Nessus Report

Nessus Scan Report

27/Jun/2013:04:58:03

Table Of Contents
Remediations
Suggested Remediations
Hosts Summary (Executive)
192.168.1.28
192.168.1.146

Remediations

[-] Collapse All
[+] Expand All

Suggested Remediations

Taking the following actions across 2 hosts would resolve 42% of the vulnerabilities on the network:
Action to take Vulns Hosts
OpenSSH LoginGraceTime / MaxStartups DoS: Upgrade to OpenSSH 6.2 and review the associated server configuration settings. 27 1
MS05-051: Vulnerabilities in MSDTC Could Allow Remote Code Execution (902400) (uncredentialed check): Microsoft has released a set of patches for Windows 2000, XP and 2003. 4 1
Microsoft IIS / Site Server codebrws.asp Arbitrary Source Disclosure: Apply the patch referenced above. 1 1
MS05-027: Vulnerability in SMB Could Allow Remote Code Execution (896422) (uncredentialed check): Microsoft has released a set of patches for Windows 2000, XP and 2003. 1 1
MS05-039: Vulnerability in Plug and Play Service Could Allow Remote Code Execution (899588) (uncredentialed check): Microsoft has released a set of patches for Windows 2000, XP and 2003. 1 1

Hosts Summary (Executive)

[-] Collapse All
[+] Expand All

192.168.1.28

Summary

Critical High Medium Low Info Total
1 4 12 5 20 42

Details

Severity Plugin Id Name
Critical (10.0) 33850 Unsupported Unix Operating System
High (9.3) 22466 OpenSSH < 4.4 Multiple Vulnerabilities
High (7.5) 44077 OpenSSH < 4.5 Multiple Vulnerabilities
High (7.5) 44078 OpenSSH < 4.7 Trusted X11 Cookie Connection Policy Bypass
High 33929 PCI DSS compliance
Medium (6.9) 31737 OpenSSH X11 Forwarding Session Hijacking
Medium (6.8) 44081 OpenSSH < 5.7 Multiple Vulnerabilities
Medium (6.8) 56283 Linux Kernel TCP Sequence Number Generation Security Weakness
Medium (6.5) 44079 OpenSSH < 4.9 'ForceCommand' Directive Bypass
Medium (6.4) 17744 OpenSSH >= 2.3.0 AllowTcpForwarding Port Bouncing
Medium (5.0) 12213 TCP/IP Sequence Prediction Blind Reset Spoofing DoS
Medium (5.0) 17704 OpenSSH S/KEY Authentication Account Enumeration
Medium (5.0) 67140 OpenSSH LoginGraceTime / MaxStartups DoS
Medium (4.6) 44076 OpenSSH < 4.3 scp Command Line Filename Processing Command Injection
Medium (4.3) 17705 OPIE w/ OpenSSH Account Enumeration
Medium (4.0) 17703 OpenSSH < 5.9 Multiple DoS
Medium (4.0) 44065 OpenSSH < 5.2 CBC Plaintext Disclosure
Low (3.5) 19592 OpenSSH < 4.2 Multiple Vulnerabilities
Low (2.6) 70658 SSH Server CBC Mode Ciphers Enabled
Low (2.6) 71049 SSH Weak MAC Algorithms Enabled
Low (2.1) 53841 Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
Low (1.2) 44080 OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
Info 10114 ICMP Timestamp Request Remote Date Disclosure
Info 10267 SSH Server Type and Version Information
Info 10287 Traceroute Information
Info 10662 Web mirroring
Info 10881 SSH Protocol Versions Supported
Info 11032 Web Server Directory Enumeration
Info 11219 Nessus SYN scanner
Info 11936 OS Identification
Info 18261 Apache Banner Linux Distribution Disclosure
Info 19506 Nessus Scan Information
Info 20094 VMware Virtual Machine Detection
Info 22964 Service Detection
Info 25220 TCP/IP Timestamps Supported
Info 35716 Ethernet Card Manufacturer Detection
Info 45590 Common Platform Enumeration (CPE)
Info 54615 Device Type
Info 56209 PCI DSS Compliance : Remote Access Software Has Been Detected
Info 60020 PCI DSS Compliance : Handling False Positives
Info 66334 Patch Report
Info 70657 SSH Algorithms and Languages Supported

