|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vulnerability Name: |
|
chargen service enabled |
| |
Level of Risk: |
|
60 |
|
 |
| |
Description: |
|
NetRecon has discovered a network resource running the chargen service.
The chargen service causes a TCP server to send a continual stream of characters to the client until the client terminates the connection. chargen can be used legitimately for a number of testing purposes.
Because chargen produces a continual stream of characters, it is susceptible to misuse for denial of service attacks. For example, spoofed packets can link the chargen port to the echo port, creating an infinite loop. This type of attack consumes increasing amounts of network bandwidth, degrading network performance or, in some cases, completely disabling portions of a network. |
| |
Solution: |
|
To avoid this type of attack, disable the chargen service. Additionally, monitoring attempted access to the chargen service can tip you off to the presence of potential attackers.
AXENT's Intruder Alert can be used to disable and monitor attempted connections to this service.
Microsoft has released a hotfix to address chargen attacks directed at Windows NT 4.0 Simple TCP/IP services. The hotfix can be downloaded from:
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes
/usa/nt40/hotfixes-postSP3/simptcp-fix (1) |
| |
Additional Information: |
| |
Links: |
|
1. ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/simptcp-fix
|
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
proxy.ccm.itesm.mx |
|
148.241.155.240, proxy.ccm.itesm.mx, 148.241.155.240, proxy.ccm.itesm.mx |
|
IP host; System V 4; SunOS 5.x+; SunOS 5.6 |
|
Protocol = TCP; Port = 19; Service = chargen |
| |
| |
Vulnerability Name: |
|
daytime service enabled |
| |
Level of Risk: |
|
11 |
|
 |
| |
Description: |
|
NetRecon has discovered a network resource running the daytime service.
The daytime service returns the date and time.
The format of the daytime service can sometimes tell an attacker something about a network resource, such as the operating system it's running. This service is potentially vulnerable to misaddressed packet attacks, which can link the daytime port to the echo port, etc., consuming network bandwidth. |
| |
Solution: |
|
You should disable this service if it isn't needed. Additionally, monitoring attempted access to disabled services can tip you off to the presence of attackers.
AXENT's Intruder Alert can be used to disable and monitor attempted connections to this service. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Protocol = TCP; Port = 13; Service = daytime |
| |
| |
Vulnerability Name: |
|
discard service enabled |
| |
Level of Risk: |
|
15 |
|
|
| |
Description: |
|
NetRecon has discovered a network resource running the discard service.
The discard service reads packets sent to it and then discards them.
Receiving a connect response from any service verifies that a network resource exists. |
| |
Solution: |
|
You should disable this service if it isn't needed. Additionally, monitoring attempted access to disabled services can tip you off to the presence of attackers.
AXENT's Intruder Alert can be used to disable and monitor attempted connections to this service. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Protocol = TCP; Port = 9; Service = discard |
| |
| |
Vulnerability Name: |
|
echo service enabled |
| |
Level of Risk: |
|
60 |
|
|
| |
Description: |
|
NetRecon has discovered a network resource running the echo service.
The echo service causes a server to return whatever a client sends. It can be used for a number of testing purposes, much like chargen .
Since the echo port returns whatever is sent to it, it is susceptible to attacks that create false return addresses. For example, spoofed packets can link the echo port to the chargen port, creating an infinite loop. This type of attack consumes increasing amounts of network bandwidth, degrading network performance or, in some cases, completely disabling portions of a network. |
| |
Solution: |
|
To avoid this type of attack, disable the echo service. Additionally, monitoring attempted access to the echo service can tip you off to the presence potential attackers.
AXENT's IntruderAlert can be used to disable and monitor attempted connections to this service. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Protocol = TCP; Port = 7; Service = echo |
| |
| |
Vulnerability Name: |
|
exec service enabled |
| |
Level of Risk: |
|
42 |
|
|
| |
Description: |
|
NetRecon has discovered a network resource running the exec service.
The exec service (also called rexec) provides remote command execution facilities with authentication based on user names and passwords.
