The Vulnerability Analysis report addresses the security of 1 host
- 7 security holes have been found
- 19 security warnings have been found
- 49 security notes have been found
Part I : Graphical Summary :
Part II. Results, by host :
192.168.100.205
Repartition of the level of the security problems :
Port Scan: List of open ports :
- ssh (22/tcp) (Security warnings found)
- ftp (21/tcp) (Security notes found)
- smtp (25/tcp) (Security hole found)
- domain (53/tcp) (Security hole found)
- http (80/tcp) (Security hole found)
- sunrpc (111/tcp) (Security notes found)
- pop3 (110/tcp) (Security notes found)
- imap (143/tcp) (Security notes found)
- netbios-ssn (139/tcp) (Security hole found)
- smux (199/tcp) (Security notes found)
- https (443/tcp) (Security hole found)
- printer (515/tcp) (Security notes found)
- pop3s (995/tcp) (Security warnings found)
- imaps (993/tcp) (Security warnings found)
- msg (1241/tcp) (Security warnings found)
- mysql (3306/tcp) (Security notes found)
- vnc-http-1 (5801/tcp) (Security warnings found)
- vnc-1 (5901/tcp) (Security warnings found)
- x11 (6000/tcp) (Security warnings found)
- X11:1 (6001/tcp) (Security warnings found)
- snet-sensor-mgmt (10000/tcp) (Security hole found)
- domain (53/udp) (Security notes found)
- unknown (32769/tcp) (Security warnings found)
- sunrpc (111/udp) (Security notes found)
- unknown (32768/udp) (Security hole found)
- unknown (32768/tcp) (Security notes found)
- general/tcp (Security notes found)
- netbios-ns (137/udp) (Security warnings found)
Warning found on port ssh (22/tcp)
The remote SSH daemon supports connections made
using the version 1.33 and/or 1.5 of the SSH protocol.
These protocols are not completely cryptographically
safe so they should not be used.
Solution :
If you use OpenSSH, set the option 'Protocol' to '2'
If you use SSH.com's set the option 'Ssh1Compatibility' to 'no'
Risk factor : Low
Vulnerability ID : 10882
Information found on port ssh (22/tcp)
Information found on port ssh (22/tcp)
Information found on port ssh (22/tcp)
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.33
. 1.5
. 1.99
. 2.0
Vulnerability ID : 10881
Information found on port ftp (21/tcp)
An FTP server is running on this port.
Here is its banner :
220 FTP server (Version wu-2.6.2-8) ready.
Vulnerability ID : 10330
Information found on port ftp (21/tcp)
Vulnerability found on port smtp (25/tcp)
smrsh (supplied by Sendmail) is designed to prevent the execution of
commands outside of the restricted environment. However, when commands
are entered using either double pipes (||) or a mixture of dot
and slash characters, a user may be able to bypass the checks
performed by smrsh. This can lead to the execution of commands
outside of the restricted environment.
Solution : upgrade to the latest version of Sendmail (or at least 8.12.8).
Risk factor : Medium
CVE : CAN-2002-1165
BID : 5845
Vulnerability ID : 11321
Information found on port smtp (25/tcp)
An SMTP server is running on this port
Here is its banner :
220 ns1.s.com ESMTP Sendmail 8.12.8/8.12.5; Wed, 19 Mar 2003 23:29:24 -0500
Vulnerability ID : 10330
Information found on port smtp (25/tcp)
Remote SMTP server banner :
220 ns1.s.com ESMTP Sendmail 8.12.8/8.12.5; Wed, 19 Mar 2003 23:30:12 -0500
This is probably: Sendmail version 8.12.8
Vulnerability ID : 10263
Information found on port smtp (25/tcp)
For some reason, we could not send the EICAR test string to this MTA
Vulnerability ID : 11034
Vulnerability found on port domain (53/tcp)
The remote BIND 9 server, according to its
version number, is vulnerable to a buffer
overflow which may allow an attacker to
gain a shell on this host or to disable
this server.
Solution : upgrade to bind 9.2.2 or downgrade to the 8.x series
See also : http://www.isc.org/products/BIND/bind9.html
Risk factor : High
Vulnerability ID : 11318
Warning found on port domain (53/tcp)
The remote name server allows DNS zone transfers to be performed.
