|
|
Open Ports Found: 8 (High:0 Low:8)
| Port No | Protocol | Service | Details | ||
|---|---|---|---|---|---|
| 22 | tcp | ssh | SSH-1.99-OpenSSH_3.4p1 | ||
| 25 | tcp | smtp | 220 mail.example.com ESMTP Sendmail 8.10.2 8.10.2 Sun, 13 Apr 2003 16 09 09 +0100 | ||
| 110 | tcp | pop3 | +OK Qpopper (version 4.0.4) at mail.example.com starting. | ||
| 143 | tcp | imap | * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS AUTH=LOGIN] mail.example.com IMAP4rev1 2001.315 at Sun, 13 Apr 2003 16 09 05 +0100 (BST) | ||
|
0 | icmp | echo reply | Response Received | |
|
|
3 | icmp | protocol unreachable | Response Received | |
|
|
3 | icmp | port unreachable | Response Received | |
|
|
14 | icmp | timestamp reply | Timestamp is 10:21:58 (Windows style) |
Vulnerabilities Found: 7 (High:1 Medium:3 Low:3)
| Vulnerability | 11316 | Sendmail < 8.12.8 Header Buffer Overflow | High Risk |
|---|
| Description | According to its banner, the remote sendmail server is vulnerable to a buffer overflow in its header parsing code. This allows remote users to crash the service, and may allow them to execute arbitrary commands as the owner of the sendmail process, usually root. It may also be vulnerable to a flaw in smrsh which allows local users to escalate their privileges. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to 8.12.8 or newer, or apply a patch | ||||
| References | CAN-2002-1165 CVE-2001-1349 CVE-2002-1337 | ||||
| First Found | 13 November 2002 | Port | 25/tcp | Last 6 Months |
|
| Vulnerability | 10249 | SMTP Server Allows VRFY/EXPN | Medium Risk |
|---|
| Description | The remote SMTP server allows the VRFY and/or EXPN commands. These can be used to check the validity of accounts, find the delivery address of mail aliases, or even determine the full name of a recipient. An attacker could use this information to focus their attacks, or aid social engineering. This leakage is unnecessary so you should turn off these commands. | ||||
|---|---|---|---|---|---|
| Solution | If you are using sendmail, add the configuration directive 'PrivacyOptions=goaway'. For other mail daemons, consult the documentation. | ||||
| References | CAN-1999-0531 | ||||
| First Found | 13 March 2003 | Port | 25/tcp | Last 6 Months |
|
| Vulnerability | 10809 | Sendmail -bt option | Medium Risk |
|---|
| Description | According to its banner, the remote sendmail server may be vulnerable to the -bt overflow attack which allows any local user to execute arbitrary commands as root. Note: This vulnerability is local only |
||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. | ||||
| First Found | 13 February 2003 | Port | 25/tcp | Last 6 Months |
|
| Vulnerability | 11574 | Portable OpenSSH PAM timing attack | Medium Risk |
|---|
| Description | When using PAM for authentication versions of portable OpenSSH < 3.6.1p2 are vulnerable to a timing attack. This attack allows a remote user to brute force passwords. Note: it is not possible to remotely determine if PAM is in use, so this may be a false positive. |
||||
|---|---|---|---|---|---|
| Solution | Upgrade to a non-affected version. | ||||
| References | CAN-2003-0190 | ||||
| First Found | 13 March 2003 | Port | 22/tcp | Last 6 Months |
|
| Vulnerability | 10114 | Host Responded to ICMP Timestamp Request
|
Low Risk |
|---|
| Description | The target host responded to an ICMP timestamp request. This allows an attacker to determine the exact time and date set on your server. This information could be used in attacks against time-based authentication protocols. | ||||
|---|---|---|---|---|---|
| Solution | Either disable timestamp replies, or filter them at your firewall. | ||||
| References | CAN-1999-0524 | ||||
| First Found | 13 April 2003 | Port | general/icmp | Last 6 Months |
|
| Vulnerability | 10882 | SSH Protocol Version 1 Enabled | Low Risk |
|---|
| Description | The remote SSH daemon allows connections using version 1.33 or 1.5 of the SSH protocol. These protocols are not completely cryptographically safe so they should not be used. They allow a passive eavesdropper to extract information, including the lengths of passwords and commands, and the ciphers being used. | ||||
|---|---|---|---|---|---|
| Solution | OpenSSH : Set the 'Protocol' option to '2' SSH.com : Set the 'Ssh1Compatibility' option to 'no' |
||||
| References | CAN-2001-0572 | ||||
| First Found | 13 November 2002 | Port | 22/tcp | Last 6 Months |
|
| Vulnerability | 90001 | Holes Detected in Firewall Configuration | Low Risk |
|---|
| Description | This host is protected by a firewall. Incoming TCP connections to most ports are blocked, however some ports were discovered where the firewall allows connections, but no service is running. This often indicates a firewall configuration error. The affected ports are: 80,443 |
||||
|---|---|---|---|---|---|
| Solution | Reconfigure your firewall to block all ports that you are not running services on. | ||||
| References | Firewalls FAQ | ||||
| First Found | 13 March 2003 | Port | general/tcp | Last 6 Months |
|
Vulnerabilities Fixed Since Last Month: 1 (High:0 Medium:1 Low:0)
| Vulnerability | 10965 | SSH 3 AllowedAuthentication | Medium Risk |
|---|
| Description | According to its banner, the remote server is running a version of SSH which is between 3.0.0 and 3.1.2. There is a vulnerability in this release that may, under some circumstances, allow users to authenticate using a password whereas it is not explicitely listed as a valid authentication mecanism. An attacker may use this flaw to attempt to brute force a password using a dictionnary attack (if the passwords used are weak). | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to version 3.1.2 of SSH which solves this problem. | ||||
| References | Bugtraq ID 4810 | ||||
| First Found | 13 March 2003 | Port | No information available | Last 6 Months |
|
Historical Information