Since the service relies on user names and passwords for authentication, it is vulnerable to user name and password guessing. |
| |
Solution: |
|
If possible, consider disabling the exec service. Additionally, monitoring attempted access to the exec service can tip you off to the presence potential attackers.
AXENT's IntruderAlert can be used to disable and monitor attempted connections to this service. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Protocol = TCP; Port = 512; Service = exec |
| |
| |
Vulnerability Name: |
|
finger service enabled |
| |
Level of Risk: |
|
37 |
|
|
| |
Description: |
|
NetRecon has discovered a network resource running the finger service.
The finger service allows remote users and processes to obtain information about system processes and individual users.
Among other things, finger can provide the following information to an attacker:
- Valid login names
- Users' full names
- Names of other systems
- A user's login shell |
| |
Solution: |
|
You should disable this service if it isn't needed. Additionally, monitoring attempted access to disabled services can tip you off to the presence of attackers.
AXENT's Intruder Alert can be used to disable and monitor attempted connections to this service. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Protocol = TCP; Port = 79; Service = finger |
| |
| |
Vulnerability Name: |
|
ftp service enabled |
| |
Level of Risk: |
|
42 |
|
|
| |
Description: |
|
NetRecon has discovered a network resource running the ftp service.
FTP (file transfer protocol) is a protocol for transferring files between systems. The ftp service is used by many applications for data communications. Some systems also allow users to connect to an ftp server to upload and download files.
ftp servers are vulnerable to a wide range of attacks designed to retrieve files without authorization (including password files) and execute commands on other parts of the server. |
| |
Solution: |
|
Obtain the latest patches from your vendor. Older versions of ftp on both UNIX and Windows NT contain many security holes. Don't allow anonymous ftp access unless it is absolutely necessary. Configure your system to log all ftp accesses and transfers and periodically check these logs for patterns of misuse.
Make sure the home directory of your ftp server is not writable and disallow connections from system IDs (including root, uucp, nobody, and bin).
AXENT's Intruder Alert can be used to monitor any connections to the ftp port. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Protocol = TCP; Port = 21; Service = ftp |
| |
| |
Vulnerability Name: |
|
http service enabled |
| |
Level of Risk: |
|
42 |
|
|
| |
Description: |
|
The http service is enabled. HTTP is the protocol used for the World Wide Web. There are many vulnerabilities associated with this service, and new security problems are being discovered with web software all the time.
The http service enabled means the system is running a web server (as opposed to being able to connect to the WWW via a browser). |
| |
Solution: |
|
Disable HTTP if it is not necessary (that system doesn't need to be a web server).
If HTTP is necessary and is used to host a public web site, consider placing the server in a demilitarized zone (DMZ) on a network segment isolated from systems containing sensitive data.
If HTTP is necessary only for internal use, restrict access from untrusted hosts with a firewall. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Service = http; Port = 8080; Protocol = TCP |
| |
| |
Vulnerability Name: |
|
IP address found from name |
| |
Level of Risk: |
|
5 |
|
|
| |
Description: |
|
NetRecon has successfully discovered the IP address of a network resource using its name.
If NetRecon discovers the names of any network resources (via Windows networking, for example), it attempts to obtain their IP address as well.
Finding the IP address of a network resource verifies that the resource exists. It also helps attackers identify TCP/IP networks to scan for further resources. Having an IP address also opens up the possibility of a wide range of TCP/IP information gathering (port scans, for example)and attacks. |
| |
Solution: |
|
Do not allow hosts outside your firewall to resolve internal IP addresses unless absolutely necessary. Public DNS should contain only public systems. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Alias = 148.241.155.240 |
| |
| |
Vulnerability Name: |
|
IP name obtained |
| |
Level of Risk: |
|
10 |
|
|
| |
Description: |
|
NetRecon has discovered the IP name of a network resource.
System names often reveal something about the system. For example, servers sometimes have the word server in the name, systems are named after their users, etc. Systems with an IP address but no name are usually either old, unused systems (which can be attacked with less risk of notice) or protected systems (containing highly significant information).
