No Risk Security Audit Synopsis
Report ID: 1100083429
Review Status: Pending
Audit Queued: Apr 18, 2004 10:39 GMT
Audit Started: Apr 18, 2004 10:40 GMT
Audit Completed: Apr 18, 2004 12:11 GMT
Host address(es): xxxxxxxxx
Report Contents
1. Risk Classification Summary
2. Baseline Comparison Control
3. Vulnerability Category Summary
4. Vulnerability Title Summary
5. Vulnerability Details
6. Open Ports
Appendix A: Risk Definitions
1. Risk Classification Summary
Vulnerabilities are classified according to the risk they present to the network/host on which they are found. The following chart summarizes how the 10 different issues we found are spread across the different risk classes. For a detailed explanation of how vulnerabilities are classified, see Appendix A: Risk Definitions
2. Baseline Comparison Control
Baselining allows you to compare the results of an audit to the results received in a previous audit. This provides for an easy way to see what is changing from one audit to the next. This section documents which audit was used as a baseline, allows you to select a different audit to use as a baseline, and allows you to mark the current audit as something that should be used when running future baseline comparisons.
Note that you have a fair bit of control over the types of baseline comparison information displayed in your report by using our Report Style Editor. The default is to display ALL test results in your current report, along with notes as to which results are different from the previous report.
According to your current report style, baseline comparisons are: Enabled
Comparisons have been done against the report: Report ID:
Most recent audit in your account.
Make this audit a preferred baseline for use in comparing to other audits:
3. Vulnerability Category Summary
The vulnerability category summary shows how the various issues that were reported are distributed across the different test categories.
Category High Med Low Other
CGI abuses
Windows
Denial of Service
Gain root remotely
General 4 3
Misc. 1
FTP
Gain a shell remotely
Remote file access
SMTP problems
Backdoors
CISCO
RPC
Default Unix Accounts
Firewalls
Windows : User management
Useless services
Peer-To-Peer File Sharing
SNMP
Finger abuses
Settings
Netware
Port scanners
NIS
Totals: 1 1 5 3
4. Vulnerability Title Summary
High Risk Vulnerabilities
Information omitted.
Medium Risk Vulnerabilities
Information omitted.
Low Risk Vulnerabilities
11002 General : DNS Server Detection
10882 General : SSH protocol version 1 enabled
10728 General : Determine if Bind 9 is running
10287 Misc. : Traceroute
10267 General : SSH Server type and version
Other Items to be Considered
12053 General : Host FQDN
11951 General : DNS Server Fingerprint
10881 General : SSH protocol versions supported
5. Vulnerability Details
Information omitted.
Information omitted.
11002 General: DNS Server Detection
Description
domain (53/udp)
A DNS server is running on this port. If you do not use it, disable it.
Risk factor : Low
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Edit Disposition
Corrected False Positive Non-Impacting Other
10882 General: SSH protocol version 1 enabled
Description
ssh (22/tcp)
The remote SSH daemon supports connections made using the version 1.33 and/or 1.5 of the SSH protocol.
These protocols are not completely cryptographically safe so they should not be used.
Solution :
If you use OpenSSH, set the option 'Protocol' to '2'
If you use SSH.com's set the option 'Ssh1Compatibility' to 'no'
Risk factor : Low
Additional Information:
This test is a member of the SANS/FBI Top 20 Security Threats for 2003, a list of vulnerabilities that are among the most most likely attack vectors used to compromise systems.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Edit Disposition
Corrected False Positive Non-Impacting Other
10728 General: Determine if Bind 9 is running
Description
domain (53/tcp)
It was possible to determine that the remote BIND server is running bind 9.x by querying it for the AUTHORS
map.
It is recommended you change the source code to prevent attackers from fingerprinting your server.
Risk factor : Low
Additional Information:
This test is a member of the SANS/FBI Top 20 Security Threats for 2003, a list of vulnerabilities that are among the most most likely attack vectors used to compromise systems.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Edit Disposition
Corrected False Positive Non-Impacting Other
10287 Misc.: Traceroute
Description
general/udp
For your information, here is the traceroute to xx.yy.xx.zz :
69.28.227.212
69.28.226.193
216.187.68.5
216.187.68.218
xx.yy.xx.zz
xx.yy.xx.zz
xx.yy.xx.zz
?
Makes a traceroute to the remote host.