This information is of great use to an attacker who may use it
to gain information about the topology of your network and spot new
targets.
Solution: Restrict DNS zone transfers to only the servers that absolutely
need it.
Risk factor : Medium
CVE : CAN-1999-0532
Vulnerability ID : 10595
Warning found on port domain (53/tcp)
The remote name server allows recursive queries to be performed
by the host running Vulnerabilityd.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as www.Vulnerability.org).
This allows hackers to do cache poisoning attacks against this
nameserver.
See also : http://www.cert.org/advisories/CA-1997-22.html
Solution : Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction
'allow-recursion' in the 'options' section of your named.conf
If you are using another name server, consult its documentation.
Risk factor : Serious
CVE : CVE-1999-0024
BID : 678
Vulnerability ID : 10539
Information found on port domain (53/tcp)
Information found on port domain (53/tcp)
A DNS server is running on this port. If you
do not use it, disable it.
Risk factor : Low
Vulnerability ID : 11002
Vulnerability found on port http (80/tcp)
MacOS X creates a hidden file, '.DS_Store' in each directory that has been viewed with the 'Finder'. This file
contains a list of the contents of the directory, giving an attacker information on the structure and contents of your website.
Solution: Use a <FilesMatch> directive in httpd.conf to forbid retrieval of this file:
<FilesMatch '^\.[Dd][Ss]_[Ss]'>
Order allow, deny
Deny from all
</FilesMatch>
and restart Apache.
Risk factor : Medium / High (depending on the sensitivity of your web content)
References:
www.macintouch.com/mosxreaderreports46.html
BID : 3316
Vulnerability ID : 10756
Warning found on port http (80/tcp)
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Risk factor : Medium
Vulnerability ID : 11213
Warning found on port http (80/tcp)
Information found on port http (80/tcp)
Information found on port http (80/tcp)
The following directories were discovered:
/catalog, /cgi-bin, /error, /icons, /manual, /store, /usage
Vulnerability ID : 11032
Information found on port http (80/tcp)
The remote web server type is :
Apache/2.0.40 (Red Hat Linux)
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Vulnerability ID : 10107
Information found on port sunrpc (111/tcp)
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommand you filter traffic
going to this port.
Risk factor : Low
CVE : CAN-1999-0632, CVE-1999-0189
BID : 205
Vulnerability ID : 10223
Information found on port sunrpc (111/tcp)
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
Vulnerability ID : 11111
Information found on port pop3 (110/tcp)
Information found on port pop3 (110/tcp)
The remote POP3 servers leaks information about the software it is running,
through the login banner. This may assist an attacker in choosing an attack
strategy.
Versions and types should be omitted where possible.
Solution: Change the login banner to something generic.
Risk factor : Low
Vulnerability ID : 10185
Information found on port imap (143/tcp)
Vulnerability found on port netbios-ssn (139/tcp)
The remote Samba server, according to its version number,
may be vulnerable to a remote buffer overflow when receiving
specially crafted SMB fragment packets.
An attacker needs to be able to access at least one
share to exploit this flaw.
Solution : upgrade to Samba 2.2.8
Risk factor : High
CVE : CAN-2003-0085, CAN-2003-0086
Vulnerability ID : 11398
Information found on port netbios-ssn (139/tcp)
The remote native lan manager is : Samba 2.2.7
The remote Operating System is : Unix
The remote SMB Domain Name is : S
Vulnerability ID : 10785
Information found on port smux (199/tcp)
Vulnerability found on port https (443/tcp)
MacOS X creates a hidden file, '.DS_Store' in each directory that has been viewed with the 'Finder'. This file contains a list of the contents of the directory, giving an attacker information on the structure and contents of your website.
Solution: Use a <FilesMatch> directive in httpd.conf to forbid retrieval of this file:
<FilesMatch '^\.[Dd][Ss]_[Ss]'>
Order allow, deny
Deny from all
</FilesMatch>
and restart Apache.