Knowing system names can, therefore, help attackers focus their attacks on key systems. |
| |
Solution: |
|
Do not allow hosts outside your firewall to resolve internal IP addresses unless absolutely necessary. Public DNS should contain only public systems. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Alias = proxy.ccm.itesm.mx |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vulnerability Name: |
|
login service enabled |
| |
Level of Risk: |
|
42 |
|
|
| |
Description: |
|
NetRecon has discovered a network resource running the login service.
The login service (sometimes referred to as rlogin ) allows remote users to obtain user and sometimes administrator access to a system.
Since the service relies on user names and passwords for authentication, it is vulnerable to user name and password guessing. |
| |
Solution: |
|
You should disable this service if it isn't needed. Additionally, monitoring attempted access to disabled services can tip you off to the presence of attackers.
AXENT's Intruder Alert can be used to disable and monitor attempted connections to this service. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Protocol = TCP; Port = 513; Service = login |
| |
| |
Vulnerability Name: |
|
network resource identified |
| |
Level of Risk: |
|
16 |
|
|
| |
Description: |
|
NetRecon has obtained information that helps to identify a particular network resource. This information could include full or partial identification of the operating system, server types (SMB server, for example), whether a machine is an IP host, etc.
This information can be used by an attackers to help focus their attempts to circumvent security. |
| |
Solution: |
|
Using the data table in NetRecon, determine how the information was obtained. Either eliminate the service responsible or configure it to not give any clues that can help identify the network resource. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Type = System V; Revision = 4 |
| |
Type = System V |
| |
Type = SunOS |
| |
Type = SunOS; Revision = 5.x+ |
| |
Type = System V |
| |
Type = IP host |
| |
Type = SunOS; Revision = 5.6 |
| |
Type = System V; Revision = 4 |
| |
Type = SunOS; Revision = 5.6 |
| |
Type = IP host |
| |
| |
Vulnerability Name: |
|
open TCP port may allow unauthorized activity |
| |
Level of Risk: |
|
14 |
|
|
| |
Description: |
|
NetRecon has discovered an open TCP port.
When this vulnerability is included in a NetRecon scan report, the following pieces of information are in the Details section:
-port number |
| |
Solution: |
|
If the service using this port is not necessary, disable it. If you don't know what this service is, or didn't expect to see it, verify that the service is not a back door left by an intruder. If the service is required only for internal use, firewall it. If the service is required for external use, consider running it from a demilitarized zone, and use appropriate authentication. |
| |
Additional Information: |
|
If you think your system may have been compromised, see:
http://www.cert.org/nav/recovering.html (1) |
| |
Links: |
|
1. http://www.cert.org/nav/recovering.html
|
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Protocol = TCP; Port = 512; Service = exec |
| |
Protocol = TCP; Port = 513; Service = login |
| |
Protocol = TCP; Port = 32771 |
| |
Protocol = TCP; Port = 514; Service = shell |
| |
Protocol = TCP; Port = 23; Service = telnet |
| |
Protocol = TCP; Port = 512; Service = exec |
| |
Protocol = TCP; Port = 111; Service = portmap |
| |
Protocol = TCP; Port = 32771 |
| |
Protocol = TCP; Port = 21; Service = ftp |
| |
Protocol = TCP; Port = 8080 |
| |
Protocol = TCP; Port = 514; Service = shell |
| |
Protocol = TCP; Port = 8080 |
| |
Protocol = TCP; Port = 19; Service = chargen |
| |
Protocol = TCP; Port = 13; Service = daytime |
| |
Protocol = TCP; Port = 9; Service = discard |
| |
Protocol = TCP; Port = 7; Service = echo |
| |
Protocol = TCP; Port = 79; Service = finger |
| |
Protocol = TCP; Port = 513; Service = login |
| |
Protocol = TCP; Port = 25; Service = smtp |
| |
Protocol = TCP; Port = 23; Service = telnet |
| |
Protocol = TCP; Port = 21; Service = ftp |
| |
Protocol = TCP; Port = 19; Service = chargen |
| |
Protocol = TCP; Port = 13; Service = daytime |
| |
Protocol = TCP; Port = 9; Service = discard |
| |
Protocol = TCP; Port = 7; Service = echo |
| |
Protocol = TCP; Port = 79; Service = finger |
| |
| |
Vulnerability Name: |
|
portmap service allows RPC services to be enumerated |
| |
Level of Risk: |
|
29 |
|
|
| |
Description: |
|
NetRecon has discovered a network resource running the portmap service, and has used portmap to enumerate RPC services.
