>going to this port.<BR><BR>Risk factor : Low<BR>
[type] => NOTE
[static_description] => <BR>The RPC portmapper is running on this port.<BR><BR>An attacker may use it to enumerate your list<BR>of RPC services. We recommend you filter traffic<BR>going to this port.<BR><BR>Risk factor : Low
[risk] => low
[title] => RPC portmapper
[cat] => RPC
[cve] => CVE-1999-0632,CVE-1999-0189
[entrykey] => 1100005104_14
[shortkey] => 14
)
[1100005104_54] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10220
[shortid] => 10220
[ip] => 192.168.1.1
[port] => unknown (35563/udp)
[description] => <BR>The nlockmgr RPC service is running. <BR><BR>If you do not use this service, then disable it as it may become a security<BR>threat in the future, if a vulnerability is discovered.<BR><BR>Risk factor : Low<BR>
[type] => INFO
[static_description] => <BR>The nlockmgr RPC service is running. <BR><BR>If you do not use this service, then disable it as it may become a security<BR>threat in the future, if a vulnerability is discovered.<BR><BR>Risk factor : Low
[risk] => low
[title] => nlockmgr service
[cat] => RPC
[cve] => CVE-2000-0508
[entrykey] => 1100005104_54
[shortkey] => 54
[baseline] => new
)
)
[medium] => stdClass Object
(
[1100005104_89] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.100251
[shortid] => 100251
[ip] => 192.168.1.1
[port] => domain (53/udp)
[description] => <BR><BR>Overview:<BR>ISC BIND is prone to a remote denial-of-service vulnerability because<BR>the application fails to properly handle specially crafted dynamic<BR>update requests.<BR><BR>Successfully exploiting this issue allows remote attackers to crash<BR>affected DNS servers, denying further service to legitimate users.<BR><BR>Versions prior to BIND 9.4.3-P3, 9.5.1-P3, and 9.6.1-P1 are<BR>vulnerable.<BR><BR><BR>Solution:<BR>The vendor released an advisory and fixes to address this issue.<BR>Please see the references for more information.<BR><BR><BR>References:<BR>http://www.securityfocus.com/bid/35848<BR>https://bugzilla.redhat.com/show_bug.cgi?id=514292<BR>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975<BR>http://www.isc.org/products/BIND/<BR>https://www.isc.org/node/474<BR>http://www.kb.cert.org/vuls/id/725188<BR><BR>**It seems that OpenVAS was not able to crash the remote Bind.<BR>According to its version number the remote version of BIND is<BR>anyway vulnerable.<BR>Please check its status right now.<BR><BR>
[type] => INFO
[static_description] => <BR><BR>Overview:<BR>ISC BIND is prone to a remote denial-of-service vulnerability because<BR>the application fails to properly handle specially crafted dynamic<BR>update requests.<BR><BR>Successfully exploiting this issue allows remote attackers to crash<BR>affected DNS servers, denying further service to legitimate users.<BR><BR>Versions prior to BIND 9.4.3-P3, 9.5.1-P3, and 9.6.1-P1 are<BR>vulnerable.<BR><BR><BR>Solution:<BR>The vendor released an advisory and fixes to address this issue.<BR>Please see the references for more information.<BR><BR><BR>References:<BR>http://www.securityfocus.com/bid/35848<BR>https://bugzilla.redhat.com/show_bug.cgi?id=514292<BR>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975<BR>http://www.isc.org/products/BIND/<BR>https://www.isc.org/node/474<BR>http://www.kb.cert.org/vuls/id/725188
[risk] => medium
[title] => ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
[cat] => Denial of Service
[cve] => CVE-2009-0696
[entrykey] => 1100005104_89
[shortkey] => 89
)
[1100005104_32] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.100081
[shortid] => 100081
[ip] => 192.168.1.1
[port] => ident (113/tcp)
[description] => <BR> Overview:<BR> <BR> The remote host is running an ident daemon.<BR><BR> The Ident Protocol is designed to work as a server daemon, on a user's<BR> computer, where it receives requests to a specified port, generally 113. The<BR> server will then send a specially designed response that identifies the<BR> username of the current user.<BR><BR> The ident protocol is considered dangerous because it allows hackers to gain<BR> a list of usernames on a computer system which can later be used for attacks. <BR>
[type] => NOTE
[static_description] => <BR> Overview:<BR> <BR> The remote host is running an ident daemon.<BR><BR> The Ident Protocol is designed to work as a server daemon, on a user's<BR> computer, where it receives requests to a specified port, generally 113. The<BR> server will then send a specially designed response that identifies the<BR> username of the current user.<BR><BR> The ident protocol is considered dangerous because it allows hackers to gain<BR> a list of usernames on a computer system which can later be used for attacks.