Risk factor : Medium / High (depending on the sensitivity of your web content)
References:
www.macintouch.com/mosxreaderreports46.html
BID : 3316
Vulnerability ID : 10756
Warning found on port https (443/tcp)
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
Risk factor : Medium
Vulnerability ID : 11213
Warning found on port https (443/tcp)
Information found on port https (443/tcp)
Information found on port https (443/tcp)
The following directories were discovered:
/catalog, /cgi-bin, /error, /icons, /manual, /store, /usage
Vulnerability ID : 11032
Information found on port https (443/tcp)
The remote web server type is :
Apache/2.0.40 (Red Hat Linux)
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Vulnerability ID : 10107
Information found on port printer (515/tcp)
An unknown server is running on this port.
If you know what it is, please send this banner to the Vulnerability team:
00: 01 6e 6f 20 63 6f 6e 6e 65 63 74 20 70 65 72 6d .no connect perm
10: 69 73 73 69 6f 6e 73 0a issions.
Vulnerability ID : 11154
Warning found on port pop3s (995/tcp)
The SSLv2 server offers 3 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
Vulnerability ID : 10863
Information found on port pop3s (995/tcp)
Information found on port pop3s (995/tcp)
Information found on port pop3s (995/tcp)
The remote POP3 servers leaks information about the software it is running,
through the login banner. This may assist an attacker in choosing an attack
strategy.
Versions and types should be omitted where possible.
Solution: Change the login banner to something generic.
Risk factor : Low
Vulnerability ID : 10185
Information found on port pop3s (995/tcp)
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=localhost.localdomain/Email=root@localhost.localdomain
Validity
Not Before: Oct 2 19:19:57 2002 GMT
Not After : Oct 2 19:19:57 2003 GMT
Subject: C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=localhost.localdomain/Email=root@localhost.localdomain
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:d7:e0:a5:64:f9:99:cc:d2:11:92:4c:14:33:6e:
1e:ec:7b:37:5c:a4:b7:9c:f2:5d:dd:3c:22:22:b3:
91:8a:9a:b9:91:eb:90:3f:c8:a7:6c:74:37:21:2e:
42:53:2d:47:ea:42:d2:1f:81:3e:f8:7e:56:9c:33:
04:2c:b1:c6:9f:32:3d:a2:b8:ea:4a:26:60:db:8e:
ca:10:b2:db:f9:7f:5d:a2:ce:2b:70:ea:14:1a:ac:
Information found on port pop3s (995/tcp)
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC3-MD5
Vulnerability ID : 10863
Information found on port pop3s (995/tcp)
This TLSv1 server also accepts SSLv2 connections.
This TLSv1 server also accepts SSLv3 connections.
Vulnerability ID : 10863
Warning found on port imaps (993/tcp)
The SSLv2 server offers 3 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
Vulnerability ID : 10863
Information found on port imaps (993/tcp)
Information found on port imaps (993/tcp)
Information found on port imaps (993/tcp)
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=localhost.localdomain/Email=root@localhost.localdomain
Validity
Not Before: Oct 2 19:19:56 2002 GMT
Not After : Oct 2 19:19:56 2003 GMT
Subject: C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=localhost.localdomain/Email=root@localhost.localdomain
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:bf:6d:81:f1:f4:81:af:13:16:0e:2c:2b:17:44:
f5:2f:58:bd:d7:05:df:54:fe:d0:d8:cd:d4:d8:ea:
00:05:a7:25:27:22:34:4a:81:09:89:1e:52:4c:e7:
4e:21:8c:ac:a2:37:3f:31:34:b8:d3:5f:20:fb:69:
52:b8:8d:ed:8a:b4:f4:31:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:D1:60:81:EC:63:3F:33:11:AE:24:04:50:46:29:EC:5C:F1:43:1D
X509v3 Authority Key Identifier:
keyid:D0:D1:60:81:EC:63:3F:33:11:AE:24:04:50:46:29:EC:5C:F1:43:1D
DirName:/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/ CN=localhost.localdomain/Email=root@localhost.localdomain
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
35:d4:c1:02:63:ad:72:39:1f:5b:d8:e1:1a:54:d0:0c:77:49:
8:bf:39:9c:28:f7:98:ac:8f:
82:ed:20:1d:3f:7a:b5:7b:f6:02:ec:e9:24:c3:75:c1:a9:64:
21:42:70:0f:42:6b:fb:9c:ad:89:a7:ec:8c:56:34:4f:a1:b9:
94:b2
Vulnerability ID : 10863
Information found on port imaps (993/tcp)
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC3-MD5
Vulnerability ID : 10863
Information found on port imaps (993/tcp)
This TLSv1 server also accepts SSLv2 connections.