Remote Procedure Calls (RPC) is a client-server standard for network application communication, allowing applications to communicate and execute functions remotely without having to know anything about the underlying network operating system.
The portmap service can be used to find out which RPC services are running and which ports they're running on, so that an RPC communications session can be started.
Many RPC services are vulnerable to attacks. Knowing which services are running and what ports they're running on helps attackers focus their efforts.
An example of a common RPC service is NFS, which is known to be vulnerable to a wide range of attacks, which could result in unauthorized access to files. |
| |
Solution: |
|
If it's not absolutely necessary, don't use RPC. If it is necessary, be sure to firewall the portmap port (usually 111). Consider using a TCP/UDP wrapper to limit which hosts can access portmap. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Protocol = TCP; Port = 32771; Service = portmap |
| |
Protocol = TCP; Port = 111; Service = portmap |
| |
Protocol = TCP; Port = 32771; Service = portmap |
| |
| |
Vulnerability Name: |
|
Sendmail gecos overflow allows shell users root access |
| |
Level of Risk: |
|
82 |
|
 |
| |
Description: |
|
Versions up to and including 8.7.5 of Berkeley sendmail allows shell users to obtain privileges of root and the default user account (usually daemon). |
| |
Solution: |
|
Upgrade sendmail. |
| |
Additional Information: |
|
See the following CERT Advisory:
ftp://ftp.cert.org/pub/cert_advisories/CA-96.20.sendmail_vul (1) |
| |
Links: |
|
1. ftp://ftp.cert.org/pub/cert_advisories/CA-96.20.sendmail_vul |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Protocol = TCP; Port = 25; Service = smtp |
| |
| |
Vulnerability Name: |
|
Sendmail redirect possible |
| |
Level of Risk: |
|
34 |
|
|
| |
Description: |
|
Versions up to and including 8.8.0 of Berkeley sendmail contain a bug which allows users to redirect any e-mail in the queue addressed to an unqualified domain name to a host of their choosing. In some versions, users may be able to redirect mail even with fully qualified addresses. |
| |
Solution: |
|
Upgrade sendmail. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Vulnerability Name: |
|
Sendmail resource starvation allows shell users root access |
| |
Level of Risk: |
|
83 |
|
|
| |
Description: |
|
Versions up to and including 8.7.5 of Berkeley sendmail allow shell users to execute commands as the default user. |
| |
Solution: |
|
Upgrade sendmail. |
| |
Additional Information: |
|
See the following CERT Advisory:
ftp://ftp.cert.org/pub/cert_advisories/CA-96.20.sendmail_vul (1) |
| |
Links: |
|
1. ftp://ftp.cert.org/pub/cert_advisories/CA-96.20.sendmail_vul |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Protocol = TCP; Port = 25 |
| |
| |
Vulnerability Name: |
|
service identified |
| |
Level of Risk: |
|
39 |
|
|
| |
Description: |
|
NetRecon has identified a service by software product, version, or both.
Knowing the product and/or version allows attackers to precisely focus their attacks.
Berkeley sendmail, for example, is known to be vulnerable to certain exploits in some versions, but not in others. If attackers can identify that you are running a vulnerable version of Berkeley sendmail they can direct known exploits towards those resources. Even for services with no known exploits, it is possible that vulnerabilities will be discovered in the future.