[risk] => medium
[title] => Check for ident Service
[cat] => Useless services
[cve] => NOCVE
[entrykey] => 1100005104_32
[shortkey] => 32
)
[1100005104_66] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.80091
[shortid] => 80091
[ip] => 192.168.1.1
[port] => general/tcp
[description] => <BR>Synopsis :<BR><BR>The remote service implements TCP timestamps.<BR><BR>Description :<BR><BR>The remote host implements TCP timestamps, as defined by RFC1323.<BR>A side effect of this feature is that the uptime of the remote <BR>host can sometimes be computed.<BR><BR>See also :<BR><BR>http://www.ietf.org/rfc/rfc1323.txt<BR>
[type] => NOTE
[static_description] => <BR>Synopsis :<BR><BR>The remote service implements TCP timestamps.<BR><BR>Description :<BR><BR>The remote host implements TCP timestamps, as defined by RFC1323.<BR>A side effect of this feature is that the uptime of the remote <BR>host can sometimes be computed.<BR><BR>See also :<BR><BR>http://www.ietf.org/rfc/rfc1323.txt
[risk] => medium
[title] => TCP timestamps
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_66
[shortkey] => 66
)
[1100005104_29] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10860
[shortid] => 10860
[ip] => 192.168.1.1
[port] => microsoft-ds (445/tcp)
[description] => The host SID could be used to enumerate the names of the local users<BR>of this host. <BR>(we only enumerated users name whose ID is between 1000 and 2000<BR>for performance reasons)<BR>This gives extra knowledge to an attacker, which<BR>is not a good thing : <BR>- Guest account name : nobody (id 501)<BR>- root (id 1000)<BR>- daemon (id 1002)<BR>- bin (id 1004)<BR>- sys (id 1006)<BR>- sync (id 1008)<BR>- games (id 1010)<BR>- man (id 1012)<BR>- lp (id 1014)<BR>- mail (id 1016)<BR>- news (id 1018)<BR>- uucp (id 1020)<BR>- proxy (id 1026)<BR>- www-data (id 1066)<BR>- backup (id 1068)<BR>- list (id 1076)<BR>- irc (id 1078)<BR>- gnats (id 1082)<BR>- Debian-exim (id 1200)<BR>- statd (id 1202)<BR>- identd (id 1204)<BR>- messagebus (id 1206)<BR>- avahi (id 1208)<BR>- haldaemon (id 1210)<BR>- postgres (id 1212)<BR><BR>Risk factor : Medium<BR>Solution : filter incoming connections this port<BR><BR>
[type] => INFO
[static_description] => <BR><BR>This script uses the host SID to enumerates<BR>the local users ID from 1000 to 1200 (or whatever you<BR>set this to, in the preferences)<BR><BR>Risk factor : Medium
[risk] => medium
[title] => SMB use host SID to enumerate local users
[cat] => Windows
[cve] => CVE-2000-1200
[entrykey] => 1100005104_29
[shortkey] => 29
)
[1100005104_27] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10395
[shortid] => 10395
[ip] => 192.168.1.1
[port] => microsoft-ds (445/tcp)
[description] => Here is the list of the SMB shares of this host : <BR><BR>print$ - <BR>IPC$ - <BR><BR><BR>This is potentially dangerous as this may help the attack<BR>of a potential hacker.<BR><BR>Solution : filter incoming traffic to this port<BR>Risk factor : Medium<BR>
[type] => INFO
[static_description] => <BR>This script connects to the remote host<BR>using a null session, and enumerates the<BR>exported shares<BR><BR>Risk factor : Medium
[risk] => medium
[title] => SMB shares enumeration
[cat] => Windows
[cve] => NOCVE
[entrykey] => 1100005104_27
[shortkey] => 27
)
[1100005104_33] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10028
[shortid] => 10028
[ip] => 192.168.1.1
[port] => domain (53/tcp)
[description] => BIND 'NAMED' is an open-source DNS server from ISC.org.<BR>Many proprietary DNS servers are based on BIND source code.<BR><BR>The BIND based NAMED servers (or DNS servers) allow remote users<BR>to query for version and type information. The query of the CHAOS<BR>TXT record 'version.bind', will typically prompt the server to send<BR>the information back to the querying source.<BR><BR>The remote bind version is : 9.8.4-rpz2+rl005.12-P1<BR><BR>Solution :<BR>Using the 'version' directive in the 'options' section will block<BR>the 'version.bind' query, but it will not log such attempts.<BR><BR>
[type] => NOTE
[static_description] => <BR>BIND 'NAMED' is an open-source DNS server from ISC.org. Many proprietary<BR>DNS servers are based on BIND source code.<BR><BR>The BIND based NAMED servers (or DNS servers) allow remote users<BR>to query for version and type information. The query of the CHAOS<BR>TXT record 'version.bind', will typically prompt the server to send<BR>the information back to the querying source.<BR><BR><BR>Solution :<BR>Using the 'version' directive in the 'options' section will block<BR>the 'version.bind' query, but it will not log such attempts.
