More Windows vulnerabilities
More windows vulnerabilities:
Source: http://www.securityspace.com
Title: Windows Terminal Service Enabled
ID: 10940
Category: Useless services
URL: http://www.securityspace.com/smysecu....html?id=10940
Summary: Connects to the remote terminal server
Description:
The Terminal Services are enabled on the remote host.
Terminal Services allow a Windows user to remotely obtain
a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access
on the remote host.
Solution : Disable the Terminal Services if you do not use them
Risk factor : Low
Title: IPSEC IKE check
ID: 10941
Category: Denial of Service
URL: http://www.securityspace.com/smysecu....html?id=10941
Summary: IPSEC IKE check
Description:
The remote IPSEC server seems to have a problem negotiating
bogus IKE requests.
An attacker may use this flaw to disable your VPN remotely
Solution: Contact your vendor for a patch
Risk factor: High
Title: Check for a Citrix server
ID: 10942
Category: Useless services
URL: http://www.securityspace.com/smysecu....html?id=10942
Summary: CITRIX check
Description:
A Citrix server is running on this machine.
Citrix servers allow a Windows user to remotely
obtain a graphical login (and therefore act as a local
user on the remote host).
If an attacker gains a valid login and password, he may
be able to use this service to gain further access on
the remote host
Solution: Disable this service if you do not use it. Also, make sure that the SECURE ICA option pack has been installed
Risk factor: Low
Title: Apache Remote Command Execution via .bat files
ID: 10938
Category: CGI abuses
URL: http://www.securityspace.com/smysecu....html?id=10938
Summary: Tests for presence of Apache Command Execution via .bat vulnerability
Description:
The Apache 2.0.x Win32 installation is shipped with a default script, /cgi-bin/test-cgi.bat, that allows an attacker to execute commands on the Apache server (although it is reported that any .bat file could open this vulnerability.)
An attacker can send a pipe character '|' with commands appended as parameters, which are then executed by Apache.
Solution:
This bug is fixed in 1.3.24 and 2.0.34-beta, or remove /cgi-bin/test-cgi.bat
Risk factor : High