This TLSv1 server also accepts SSLv3 connections.
Vulnerability ID : 10863
Warning found on port msg (1241/tcp)
Information found on port msg (1241/tcp)
Information found on port msg (1241/tcp)
Here is the TLSv1 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=FL, L=Fort Lauderdale, O=s.com, OU=Certification Authority for ns1.s.com, CN=ns1.s.com/Email=ca@ns1.s.com
Validity
Not Before: Mar 16 17:33:40 2003 GMT
Not After : Mar 15 17:33:40 2004 GMT
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:9e:a9:4b:f0:69:dd:79:9f:9c:2e:66:3c:c4:7e:
a8:18:cd:2b:26:69:e2:7e:a7:94:26:0f:c7:fc:db:
ff:65:cb:d1:44:e3:9f:75:f3:d1:67:63:59:24:9b:
7a:b7:bc:36:14:c6:00:34:c3:b0:0c:62:bd:1c:5f:
47:eb:56:ce:bb:14:2b:ce:be:18:60:4d:45:a4:d7:
11:3f:bd:77:8e:e7:92:e8:6f:67:c3:0b:71:ab:93:
5d:1e:ce:94:85:b8:3a:86:e4:57:a2:9e:30:14:b5:
18:9e:e4:1e:69:d3:d0:63:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Cert Type:
SSL Server
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
60:1A:06:EB:77:8C:CC:EB:5E:99:C5:2D:83:20:7A:A1:CC:E1:E5:0F
X509v3 Authority Key Identifier:
keyid:9A:96:70:18:9F:F9:6F:D2:01:66:7D:CA:24:3B:5A:A6:85:D8:8A:98
serial:00
X509v3 Subject Alternative Name:
email:Vulnerabilityd@ns1.s.com
X509v3 Issuer Alternative Name:
<EMPTY>
Signature Algorithm: md5WithRSAEncryption
3f:28:fc:1c:8a:50:90:75:97:c6:9a:84:58:7e:3d:a3:ae:f6:
1f:4b:9a:0a:79:11:48:d5:f6:3c:17:4e:52:3f:7c:db:95:73:
f3:2d:c1:34:74:8c:db:ca:25:1e:7c:48:9a:8f:8e:56:0f:b5:
25:86:4c:0c:0a:e3:bd:94:9f:ec:92:2a:66:38:d4:3f:59:f0:
f4:98:df:c6:df:84:ff:8f:af:bb:11:88:14:a9:cd:26:37:ca:
d3:ed:55:1e:57:c7:bc:91:c0:a7:a7:fa:92:28:04:66:72:09:
26:fa
Vulnerability ID : 10863
Information found on port msg (1241/tcp)
This TLSv1 server does not accept SSLv2 connections.
This TLSv1 server does not accept SSLv3 connections.
Vulnerability ID : 10863
Information found on port mysql (3306/tcp)
An unknown service is running on this port.
It is usually reserved for MySQL
Vulnerability ID : 10330
Warning found on port vnc-http-1 (5801/tcp)
The remote server is running VNC.
VNC permits a console to be displayed remotely.
Solution: Disable VNC access from the network by
using a firewall, or stop VNC service if not needed.
Risk factor : Medium
Vulnerability ID : 10758
Information found on port vnc-http-1 (5801/tcp)
Warning found on port vnc-1 (5901/tcp)
The remote server is running VNC.
VNC permits a console to be displayed remotely.
Solution: Disable VNC access from the network by
using a firewall, or stop VNC service if not needed.
Risk factor : Medium
Vulnerability ID : 10342
Warning found on port vnc-1 (5901/tcp)
Warning found on port x11 (6000/tcp)
This X server does *not* allow any client to connect to it
however it is recommended that you filter incoming connections
to this port as attacker may send garbage data and slow down
your X session or even kill the server.
Here is the server version : 11.0
Here is the message we received : No protocol specified
Solution : filter incoming connections to ports 6000-6009
Risk factor : Low
CVE : CVE-1999-0526
Vulnerability ID : 10407
Warning found on port X11:1 (6001/tcp)
This X server does *not* allow any client to connect to it
however it is recommended that you filter incoming connections
to this port as attacker may send garbage data and slow down
your X session or even kill the server.