[risk] => medium
[title] => Determine which version of BIND name daemon is running
[cat] => General
[cve] => NOCVE
[entrykey] => 1100005104_33
[shortkey] => 33
)
)
[high] => stdClass Object
(
[1100005104_93] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.902822
[shortid] => 902822
[ip] => 192.168.1.1
[port] => ipp (631/tcp)
[description] => <BR> Overview: This host is running PHP Built-in WebServer and is prone to denial<BR> of service vulnerability.<BR><BR> Vulnerability Insight:<BR> The flaw is due to an error when processing HTTP request with a large<BR> 'Content-Length' header value and can be exploited to cause a denial of<BR> service via a specially crafted packet.<BR><BR> Impact:<BR> Successful exploitation may allow remote attackers to cause the application<BR> to crash, creating a denial-of-service condition.<BR><BR> NOTE: This NVT reports, If similar vulnerability present in different<BR> web-server.<BR><BR> Impact Level: Application<BR><BR> Affected Software/OS:<BR> PHP version 5.4.0<BR><BR> Fix: Upgrade to PHP 5.4.1RC1-DEV or 5.5.0-DEV or later.<BR> For updates refer to http://php.net/downloads.php<BR><BR> References:<BR> https://bugs.php.net/bug.php?id=61461<BR> http://www.1337day.com/exploits/17831<BR> http://www.securityfocus.com/bid/52704<BR> http://xforce.iss.net/xforce/xfdb/74317<BR> http://www.exploit-db.com/exploits/18665<BR> http://packetstormsecurity.org/files/111163/PHP-5.4.0-Denial-Of-Service.html <BR>
[type] => HOLE
[static_description] => <BR> Overview: This host is running PHP Built-in WebServer and is prone to denial<BR> of service vulnerability.<BR><BR> Vulnerability Insight:<BR> The flaw is due to an error when processing HTTP request with a large<BR> 'Content-Length' header value and can be exploited to cause a denial of<BR> service via a specially crafted packet.<BR><BR> Impact:<BR> Successful exploitation may allow remote attackers to cause the application<BR> to crash, creating a denial-of-service condition.<BR><BR> NOTE: This NVT reports, If similar vulnerability present in different<BR> web-server.<BR><BR> Impact Level: Application<BR><BR> Affected Software/OS:<BR> PHP version 5.4.0<BR><BR> Fix: Upgrade to PHP 5.4.1RC1-DEV or 5.5.0-DEV or later.<BR> For updates refer to http://php.net/downloads.php<BR><BR> References:<BR> https://bugs.php.net/bug.php?id=61461<BR> http://www.1337day.com/exploits/17831<BR> http://www.securityfocus.com/bid/52704<BR> http://xforce.iss.net/xforce/xfdb/74317<BR> http://www.exploit-db.com/exploits/18665<BR> http://packetstormsecurity.org/files/111163/PHP-5.4.0-Denial-Of-Service.html
[risk] => high
[title] => PHP Built-in WebServer 'Content-Length' Denial of Service Vulnerability
[cat] => Web Servers
[cve] => NOCVE
[entrykey] => 1100005104_93
[shortkey] => 93
)
[1100005104_35] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.102014
[shortid] => 102014
[ip] => 192.168.1.1
[port] => nfs (2049/udp)
[description] => Here is the export list of dt3.local : <BR>/mnt/sdb1 192.168.1.101/255.255.255.25510.0.0.0/255.0.0.0<BR><BR>
[type] => HOLE
[static_description] => <BR>This plugin lists NFS exported shares, and warns if some of<BR>them are readable.<BR><BR>It also warns if the remote NFS server is superfluous.<BR><BR>Tested on Ubuntu/Debian mountd<BR><BR>References:<BR> rfc 1057<BR> rfc 1094<BR><BR>Thanks to Wireshark!<BR>
[risk] => high
[title] => NFS export
[cat] => Remote file access
[cve] => CVE-1999-0554,CVE-1999-0548
[entrykey] => 1100005104_35
[shortkey] => 35
)
[1100005104_61] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.51279
[shortid] => 51279
[ip] => 192.168.1.1
[port] => domain (53/tcp)
