Network Security: Detailed info on W2K Scans

Subject:	W2K Scans
Date:	Thu, 26 May 2005 15:22:08 +0100

Hi Guys...
Just want to clear something up really....
I am trying to scan a test W2k machine. It is fully patched, Windows update
and Office update are reporting that there are no patches left to install,
critical or non critical, and yet I am getting a couple of critical errors
for TCP445. Following the links contained in the reports, I have manually
downloaded and installed the recommended patches, re-run the tests, but am
still getting the same critical warnings. Nmap reports the port as open, but
not much else. Does this make it a 'false positive'??????
I have unticked the 'optimise tests' and 'safe scans' options, but it has
made no difference...
Any ideas would be welcome as I am a bit stumped...


Martin

Report (inc config) below.... (also Attached in html format.....)


Network Vulnerability Assessment Report 
26.05.2005
Sorted by host names

Session name: isd254    Start Time:     26.05.2005 15:12:17
        Finish Time:    26.05.2005 15:15:44
        Elapsed:        0 day(s) 00:03:26
Total records generated:        27
high severity:  2
Medium severity:        5
informational:  20


Scan configuration

Plugins used in this scan

Id      Name
14645   Xedus directory traversal
10632   Webserver file request parsing
11562   The ScriptLogic service is running
11425   ICQ is installed
12052   ASN.1 parsing vulnerability (828028)
10531   SMB Registry : Win2k Service Pack version
10964   Windows Debugger flaw can Lead to Elevated Privileges (Q320206)
10914   Local users information : Never changed password
12006   Web3000 detection
11145   Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
14668   Mozilla/Firefox security manager certificate handling DoS
11325   Word can lead to Script execution on mail reply
16299   NetBIOS Name Service Reply Information Leakage (824105) (registry
check)
10894   Obtains the lists of users groups
11029   Windows RAS overflow (Q318138)
11191   WM_TIMER Message Handler Privilege Elevation (Q328310)
13844   Multiple flaws in the Opera web browser (2)
11693   PFTP clear-text passwords
10907   Guest belongs to a group
10693   NTLMSSP Privilege Escalation
17162   Sybase SQL Blank Password
11831   Word Macros may run automatically
10829   scan for UPNP hosts
11709   SmartFTP Overflow
11789   Flaw in message handling through utility mgr
10033   CA Unicenter's Transport Service is running
10519   Telnet Client NTLM Authentication Vulnerability
10553   SMB Registry : permissions of WinVNC's key
13637   Utility Manager Could Allow Code Execution (842526)
15458   Microsoft Excel Code Execution (886836)
15465   MS NNTP Vulnerability (883935)
14597   WS_FTP client weak stored password
16332   Vulnerability in Microsoft Office XP could allow Remote Code
Execution (873352)
10456   SMB enum services
14270   ISS BlackICE Vulnerable config files
13638   Vulnerability in POSIX could allow code execution (841872)
11485   Flaw in RPC Endpoint Mapper (MS03-010)
14346   Opera Resource Detection
11011   SMB on port 445
14732   Vulnerability in WordPerfect Converter (884933)
15712   Firefox IMG Tag Multiple Vulnerabilities
10905   Users in the 'Print Operator' group
11231   Unchecked Buffer in XP Redirector (Q810577)
14724   Buffer Overrun in JPEG Processing (833987)
10398   SMB get domain SID
12016   MAPQUEST TOOLBAR detection
11886   Vulnerability in Authenticode Verification Could Allow Remote Code
Execution (823182)
15456   Vulnerability in NetDDE Could Allow Code Execution (841533)
11790   Buffer overrun in RPC Interface (824146)
10861   IE 5.01 5.5 6.0 Cumulative patch (890923)
15460   Vulnerability in Windows Shell (841356)
12051   WINS Buffer Overflow (830352)
14686   Trillian MSN Overflow
