|
Detail Vulnerability Report - 2005-05-16 07:50:15 GMT-5 |
 |
|
|
This report gives details on hosts that were tested and issues that were found.
Please follow the recommended steps and procedures to eradicate these threats.
|
| Scan Details |
| Hosts which were alive and responding during test |
1 |
| Number of security holes found |
5 |
| Number of security warnings found |
1 |
|
| Analysis of host: www.website.com |
| Address of Host |
Port/Service |
Issue regarding Port |
| www.website.com |
smtp (25/tcp) |
Security Hole |
| www.website.com |
pop3s (995/tcp) |
Security Hole |
| www.website.com |
ntp (123/udp) |
Security Note |
|
| Security Issues and Fixes: www.website.com |
| Type |
Port |
Issue and Fix |
|
Vulnerability |
smtp (25/tcp) |
The remote sendmail server, according to its version number,
may be vulnerable to a remote buffer overflow allowing remote
users to gain root privileges.
Sendmail versions from 5.79 to 8.12.8 are vulnerable.
Solution : Upgrade to Sendmail ver 8.12.9 or greater or
if you cannot upgrade, apply patches for 8.10-12 here:
http://www.sendmail.org/patchps.html
NOTE: manual patches do not change the version numbers.
Vendors who have released patched versions of sendmail
may still falsely show vulnerability.
*** Nessus reports this vulnerability using only
*** the banner of the remote SMTP server. Therefore,
*** this might be a false positive.
Risk factor : High
CVE: CAN-2003-0161
BID: 7230
Other references : RHSA:RHSA-2003:120-01
|
|
Vulnerability |
smtp (25/tcp) |
The remote sendmail server, according to its version number,
may be vulnerable to a remote buffer overflow allowing remote
users to gain root privileges.
Sendmail versions from 5.79 to 8.12.7 are vulnerable.
Solution : Upgrade to Sendmail ver 8.12.8 or greater or
if you cannot upgrade, apply patches for 8.10-12 here:
http://www.sendmail.org/patchcr.html
NOTE: manual patches do not change the version numbers.
Vendors who have released patched versions of sendmail
may still falsely show vulnerability.
*** Nessus reports this vulnerability using only
*** the banner of the remote SMTP server. Therefore,
*** this might be a false positive.
see http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
http://www.cert.org/advisories/CA-2003-07.html
http://www.kb.cert.org/vuls/id/398025
Risk factor : High
CVE: CAN-2002-1337, CVE-2001-1349
BID: 2794, 6991
Other references : IAVA:2003-A-0002
|
|
Vulnerability |
smtp (25/tcp) |
The remote sendmail server, according to its version number,
may be vulnerable to a buffer overflow its DNS handling code.
The owner of a malicious name server could use this flaw
to execute arbitrary code on this host.
Solution : Upgrade to Sendmail 8.12.5
Risk factor : High
CVE: CVE-2002-0906
BID: 5122
|
|
Vulnerability |
smtp (25/tcp) |
The remote sendmail server, according to its version number,
may be vulnerable to a remote buffer overflow allowing remote
users to gain root privileges.
Sendmail versions from 5.79 to 8.12.9 are vulnerable.
Solution : Upgrade to Sendmail ver 8.12.10.
See also : http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html
NOTE: manual patches do not change the version numbers.
Vendors who have released patched versions of sendmail
may still falsely show vulnerability.
*** Nessus reports this vulnerability using only
*** the banner of the remote SMTP server. Therefore,
*** this might be a false positive.
Risk factor : High
CVE: CAN-2003-0681, CAN-2003-0694
BID: 8641, 8649
Other references : RHSA:RHSA-2003:283-01, SuSE:SUSE-SA:2003:040
|
|
Vulnerability |
pop3s (995/tcp) |
The remote host seem to be running a version of OpenSSL which is older than 0.9.6k or 0.9.7c.
There is a heap corruption bug in this version which might be exploited by an
attacker to gain a shell on this host.
Solution : If you are running OpenSSL, Upgrade to version 0.9.6k or 0.9.7c or newer
Risk factor : High
CVE: CAN-2003-0543, CAN-2003-0544, CAN-2003-0545
BID: 8732
Other references : IAVA:2003-A-0015, RHSA:RHSA-2003:291-01, SuSE:SUSE-SA:2003:043
|
|
Warning |
smtp (25/tcp) |
The remote SMTP server answers to the EXPN and/or VRFY commands.
The EXPN command can be used to find the delivery address of mail aliases, or
even the full name of the recipients, and the VRFY command may be used to check the validity of an account.
Your mailer should not allow remote users to use any of these commands,
because it gives them too much information.
Solution : if you are using Sendmail, add the option :
O PrivacyOptions=goaway
in /etc/sendmail.cf.
Risk factor : Low
CVE: CAN-1999-0531
|
|
Informational |
smtp (25/tcp) |
This server could be fingerprinted as being Sendmail 8.12.2
|
|
Informational |
smtp (25/tcp) |
An unknown service is running on this port.
It is usually reserved for SMTP
|
|
Informational |
smtp (25/tcp) |
Remote SMTP server banner :
220 www.website.com ESMTP Sendmail 8.12.3/8.12.3/Debian-7.1; Mon, 16 May 2005 11:01:37 GMT; (No UCE/UBE) logging access from: scanner.sec.alertsite.com(OK)-scanner.sec.alertsite.com [130.94.245.18]
This is probably: Sendmail version 8.12.3
|
|
Informational |
ntp (123/udp) |
It is possible to determine a lot of information about the remote host
by querying the NTP (Network Time Protocol) variables - these include
OS descriptor, and time settings.
It was possible to gather the following information from the remote NTP host :
version='ntpd 4.1.0 Mon Mar 25 23:39:47 UTC 2002 (2)', processor='i686',
system='Linux2.4.28-test1', leap=0, stratum=2, precision=-16,
rootdelay=102.551, rootdispersion=26.997, peer=43744,
refid=207.145.113.115, reftime=0xc632f9c4.b5b48909, poll=10,
clock=0xc632fbf1.d4096feb, state=4, offset=-2.899, frequency=41.483,
jitter=2.403, stability=0.003
Quickfix: Set NTP to restrict default access to ignore all info packets:
restrict default ignore
Risk factor : Low
|
|
|
Scan completed 2005-05-16 07:50:15 GMT-5
|