[description] => <BR>The remote BIND server, according to its version number, is vulnerable<BR>to Denial of Service attacks as a result of a flaw in the implementation<BR>of 'authvalidator()'<BR><BR>Solution : Upgrade to version 9.3.1 or later.<BR>Risk factor : High<BR>
[type] => HOLE
[static_description] => <BR>The remote BIND server, according to its version number, is vulnerable<BR>to Denial of Service attacks as a result of a flaw in the implementation<BR>of 'authvalidator()'<BR><BR>Solution : Upgrade to version 9.3.1 or later.<BR>Risk factor : High
[risk] => high
[title] => BIND authvalidator Denial of Service
[cat] => Denial of Service
[cve] => CAN-2005-034
[entrykey] => 1100005104_61
[shortkey] => 61
)
[1100005104_56] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.50276
[shortid] => 50276
[ip] => 192.168.1.1
[port] => ident (113/tcp)
[description] => <BR>The remote host appears to be infected with the<BR>W32.Korgo.S trojan. This trojan allows<BR>remote access to your system via ports 113 and<BR>a randomly selected port in the range 2000-8191.<BR> <BR>Solution: Use an Anti-Virus package to remove it.<BR>http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.s.html<BR> <BR>Risk factor : Critical<BR>
[type] => HOLE
[static_description] => <BR>The remote host appears to be infected with the<BR>W32.Korgo.S trojan. This trojan allows<BR>remote access to your system via ports 113 and<BR>a randomly selected port in the range 2000-8191.<BR> <BR>Solution: Use an Anti-Virus package to remove it.<BR>http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.s.html<BR> <BR>Risk factor : Critical
[risk] => high
[title] => W32.Korgo.S Detect
[cat] => Backdoors
[cve] => NOCVE
[entrykey] => 1100005104_56
[shortkey] => 56
)
[1100005104_52] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.50166
[shortid] => 50166
[ip] => 192.168.1.1
[port] => ident (113/tcp)
[description] => <BR>The remote host appears to be infected with the<BR>W32.Gaobot.BQJ trojan. This trojan allows<BR>remote access to your system via identd on port 113.<BR> <BR>***WARNING: We did not attempt to communicate with the trojan,<BR>only verified that the port normally used by it was open. It<BR>is possible that you may be running a different service on<BR>this port.<BR><BR>Solution: Use an Anti-Virus package to remove it.<BR>http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.bqj.html<BR> <BR>Risk factor : Critical<BR>
[type] => HOLE
[static_description] => <BR>The remote host appears to be infected with the<BR>W32.Gaobot.BQJ trojan. This trojan allows<BR>remote access to your system via identd on port 113.<BR> <BR>***WARNING: We did not attempt to communicate with the trojan,<BR>only verified that the port normally used by it was open. It<BR>is possible that you may be running a different service on<BR>this port.<BR><BR>Solution: Use an Anti-Virus package to remove it.<BR>http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.bqj.html<BR> <BR>Risk factor : Critical
[risk] => high
[title] => W32.Gaobot.BQJ Detect
[cat] => Backdoors
[cve] => NOCVE
[entrykey] => 1100005104_52
[shortkey] => 52
)
[1100005104_76] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.12209
[shortid] => 12209
[ip] => 192.168.1.1
[port] => microsoft-ds (445/tcp)
[description] => <BR>The remote host seems to be running a version of Microsoft OS <BR>which is vulnerable to several flaws, ranging from denial of service<BR>to remote code execution. Microsoft has released a Hotfix (KB835732)<BR>which addresses these issues.<BR><BR>Solution : Install the Windows cumulative update from Microsoft<BR><BR>See also : http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx<BR><BR>Risk factor : High<BR>
[type] => HOLE