If attackers can obtain version information for a service, they can eliminate attacks known to fail with that version, or try attacks known to work with that version. Eliminating techniques to try is helpful in speeding up the attack, and can also help to avoid alerting administrators, since it is usually possible to monitor attempted exploits of fixed vulnerabilities. |
| |
Solution: |
|
Consider the benefits of product identification and weigh them against the security risk. Remove unique banners from services wherever practical. If the identifying information cannot be suppressed, consider using a different product.
For the extremely security conscious, it can sometimes be worthwhile to provide intentionally misleading identification of the service product and version. This misdirects attackers to attempt to exploit vulnerabilities which are not present. The administrator can monitor such attacks and take appropriate action to stop attackers before they are successful. Keep in mind that incorrect banners will also fool NetRecon. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Service = smtp/SMI Sendmail; Revision = 8.6; Protocol = TCP; Port = 25 |
| |
Service = smtp/SMI Sendmail; Protocol = TCP; Port = 25 |
| |
Service = smtp/Berkeley Sendmail; Revision = 25; Protocol = TCP; Port = 25 |
| |
Service = smtp/Berkeley Sendmail; Protocol = TCP; Port = 25 |
| |
Service = smtp/SMI Sendmail; Protocol = TCP; Port = 25 |
| |
Service = smtp/Berkeley Sendmail; Protocol = TCP; Port = 25 |
| |
Service = smtp/SMI Sendmail; Revision = 8.6; Protocol = TCP; Port = 25 |
| |
Service = smtp/Berkeley Sendmail; Revision = 25; Protocol = TCP; Port = 25 |
| |
| |
Vulnerability Name: |
|
shell service enabled |
| |
Level of Risk: |
|
42 |
|
|
| |
Description: |
|
The shell service provides remote execution facilities with authentication based on privileged port numbers and trustedhosts.;
It is possible to configure this service to allow anyone with a valid user name to execute commands without authentication. |
| |
Solution: |
|
You should disable this service if it isn't needed. Additionally, monitoring attempted access to disabled services can tip you off to the presence of attackers.;
AXENT's Intruder Alert can be used to disable and monitor attempted connections to this service. |
| |
Additional Information: |
| |
Links: |
|
1. http://www.cs.purdue.edu/coast/satan-html/tutorials/vulnerability/remote_shell_access.html
|
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Protocol = TCP; Port = 514; Service = shell |
| |
| |
Vulnerability Name: |
|
smtp service enabled |
| |
Level of Risk: |
|
45 |
|
|
| |
Description: |
|
The smtp service uses the Simple Mail Transfer Protocol (SMTP) to send electronic messages. The smtp service may be used to obtain information about valid user names and other systems in the network.
The smtp service is vulnerable to a variety of attacks. |
| |
Solution: |
|
Disable this service if it isn't necessary. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Protocol = TCP; Port = 25; Service = smtp |
| |
| |
Vulnerability Name: |
|
Solaris library overflows allow remote root access |
| |
Level of Risk: |
|
87 |
|
|
| |
Description: |
|
NetRecon has discovered a network resource running a version of Solaris that may be susceptible to unauthorized access attacks.
Any program linked with libc and/or libnsl on unpatched Solaris 2.5/2.5.1(SunOS 5.5/5.5.1) systems is vulnerable to a buffer overflow. Setuid or setgid programs using these libraries can be exploited to gain access. This vulnerability can be exploited by remote attackers to gain root access.
Note: This vulnerability is detected based on version information, which means NetRecon reports it even if you have applied the solution, as long as the version number remains the same. |
| |
Solution: |
|
Upgrade or patch your operating system. |
| |
Additional Information: |
|
See the following CERT advisory:
ftp://ftp.cert.org/pub/cert_advisories/cert_bulletins/VB-96.18.sun (1) |
| |
Links: |
|
1. ftp://ftp.cert.org/pub/cert_advisories/cert_bulletins/VB-96.18.sun
|
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
| |
| |
Vulnerability Name: |
|
Solaris rpcbind could be on an unprotected high port |
| |
Level of Risk: |
|
13 |
|
|
| |
Description: |
|
NetRecon has discovered a network resource running an operating system version that may be providing a service not protected by a firewall.
