Report ID	1
View Created On:	Jan 1, 1970 00:00 GMT
Host Address(es):	X.X.X.X

1. Risk Classification Summary
2. Baseline Comparison Control
3. Vulnerability Category Summary
4. Vulnerability Title Summary
5. Vulnerability Details
6. Open Ports
Appendix A: Risk Definitions
Appendix B: CVE Versioning
Appendix C: List of Tests Executed

Vulnerabilities are classified according to the risk they present to the network/host on which they are found. The following chart summarizes how the 0 different issues we found are spread across the different risk classes. For a detailed explanation of how vulnerabilities are classified, see Appendix A: Risk Definitions

Baselining allows you to compare the results of an audit to the results received in a previous audit. This provides for an easy way to see what is changing from one audit to the next. This section documents which audit was used as a baseline, allows you to select a different audit to use as a baseline, and allows you to mark the current audit as something that should be used when running future baseline comparisons.

Note that you have a fair bit of control over the types of baseline comparison information displayed in your report by using our Report Style Editor. The default is to display ALL test results in your current report, along with notes as to which results are different from the previous report.

According to your current report style, baseline comparisons are:	Enabled
No audit could be found against which a comparison could be done according to the current baselining rules.

The vulnerability category summary shows how the various issues that were reported are distributed across the different test categories.

Category	High	Med	Low	Other
Fedora Local Security Checks
SuSE Local Security Checks
Web application abuses
Debian Local Security Checks
Ubuntu Local Security Checks
Huawei EulerOS Local Security Checks
General
CentOS Local Security Checks
Red Hat Local Security Checks
Mandrake Local Security Checks
Windows : Microsoft Bulletins
Product detection
Gentoo Local Security Checks
FreeBSD Local Security Checks
Denial of Service
Oracle Linux Local Security Checks
CGI abuses
Databases
Amazon Linux Local Security Checks
Policy
CISCO
Web Servers
Buffer overflow
Slackware Local Security Checks
Windows
Conectiva Local Security Checks
IT-Grundschutz-deprecated
Service detection
Backdoors
Mageia Linux Local Security Checks
Turbolinux Local Security Tests
Default Accounts
Mac OS X Local Security Checks
FTP
Gain a shell remotely
IT-Grundschutz
Nmap NSE net
Trustix Local Security Checks
Nmap NSE
JunOS Local Security Checks
F5 Local Security Checks
Huawei
Remote file access
Gain root remotely
SMTP problems
Privilege escalation
Misc.
IT-Grundschutz-15
SSL and TLS
AIX Local Security Checks
CGI abuses : XSS
VMware Local Security Checks
Malware
RPC
Palo Alto PAN-OS Local Security Checks
FortiOS Local Security Checks
Citrix Xenserver Local Security Checks
Windows : User management
SNMP
Useless services
Peer-To-Peer File Sharing
Firewalls
HP-UX Local Security Checks
Settings
Brute force attacks
Compliance
Port scanners
Finger abuses
Credentials
NIS
Solaris Local Security Checks
Totals:	0	0	0	0