[static_description] => <BR>The remote host seems to be running a version of Microsoft OS <BR>which is vulnerable to several flaws, ranging from denial of service<BR>to remote code execution. Microsoft has released a Hotfix (KB835732)<BR>which addresses these issues.<BR><BR>Solution : Install the Windows cumulative update from Microsoft<BR><BR>See also : http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx<BR><BR>Risk factor : High
[risk] => high
[title] => Microsoft Hotfix for KB835732 (SMB check)
[cat] => Windows
[cve] => NOCVE
[entrykey] => 1100005104_76
[shortkey] => 76
)
[1100005104_88] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11454
[shortid] => 11454
[ip] => 192.168.1.1
[port] => microsoft-ds (445/tcp)
[description] => <BR>The account 'administrator'/'' is valid. <BR>The worm W32/Deloder may use it to break into the remote host<BR>and upload infected data in the remote shares<BR><BR>See also : CERT advisory CA-2003-08<BR>Solution : Change your administrator password to a stronger one<BR>Risk factor : High<BR>
[type] => HOLE
[static_description] => <BR>W32/Deloder is a worm that contains a list of built-in administrator<BR>passwords and tries to connect to a remote share by using them.<BR><BR>This plugin attempts to log in using the passwords contained<BR>in this worm<BR><BR>Solution : Change your administrator password to a strong one<BR>Risk factor : High
[risk] => high
[title] => SMB log in with W32/Deloder passwords
[cat] => Windows
[cve] => NOCVE
[entrykey] => 1100005104_88
[shortkey] => 88
)
[1100005104_36] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.11356
[shortid] => 11356
[ip] => 192.168.1.1
[port] => nfs (2049/udp)
[description] => The following NFS shares could be mounted : <BR>+ /mnt/sdb1<BR> + Contents of /mnt/sdb1 : <BR> - ..<BR> - .<BR> - mirror.sh<BR> - dev<BR> - lost+found<BR> <BR><BR><BR>Make sure the proper access lists are set<BR>Risk factor : High<BR>
[type] => HOLE
[static_description] => <BR>This plugin attempts to mount each exported NFS shares,<BR>and issues a red alert if it succeeded.<BR><BR>Some old versions of nfsd do not do the proper checkings when<BR>it comes to NFS access controls, or the remote host may be <BR>badly configured.<BR><BR><BR>Risk factor : High
[risk] => high
[title] => Mountable NFS shares
[cat] => Remote file access
[cve] => CVE-1999-0170,CVE-1999-0211,CVE-1999-0554
[entrykey] => 1100005104_36
[shortkey] => 36
)
[1100005104_86] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10539
[shortid] => 10539
[ip] => 192.168.1.1
[port] => domain (53/tcp)
[description] => <BR>The remote name server allows recursive queries to be performed<BR>by the host running nessusd.<BR><BR>If this is your internal nameserver, then forget this warning.<BR><BR>If you are probing a remote nameserver, then it allows anyone<BR>to use it to resolve third parties names (such as www.nessus.org).<BR>This allows hackers to do cache poisoning attacks against this<BR>nameserver.<BR><BR>If the host allows these recursive queries via UDP,<BR>then the host can be used to 'bounce' Denial of Service attacks<BR>against another network or system.<BR><BR>See also : http://www.cert.org/advisories/CA-1997-22.html<BR><BR>Solution : Restrict recursive queries to the hosts that should<BR>use this nameserver (such as those of the LAN connected to it).<BR><BR>If you are using bind 8, you can do this by using the instruction<BR>'allow-recursion' in the 'options' section of your named.conf<BR><BR>If you are using bind 9, you can define a grouping of internal addresses<BR>using the 'acl' command<BR><BR>Then, within the options block, you can explicitly state:<BR>'allow-recursion { hosts_defined_in_acl }'<BR><BR>For more info on Bind 9 administration (to include recursion), see: <BR>http://www.nominum.com/content/documents/bind9arm.pdf<BR><BR>If you are using another name server, consult its documentation.<BR><BR>Risk factor : High<BR>