SunOS versions 5.3, 5.4, 5.5, 5.5.1, 5.4_x86, 5.5_x86, and 5.5.1_x86ship with an rpcbind program which listens on a high port (greater than32770) as well as the standard TCP and UDP port 111, thus escaping the notice of many firewalls.
Attackers can use this vulnerability to obtain RPC program information, allowing them to identifyhosts running vulnerable RPC programs.
Note: This vulnerability is detected based on version information, which means NetRecon reports it even if you have applied the solution, as long as the version number remains the same. |
| |
Solution: |
|
Upgrade or patch your operating system. |
| |
Additional Information: |
|
See the following CERT Vendor-Initiated Bulletin:
ftp://ftp.cert.org/pub/cert_advisories/cert_bulletins/VB-96.18.sun (1) |
| |
Links: |
|
1. ftp://ftp.cert.org/pub/cert_advisories/cert_bulletins/VB-96.18.sun
|
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
| |
| |
Vulnerability Name: |
|
Solaris rpcbind high port is open |
| |
Level of Risk: |
|
32 |
|
|
| |
Description: |
|
NetRecon has discovered a network resource running a service that may not be protected by a firewall.
SunOS versions 5.3, 5.4, 5.5, 5.5.1, 5.4_x86, 5.5_x86, and 5.5.1_x86ship with an rpcbind program which listens on a high port (greater than32770) as well as the standard TCP and UDP port 111, thus escaping the notice of many firewalls.
Attackers can use this vulnerability to obtain RPC program information, allowing them to identifyhosts running vulnerable RPC programs.
Note: This vulnerability is detected based on version information, which means NetRecon reports it even if you have applied the solution, as long as the version number remains the same. |
| |
Solution: |
|
Upgrade or patch your operating system or only permit rpcbind to run on a privileged port (1-1024). |
| |
Additional Information: |
|
See the following CERT Vendor-Initiated Bulletin:
ftp://ftp.cert.org/pub/cert_advisories/cert_bulletins/VB-96.18.sun (1) |
| |
Links: |
|
1. ftp://ftp.cert.org/pub/cert_advisories/cert_bulletins/VB-96.18.sun
|
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Protocol = TCP; Port = 32771; Service = portmap |
| |
| |
Vulnerability Name: |
|
telnet service enabled |
| |
Level of Risk: |
|
42 |
|
|
| |
Description: |
|
NetRecon has discovered a network resource running the telnet service.
The telnet service provides remote execution facilities with authentication based on user names and passwords.
Since the service relies on user names and passwords for authentication, it is vulnerable to user name and password guessing. |
| |
Solution: |
|
You should disable this service if it isn't needed. Additionally, monitoring attempted access to disabled services can tip you off to the presence of attackers.
AXENT's Intruder Alert can be used to disable and monitor attempted connections to this service. |
| |
Additional Information: |
| |
Links: |
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
|
Protocol = TCP; Port = 23; Service = telnet |
| |
| |
Vulnerability Name: |
|
volrmmount allows shell users root access |
| |
Level of Risk: |
|
91 |
|
|
| |
Description: |
|
NetRecon has discovered a network resource running an operating system version known to be susceptible to unauthorized access attacks.
Version 5.6 of SunOS contains a vulnerable volrmmount program which can be used by shell users to read any file on the system, or obtain root access.
Note: This vulnerability is detected based on version information, which means NetRecon reports it even if you have already applied the appropriate patch or disabled volrmmount. |
| |
Solution: |
|
Install the appropriate patch, or disable volrmmount. |
| |
Additional Information: |
|
CIAC Security Bulletin about this vulnerability:
http://ciac.llnl.gov/ciac/bulletins/i-030.shtml (1) |
| |
Links: |
|
1. http://ciac.llnl.gov/ciac/bulletins/i-030.shtml
|
| |
# of Network Resources: |
|
1 |
| |
| |
Network Resource Name |
|
Aliases |
|
Network Resource Type |
|
Details |
| |
|
|
|
|
|
| |
| |
Page -1 of 1 |