Risk factor : Low
Additional Information:
Traceroute is only a problem if the route shown above is revealing sensitive IP addresses internal to your network. If the addresses shown are all upstream to you, then you have no risk associated with this test. If, on the other hand, we are showing private addresses on the traceroute, you should consider filtering ICMP Destination Unreachable (Code 3) and ICMP Time Exceeded (Code 11) messages.
This implementation of traceroute works by sending UDP packets with a source port of 1025 and a destination port of 32768 with increasing TTL values.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Edit Disposition
Corrected False Positive Non-Impacting Other
10267 General: SSH Server type and version
Description
ssh (22/tcp)
Remote SSH version : SSH-1.99-OpenSSH_3.7.1p2
This detects the SSH Server's type and version by connecting to the server and processing the buffer received. This information gives potential attackers additional information about the system they are attacking. Versions and Types should be omitted where possible.
Solution: Apply filtering to disallow access to this port from untrusted hosts
Risk factor : Low
Additional Information:
This test is a member of the SANS/FBI Top 20 Security Threats for 2003, a list of vulnerabilities that are among the most most likely attack vectors used to compromise systems.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Edit Disposition
Corrected False Positive Non-Impacting Other
12053 General: Host FQDN
Description
general/tcp
xx.yy.xx.zz resolves as msmittens.com.
This plugin writes the host FQDN as it could be resolved in the report. There is no security issue associated to it.
Risk factor : None
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Edit Disposition
Corrected False Positive Non-Impacting Other
11951 General: DNS Server Fingerprint
Description
domain (53/udp)
Nessus was not able to reliable identify the remote DNS server type.
It might be :
ISC BIND 9.2.2
The fingerprint differs from these known signatures on 1 points.
If you know which DNS server this host is actually running, please send this signature to
dns-signatures@nessus.org :
4q:5:5:1q:2:1q:1q:1q:1q:0TC:0AAXD:0X:0X:0X:0X:0X:4q:4q:4q:0X:0X:5:0AAXD:
This script attempts to identify the remote DNS server type and version by sending various invalid requests to the remote DNS server and analyzing the error codes returned.
See also :
http://cr.yp.to/surveys/dns1.html
Risk factor : None
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Edit Disposition
Corrected False Positive Non-Impacting Other
10881 General: SSH protocol versions supported
Description
ssh (22/tcp)
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.33
. 1.5
. 1.99
. 2.0
This plugin determines which versions of the SSH protocol the remote SSH daemon supports
Risk factor : None
Additional Information:
This test is a member of the SANS/FBI Top 20 Security Threats for 2003, a list of vulnerabilities that are among the most most likely attack vectors used to compromise systems.
*** Baseline Alert ***
This vulnerability is new to your system, based on the baseline comparison done.
Edit Disposition
Corrected False Positive Non-Impacting Other
6. Open Ports on xxxxx
Number of open ports found by port scan:0
While having 0 ports open is very good, you should be aware that this does not guarantee you are secure. You need to consider the following items:
* The port scan did not include UDP ports
* Vulnerabilities such as trojans that "phone home" cannot be detected by a port scan
* You may not be protected from email viruses
Appendix A: Risk Definitions
Users should note that test classifications are subjective, although we do our best to make appropriate classifications. If you spot an inconsistency, please let us know so that we can make the appropriate corrections.
High Risk Vulnerabilities
We view this class as any test that can be used to breach the integrity of the system, or take the system or a service off line (DoS). These types of vulnerabilities are typically very easy for malicious users to take advantage of.
Medium Risk Vulnerabilities
We view this class as any test that may be able to access inappropriate data in the system, which may in turn be combined with other information to provide a subsequent compromise. Although more difficult to take advantage of, these problems should still be rectified.
Low Risk Vulnerabilities
We view these vulnerabilities as problems typically only if the information they provide or access granted can be used in conjunction with a one or more other vulnerabilities to compromise your system or network. These vulnerabilities are usually not problems in their own right, but could potentially lead to problems in conjunction with other services.
Other Items to be Considered
This class of problems is used both to display informational items that are usually not problems but that you should be aware of (e.g. the "traceroute" determined from our systems to your site), or problems that have not, for one reason or another, been categorized into one of the other risk levels.
==================================
Appendix B: CVE Versioning
CVE identifiers, an industry standard way of identifying tests, are maintained by Mitre. The current mapping of CVE/CAN identifiers to Test IDs is based on CVE Version Number 20030402, and CAN Version Number 20040406. These were verified on April 14, 2004 as being the latest available.