[type] => INFO
[static_description] => <BR>The remote name server allows recursive queries to be performed<BR>by the host running nessusd.<BR><BR>If this is your internal nameserver, then forget this warning.<BR><BR>If you are probing a remote nameserver, then it allows anyone<BR>to use it to resolve third parties names (such as www.nessus.org).<BR>This allows hackers to do cache poisoning attacks against this<BR>nameserver.<BR><BR>If the host allows these recursive queries via UDP,<BR>then the host can be used to 'bounce' Denial of Service attacks<BR>against another network or system.<BR><BR>See also : http://www.cert.org/advisories/CA-1997-22.html<BR><BR>Solution : Restrict recursive queries to the hosts that should<BR>use this nameserver (such as those of the LAN connected to it).<BR><BR>If you are using bind 8, you can do this by using the instruction<BR>'allow-recursion' in the 'options' section of your named.conf<BR><BR>If you are using bind 9, you can define a grouping of internal addresses<BR>using the 'acl' command<BR><BR>Then, within the options block, you can explicitly state:<BR>'allow-recursion { hosts_defined_in_acl }'<BR><BR>For more info on Bind 9 administration (to include recursion), see: <BR>http://www.nominum.com/content/documents/bind9arm.pdf<BR><BR>If you are using another name server, consult its documentation.<BR><BR>Risk factor : High
[risk] => high
[title] => Useable remote name server
[cat] => General
[cve] => CVE-1999-0024
[entrykey] => 1100005104_86
[shortkey] => 86
)
[1100005104_90] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10496
[shortid] => 10496
[ip] => 192.168.1.1
[port] => http (80/tcp)
[description] => <BR>The remote web server crashes when it is issued a too<BR>long argument to the 'Host:' field of an HTTP request.<BR><BR>An attacker may use this flaw to either completely prevent<BR>this host from serving web pages to the world, or to<BR>make it die by crashing several threads of the web server<BR>until the complete exhaustion of this host memory<BR><BR>Risk factor : High<BR>Solution : Upgrade your web server.<BR>
[type] => HOLE
[static_description] => <BR>The remote web server crashes when it is issued a too<BR>long argument to the 'Host:' field of an HTTP request.<BR><BR>An attacker may use this flaw to either completely prevent<BR>this host from serving web pages to the world, or to<BR>make it die by crashing several threads of the web server<BR>until the complete exhaustion of this host memory<BR><BR>Risk factor : High<BR>Solution : Upgrade your web server.
[risk] => high
[title] => Imail Host: overflow
[cat] => Denial of Service
[cve] => CVE-2000-0825
[entrykey] => 1100005104_90
[shortkey] => 90
)
[1100005104_91] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10496
[shortid] => 10496
[ip] => 192.168.1.1
[port] => swat (901/tcp)
[description] => <BR>The remote web server crashes when it is issued a too<BR>long argument to the 'Host:' field of an HTTP request.<BR><BR>An attacker may use this flaw to either completely prevent<BR>this host from serving web pages to the world, or to<BR>make it die by crashing several threads of the web server<BR>until the complete exhaustion of this host memory<BR><BR>Risk factor : High<BR>Solution : Upgrade your web server.<BR>
[type] => HOLE
[static_description] => <BR>The remote web server crashes when it is issued a too<BR>long argument to the 'Host:' field of an HTTP request.<BR><BR>An attacker may use this flaw to either completely prevent<BR>this host from serving web pages to the world, or to<BR>make it die by crashing several threads of the web server<BR>until the complete exhaustion of this host memory<BR><BR>Risk factor : High<BR>Solution : Upgrade your web server.