Here is the server version : 11.0
Here is the message we received : Client is not authorized to connect to Server
Solution : filter incoming connections to ports 6000-6009
Risk factor : Low
CVE : CVE-1999-0526
Vulnerability ID : 10407
Vulnerability found on port snet-sensor-mgmt (10000/tcp)
The remote HTTP server
allows an attacker to read arbitrary files
on the remote web server, simply by adding
dots in front of its name.
Example:
GET /../../winnt/boot.ini
will return your C:\winnt\boot.ini file.
Solution : Upgrade your web server to a
version that solves this vulnerability, or
consider changing to another web server, such
as Apache (http://www.apache.org).
Risk factor : Serious
CVE : CAN-1999-0776
BID : 270
Vulnerability ID : 10010
Warning found on port snet-sensor-mgmt (10000/tcp)
The remote server is running Webmin.
Webmin is a web-based interface for system administration for Unix.
Solution: Stop Webmin service if not needed or configure the access
See menu [Webmin Configuration][IP Access Control]
and/or [Webmin Configuration][Port and Address]
For more info see http://www.webmin.net/
Risk factor : Medium
Vulnerability ID : 10757
Information found on port snet-sensor-mgmt (10000/tcp)
Information found on port snet-sensor-mgmt (10000/tcp)
The remote web servers is [mis]configured in that it
does not return '404 Not Found' error codes when
a non-existent file is requested, perhaps returning
a site map or search page instead.
Vulnerability enabled some counter measures for that, however
they might be insufficient. If a great number of security
holes are produced for this port, they might not all be accurate
Vulnerability ID : 10386
Information found on port snet-sensor-mgmt (10000/tcp)
The remote web server type is :
MiniServ/0.01
Solution : We recommend that you configure (if possible) your web server to return
a bogus Server header in order to not leak information.
Vulnerability ID : 10107
Information found on port domain (53/udp)
A DNS server is running on this port. If you
do not use it, disable it.
Risk factor : Low
Vulnerability ID : 11002
Warning found on port unknown (32769/tcp)
The fam RPC service is running.
Several versions of this service have
a well-known buffer overflow condition
that allows intruders to execute
arbitrary commands as root on this system.
Solution : disable this service in /etc/inetd.conf
More information : http://www.nai.com/nai_labs/asp_set/advisory/16_fam_adv.asp
Risk factor : High
CVE : CVE-1999-0059
BID : 353
Vulnerability ID : 10216
Information found on port unknown (32769/tcp)
Information found on port sunrpc (111/udp)
RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port
Vulnerability ID : 11111
Vulnerability found on port unknown (32768/udp)
The remote statd service may be vulnerable
to a format string attack.
This means that an attacker may execute arbitrary
code thanks to a bug in this daemon.
*** Vulnerability reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled.
Solution : upgrade to the latest version of rpc.statd
Risk factor : High
CVE : CVE-2000-0666
BID : 1480
Vulnerability ID : 10544
Warning found on port unknown (32768/udp)
The statd RPC service is running.
This service has a long history of
security holes, so you should really
know what you are doing if you decide
to let it run.
* NO SECURITY HOLES REGARDING THIS
PROGRAM HAVE BEEN TESTED, SO
THIS MIGHT BE A FALSE POSITIVE *
We suggest that you disable this
service.
Risk factor : High
CVE : CVE-1999-0018, CVE-1999-0019, CVE-1999-0493
BID : 127, 450
Vulnerability ID : 10235
Information found on port unknown (32768/udp)
Information found on port unknown (32768/tcp)
Information found on port general/tcp
Warning found on port netbios-ns (137/udp)
. The following 5 NetBIOS names have been gathered :
NS1.S.C = This is the computer name registered for workstation services by a WINS client.
NS1.S.C = Computer name that is registered for the messenger service on a computer that is a WINS client.
NS1.S.C
S = Workgroup / Domain name
S = Workgroup / Domain name (part of the Browser elections)
. This SMB server seems to be a SAMBA server (this is not a security
risk, this is for your information). This can be told because this server
claims to have a null MAC address
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE : CAN-1999-0621
Vulnerability ID : 10150