192.168.1.146

Summary

Critical High Medium Low Info Total
17 4 21 1 54 97

Details

Severity Plugin Id Name
Critical (10.0) 10357 Microsoft IIS MDAC RDS (msadcs.dll) Arbitrary Remote Command Execution
Critical (10.0) 11808 MS03-026: Microsoft RPC Interface Buffer Overrun (823980) (uncredentialed check)
Critical (10.0) 11835 MS03-039: Microsoft RPC Interface Buffer Overrun (824146) (uncredentialed check)
Critical (10.0) 11890 MS03-043: Buffer Overrun in Messenger Service (828035) (uncredentialed check)
Critical (10.0) 12209 MS04-011: Security Update for Microsoft Windows (835732) (uncredentialed check)
Critical (10.0) 13852 MS04-022: Microsoft Windows Task Scheduler Remote Overflow (841873) (uncredentialed check)
Critical (10.0) 18502 MS05-027: Vulnerability in SMB Could Allow Remote Code Execution (896422) (uncredentialed check)
Critical (10.0) 19407 MS05-043: Vulnerability in Printer Spooler Service Could Allow Remote Code Execution (896423) (uncredentialed check)
Critical (10.0) 19408 MS05-039: Vulnerability in Plug and Play Service Could Allow Remote Code Execution (899588) (uncredentialed check)
Critical (10.0) 20008 MS05-051: Vulnerabilities in MSDTC Could Allow Remote Code Execution (902400) (uncredentialed check)
Critical (10.0) 21193 MS05-047: Plug and Play Remote Code Execution and Local Privilege Elevation (905749) (uncredentialed check)
Critical (10.0) 21334 MS06-018: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow DoS (913580) (uncredentialed check)
Critical (10.0) 21655 MS04-012: Cumulative Update for Microsoft RPC/DCOM (828741) (uncredentialed check)
Critical (10.0) 22194 MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution (921883) (uncredentialed check)
Critical (10.0) 34477 MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (uncredentialed check)
Critical (10.0) 35362 MS09-001: Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687) (uncredentialed check)
Critical (10.0) 47709 Microsoft Windows 2000 Unsupported Installation Detection
High (7.5) 11161 Microsoft Data Access Components RDS Data Stub Remote Overflow
High (7.5) 22034 MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159) (uncredentialed check)
High (7.5) 34460 Unsupported Web Server Detection
High 33929 PCI DSS compliance
Medium (6.4) 56818 CGI Generic Cross-Site Request Forgery Detection (potential)
Medium (5.0) 10079 Anonymous FTP Enabled
Medium (5.0) 10573 Microsoft IIS 5.0 ServerVariables_Jscript.asp Path Disclosure
Medium (5.0) 10956 Microsoft IIS / Site Server codebrws.asp Arbitrary Source Disclosure
Medium (5.0) 12213 TCP/IP Sequence Prediction Blind Reset Spoofing DoS
Medium (5.0) 12229 Microsoft IIS Cookie information disclosure
Medium (5.0) 18585 Microsoft Windows SMB Service Enumeration via \srvsvc
Medium (5.0) 18602 Microsoft Windows SMB svcctl MSRPC Interface SCM Service Enumeration
Medium (5.0) 26920 Microsoft Windows SMB NULL Session Authentication
Medium (5.0) 45517 MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832) (uncredentialed check)
Medium (5.0) 56210 Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration Without Credentials
Medium (5.0) 56211 SMB Use Host SID to Enumerate Local Users Without Credentials
Medium (5.0) 57608 SMB Signing Disabled
Medium (4.3) 10572 Microsoft IIS 5.0 Form_JScript.asp XSS
Medium (4.3) 11213 HTTP TRACE / TRACK Methods Allowed
Medium (4.3) 39466 CGI Generic Cross-Site Scripting (quick test)
Medium (4.3) 44136 CGI Generic Cookie Injection Scripting
Medium (4.3) 47831 CGI Generic Cross-Site Scripting (comprehensive test)
Medium (4.3) 49067 CGI Generic HTML Injections (quick test)
Medium (4.3) 55903 CGI Generic Cross-Site Scripting (extended patterns)
Medium 56208 PCI DSS Compliance : Insecure Communication Has Been Detected
Low (2.6) 34324 FTP Supports Clear Text Authentication
Info 10077 Microsoft FrontPage Extensions Check
Info 10092 FTP Server Detection
Info 10107 HTTP Server Type and Version
Info 10114 ICMP Timestamp Request Remote Date Disclosure
Info 10150 Windows NetBIOS / SMB Remote Host Information Disclosure
Info 10263 SMTP Server Detection
Info 10287 Traceroute Information
Info 10394 Microsoft Windows SMB Log In Possible
Info 10395 Microsoft Windows SMB Shares Enumeration
Info 10397 Microsoft Windows SMB LanMan Pipe Server Listing Disclosure
Info 10661 Microsoft IIS 5 .printer ISAPI Filter Enabled
Info 10662 Web mirroring
Info 10736 DCE Services Enumeration
Info 10785 Microsoft Windows SMB NativeLanManager Remote System Information Disclosure
Info 10859 Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration
Info 10860 SMB Use Host SID to Enumerate Local Users
Info 10902 Microsoft Windows 'Administrators' Group User List
Info 10904 Microsoft Windows 'Backup Operators' Group User List
Info 10913 Microsoft Windows - Local Users Information : Disabled accounts
Info 10914 Microsoft Windows - Local Users Information : Never changed passwords
Info 10915 Microsoft Windows - Local Users Information : User has never logged on
Info 10916 Microsoft Windows - Local Users Information : Passwords never expire
Info 11011 Microsoft Windows SMB Service Detection
Info 11032 Web Server Directory Enumeration
Info 11219 Nessus SYN scanner
Info 11422 Web Server Unconfigured - Default Install Page Present
Info 11424 WebDAV Detection
Info 11874 Microsoft IIS 404 Response Service Pack Signature
Info 11936 OS Identification
Info 12053 Host Fully Qualified Domain Name (FQDN) Resolution
Info 17651 Microsoft Windows SMB : Obtains the Password Policy
Info 17975 Service Detection (GET request)
Info 19506 Nessus Scan Information
Info 20094 VMware Virtual Machine Detection
Info 22319 MSRPC Service Detection
Info 22964 Service Detection
Info 24260 HyperText Transfer Protocol (HTTP) Information
Info 24269 Windows Management Instrumentation (WMI) Available
Info 24786 Nessus Windows Scan Not Performed with Admin Privileges
Info 25220 TCP/IP Timestamps Supported
Info 26917 Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry
Info 33817 CGI Generic Tests Load Estimation (all tests)
Info 35716 Ethernet Card Manufacturer Detection
Info 39470 CGI Generic Tests Timeout
Info 40984 Browsable Web Directories
Info 43111 HTTP Methods Allowed (per directory)
Info 45590 Common Platform Enumeration (CPE)
Info 47830 CGI Generic Injectable Parameter
Info 49704 External URLs
Info 54615 Device Type
Info 56209 PCI DSS Compliance : Remote Access Software Has Been Detected
Info 59861 Remote web server screenshot
Info 60020 PCI DSS Compliance : Handling False Positives
Info 66334 Patch Report