[risk] => high
[title] => Imail Host: overflow
[cat] => Denial of Service
[cve] => CVE-2000-0825
[entrykey] => 1100005104_91
[shortkey] => 91
)
[1100005104_78] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10396
[shortid] => 10396
[ip] => 192.168.1.1
[port] => microsoft-ds (445/tcp)
[description] => The following shares can be accessed using a NULL session :<BR><BR>- IPC$ - (, writeable?)<BR><BR><BR>Solution : To restrict their access under WindowsNT, open the explorer, do a right click on each,<BR>go to the 'sharing' tab, and click on 'permissions'<BR>Risk factor : High<BR>
[type] => HOLE
[static_description] => <BR>This script checks if we can access various<BR>NetBios shares<BR><BR>Risk factor : High
[risk] => high
[title] => SMB shares access
[cat] => Windows
[cve] => CVE-1999-0519,CVE-1999-0520
[entrykey] => 1100005104_78
[shortkey] => 78
)
[1100005104_55] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10273
[shortid] => 10273
[ip] => 192.168.1.1
[port] => swat (901/tcp)
[description] => <BR>SWAT (Samba Web Administration Tool) is running on this port.<BR><BR>SWAT allows Samba users to change their passwords, and offers to the sysadmin <BR>an easy-to-use GUI to configure Samba.<BR><BR>However, it is not recommended to let SWAT be accessed by the world, as it <BR>allows an intruder to attempt to brute force some accounts passwords.<BR><BR>In addition to this, the traffic between SWAT and web clients is not ciphered, <BR>so an eavesdropper can gain clear text passwords easily.<BR><BR>Solution: Disable SWAT access from the outside network by making your firewall <BR>filter this port.<BR><BR>If you do not need SWAT, disable it by commenting the relevant /etc/inetd.conf <BR>line.<BR>
[type] => HOLE
[static_description] => <BR>SWAT (Samba Web Administration Tool) is running on this port.<BR><BR>SWAT allows Samba users to change their passwords, and offers to the sysadmin <BR>an easy-to-use GUI to configure Samba.<BR><BR>However, it is not recommended to let SWAT be accessed by the world, as it <BR>allows an intruder to attempt to brute force some accounts passwords.<BR><BR>In addition to this, the traffic between SWAT and web clients is not ciphered, <BR>so an eavesdropper can gain clear text passwords easily.<BR><BR>Solution: Disable SWAT access from the outside network by making your firewall <BR>filter this port.<BR><BR>If you do not need SWAT, disable it by commenting the relevant /etc/inetd.conf <BR>line.
[risk] => high
[title] => Detect SWAT server port
[cat] => Service detection
[cve] => CVE-2000-0935
[entrykey] => 1100005104_55
[shortkey] => 55
)
[1100005104_57] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10235
[shortid] => 10235
[ip] => 192.168.1.1
[port] => unknown (37753/udp)
[description] => <BR>The statd RPC service is running. This service has a long history of <BR>security holes, so you should really know what you are doing if you decide<BR>to let it run.<BR><BR>*** No security hole regarding this program have been tested, so<BR>*** this might be a false positive.<BR><BR>Solution : We suggest that you disable this service.<BR>Risk factor : High<BR>
[type] => INFO
[static_description] => <BR>The statd RPC service is running. This service has a long history of <BR>security holes, so you should really know what you are doing if you decide<BR>to let it run.<BR><BR>*** No security hole regarding this program have been tested, so<BR>*** this might be a false positive.<BR><BR>Solution : We suggest that you disable this service.<BR>Risk factor : High
[risk] => high
[title] => statd service
[cat] => RPC
[cve] => CVE-1999-0018,CVE-1999-0019,CVE-1999-0493
[entrykey] => 1100005104_57
[shortkey] => 57
[baseline] => new
)
[1100005104_63] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10219
[shortid] => 10219
[ip] => 192.168.1.1
[port] => nfs (2049/udp)
[description] => <BR>The nfsd RPC service is running. In the past, this service has had bugs which allow an intruder to execute arbitrary commands on your system. In addition, FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier have a bug wherein sending a zero length packet to the RPC service will cause the operating system to hang.<BR><BR><BR>Solution : Make sure that you have the latest version of nfsd<BR><BR>Risk factor : High<BR>