Port	Protocol	Probable Service
21	TCP	ftp
	You appear to be running an ftp server. You should take care of the following potential problem areas: Logins If you are allowing people to ftp to their account, their userid and password is traveling clear text over the internet. This means anyone sniffing network traffic has easy access to userid/password. Writable directories If you allow document uploads via anonymous ftp, you might be used as an "exchange point" for illicit materials. Bounce-attack scans If you are running an older version of ftp on a network, you may be susceptible to a type of port scan known as a bounce attack, that completely bypasses any firewalls you have in place. This attack makes use of some ftp servers' ability to initiate outbound connections to any IP address. From the nmap documentation: FTP bounce attack : An interesting "feature" of the ftp protocol (RFC 959) is support for "proxy" ftp connections. In other words, I should be able to connect from evil.com to the FTP server-PI (protocol interpreter) of target.com to establish the control communication connection. Then I should be able to request that the server-PI initiate an active server-DTP (data transfer process) to send a file ANYWHERE on the internet! Presumably to a User-DTP, although the RFC specifically states that asking one server to send a file to another is OK. Now this may have worked well in 1985 when the RFC was just written. But nowadays, we can't have people hijacking ftp servers and requesting that data be spit out to arbitrary points on the internet. As *Hobbit* wrote back in 1995, this protocol flaw "can be used to post virtually untraceable mail and news, hammer on servers at various sites, fill up disks, try to hop firewalls, and generally be annoying and hard to track down at the same time." What we will exploit this for is to (surprise, surprise) scan TCP ports from a "proxy" ftp server. Thus you could connect to an ftp server behind a firewall, and then scan ports that are more likely to be blocked (139 is a good one). If the ftp server allows reading from and writing to a directory (such as /incoming), you can send arbitrary data to ports that you do find open. For port scanning, our technique is to use the PORT command to declare that our passive "User-DTP" is listening on the target box at a certain port number. Then we try to LIST the current directory, and the result is sent over the Server-DTP channel. If our target host is listening on the specified port, the transfer will be successful (generating a 150 and a 226 response). Otherwise we will get "425 Can't build data connection: Connection refused." Then we issue another PORT command to try the next port on the target host. The advantages to this approach are obvious (harder to trace, potential to bypass firewalls). The main disadvantages are that it is slow, and that some FTP servers have finally got a clue and disabled the proxy "feature".
22	TCP	ssh
	You appear to be running SSH. That's good. A couple of things to note with it, however. Like any other software package, SSH is also subject to bugs that are fixed over time. These bugs, despite the fact that SSH provides a secure communication channel, may allow an attacker to compromise your system. You should ensure that you are running the latest SSH/patched versions.
25	TCP	smtp
	You appear to be to be running a mail gateway. You should make sure that your mail system cannot be used as a mail relay. Internet SPAM, also known as UBE (unsolicited bulk email) is a problem on the internet, and spammers (those that send this type of mail) will often use poorly configured mail systems to deliver mail on their behalf. This deflects the wrath of many system administrators to YOU, the owner/operator of the misconfigured service. It can also result in you being placed in one of several on-line databases that list you as allowing mail-relay, the end-result being that some mail systems will reject any mail you try to send.
80	TCP	http
	It appears that you are running a web server. If you have not done so, we recommend that you run the latest version of a popular web server. Many "fringe market" web servers have known bugs that are slow to be fixed because few people care about the problems. These problems can often leave you open to someone accessing/modifying files on your system that they shouldn't. By running a popular web server, you lower the risk of this type of problem, and when problems are found, it is likely that a patch will be made available rapidly to fix the problem. Check our survey to see what the most popular web servers are.
5432	TCP	postgres
	No description available for this port at this time.
Number of open ports found by port scan:5

Users should note that test classifications are subjective, although we do our best to make appropriate classifications. If you spot an inconsistency, please let us know so that we can make the appropriate corrections.

CVE identifiers, an industry standard way of identifying tests, are maintained by Mitre. The current mapping of CVE/CAN identifiers to Test IDs is based on CVE Version Number 20211016, and CAN Version Number 20211016. These were verified on October 16, 2021 as being the latest available.

This supplement details the list of all tests that were available as part of this audit request. THIS IS A LARGE REPORT! It does not provide any information on vulnerabilities found during the audit. Instead, it is a complete list of all tests that were part of this audit, along with descriptions. If you intend to print this report, please choose the printer friendly link below. The size of the report will vary depending on the type of audit you ran, but can easily be 200 pages long when printed, and more than 600K in size.

Finally, please note that this list is dependent on the audit you ran. If you come back in a month and run the same audit again, it is likely that this supplement will change, since additional tests will have probably been added to the test suite. Each audit report we produce has its own copy of this supplement that reflects the test suite available at the time this audit was run.

Because of the large size of this report, it may take several minutes for it to be displayed properly on some browsers once the complete report is downloaded (e.g. Netscape). Be patient, it will come up eventually.

View Test List     Printer Friendly Test List      PDF Download