[type] => INFO
[static_description] => <BR>The nfsd RPC service is running. In the past, this service has had bugs which allow an intruder to execute arbitrary commands on your system. In addition, FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier have a bug wherein sending a zero length packet to the RPC service will cause the operating system to hang.<BR><BR><BR>Solution : Make sure that you have the latest version of nfsd<BR><BR>Risk factor : High
[risk] => high
[title] => nfsd service
[cat] => RPC
[cve] => CVE-1999-0832,CVE-2002-0830
[entrykey] => 1100005104_63
[shortkey] => 63
)
[1100005104_59] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10216
[shortid] => 10216
[ip] => 192.168.1.1
[port] => unknown (738/tcp)
[description] => <BR>The fam RPC service is running. <BR>Several versions of this service have a well-known buffer overflow condition<BR>that allows intruders to execute arbitrary commands as root on this system.<BR><BR>Solution : disable this service in /etc/inetd.conf<BR>See also : http://www.nai.com/nai_labs/asp_set/advisory/16_fam_adv.asp<BR>Risk factor : High<BR>
[type] => INFO
[static_description] => <BR>The fam RPC service is running. <BR>Several versions of this service have a well-known buffer overflow condition<BR>that allows intruders to execute arbitrary commands as root on this system.<BR><BR>Solution : disable this service in /etc/inetd.conf<BR>See also : http://www.nai.com/nai_labs/asp_set/advisory/16_fam_adv.asp<BR>Risk factor : High
[risk] => high
[title] => fam service
[cat] => RPC
[cve] => CVE-1999-0059
[entrykey] => 1100005104_59
[shortkey] => 59
[baseline] => new
)
[1100005104_92] => stdClass Object
(
[repid] => 1100005104
[id] => 1.3.6.1.4.1.25623.1.0.10204
[shortid] => 10204
[ip] => 192.168.1.1
[port] => netbios-ssn (139/tcp)
[description] => A 'rfpoison' packet has been sent to the remote host.<BR>This packet is supposed to crash the 'services.exe' process,<BR>rendering the system instable.<BR>If you see that this attack was successful, have a look<BR>at this page : <BR> http://support.microsoft.com/support/kb/articles/Q231/4/57.ASP<BR>
[type] => INFO
[static_description] => It may be possible<BR>to make the remote server crash<BR>using the 'rfpoison' attack. <BR><BR>An attacker may use this flaw to<BR>shut down this server, thus <BR>preventing your network from<BR>working properly.<BR><BR><BR>Solution: See Microsoft Technet <BR>http://support.microsoft.com/support/kb/articles/Q231/4/57.ASP<BR><BR>Risk factor : High
[risk] => high
[title] => rfpoison
[cat] => Denial of Service
[cve] => CVE-1999-0980
[entrykey] => 1100005104_92
[shortkey] => 92
)
)
)
[ports] => Array
(
[0] => stdClass Object
(
[repid] => 1100005104
[hostip] => 192.168.1.1
[portnum] => 53
[portend] => -1
[portservice] => domain
[portprot] => TCP
)
[1] => stdClass Object
(
[repid] => 1100005104
[hostip] => 192.168.1.1
[portnum] => 80
[portend] => -1
[portservice] => http
[portprot] => TCP
)
[2] => stdClass Object
(
[repid] => 1100005104
[hostip] => 192.168.1.1
[portnum] => 111
[portend] => -1
[portservice] => sunrpc
[portprot] => TCP
)
[3] => stdClass Object
(
[repid] => 1100005104
[hostip] => 192.168.1.1
[portnum] => 113
[portend] => -1
[portservice] => ident
[portprot] => TCP
)
[4] => stdClass Object
(
[repid] => 1100005104
[hostip] => 192.168.1.1
[portnum] => 139
[portend] => -1
[portservice] => netbios-ssn
[portprot] => TCP
)
[5] => stdClass Object
(
[repid] => 1100005104
[hostip] => 192.168.1.1
[portnum] => 445
[portend] => -1
[portservice] => microsoft-ds
[portprot] => TCP
)
[6] => stdClass Object
(
[repid] => 1100005104
[hostip] => 192.168.1.1
[portnum] => 631
[portend] => -1
[portservice] => ipp
[portprot] => TCP
)
[7] => stdClass Object
(
[repid] => 1100005104
[hostip] => 192.168.1.1
[portnum] => 901
[portend] => -1
[portservice] => swat
[portprot] => TCP
)
[8] => stdClass Object
(
[repid] => 1100005104
[hostip] => 192.168.1.1
[portnum] => 2049
[portend] => -1
[portservice] => nfs
[portprot] => TCP
)
[9] => stdClass Object
(
[repid] => 1100005104
[hostip] => 192.168.1.1
[portnum] => 3306
[portend] => -1
[portservice] => mysql
[portprot] => TCP
)
[10] => stdClass Object
(
[repid] => 1100005104
[hostip] => 192.168.1.1
[portnum] => 6543
[portend] => -1
[portservice] => lds-distrib
[portprot] => TCP
)
)
)
)
|