10674   Microsoft's SQL UDP Info Query
12063   Bagle.B detection
15572   Vulnerability NetDDE Could Allow Code Execution (Netbios Check)
11561   scriptlogic logging share
11212   Unchecked buffer in Locate Service
10806   RPC Endpoint Mapper can Cause RPC Service to Fail
11802   Flaw in Windows Function may allow DoS (823803)
11302   Cumulative patch for Windows Media Player
10426   SMB Registry : permissions of Schedule
14181   Mozilla/Firefox user interface spoofing
10896   Users information : Can't change password
11323   Security issues in the remote version of FlashPlayer
12267   Vulnerability in DirectPlay Could Allow Denial of Service (839643)
10642   SMB Registry : SQL7 Patches
10912   Local users information : Can't change password
11804   Cumulative Patch for MS SQL Server (815495)
11541   Buffer overrun in NT kernel message handling
10913   Local users information : disabled accounts
12298   ADODB.Stream object from Internet Explorer (KB870669)
11900   Opera web browser HREF overflow
11300   Unchecked buffer in Network Share Provider (Q326830)
11990   MDAC Buffer Overflow (832483)
12012   CYDOOR detection
12017   NCASE detection
10401   SMB Registry : NT4 Service Pack version
15714   ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing
(888258)
11178   Unchecked Buffer in PPTP Implementation Could Enable DOS Attacks
(Q329834)
11787   SMB Request Handler Buffer Overflow
10449   SMB Registry : value of SFCDisable
16152   Nullsoft Winamp Multiple Unspecified Vulnerabilities
10895   Users information : automatically disabled accounts
10943   Cumulative Patch for Internet Information Services (Q327696)
12004   VCATCH detection
11147   Unchecked Buffer in Windows Help(Q323255)
14336   Opera Javascript Denial of Service
11921   Buffer Overflow in the Workstation Service (828749)
15860   CuteFTP multiple flaws (2)
10944   MUP overlong request kernel overflow Patch (Q311967)
12070   Netsky.B
11705   LeapFTP Overflow
16193   Anti Virus Check
11997   DSSAGENT detection
14192   Mozilla SOAPParameter Integer Overlow
10893   Obtains the lists of users aliases
11989   Exchange Privilege Escalation (832759)
14198   DrWeb Unspecified buffer overflow
11803   DirectX MIDI Overflow (819696)
11528   Flaw in Microsoft VM (816093)
10734   IrDA access violation patch
12027   Bagle remover
11952   FlashPlayer files reading
11336   Cumulative patches for Excel and Word for Windows
12019   WILDTANGENT detection
10335   Nessus TCP scanner
11426   Kazaa is installed
14254   Vulnerability in Exchange Server 5.5 Outlook Web Access XSS (842436)
15970   WINS Code Execution (870763) (network check)
14197   Firefox Cache File
11534   Microsoft ISA Server Winsock Proxy DoS (MS03-012)
11326   Cumulative VM update
10763   Detect the HTTP RPC endpoint mapper
11710   FlashFXP Overflow
10898   Users information : Never changed password
14638   Opera Empty Embedded Object DoS
15964   Vulnerabilities in HyperTerminal (873339)
11214   Microsoft's SQL Overflows
15963   Vulnerabilities in Windows Kernel and LSASS (885835)
11211   GameSpy detection
10485   Service Control Manager Named Pipe Impersonation patch
11779   FTP server hosting copyrighted material
17161   Sybase TCP/IP listener is running
15457   Security Update for Microsoft Windows (840987)
13855   Installed Windows Hotfixes
10413   SMB Registry : is the remote host a PDC/BDC
10910   Obtains local user information
10900   Users information : Passwords never expires
16230   VERITAS Backup Exec Agent Browser Remote Buffer Overflow
Vulnerability
12011   BETTERINTERNET detection
10563   Incomplete TCP/IP packet vulnerability
12014   FREE COMMUNITY detection
14278   RealPlayer multiple remote overflows
11847   WinMX P2P check
12054   ASN.1 Parsing Vulnerabilities (NTLM check)
10903   Users in the 'System Operator' group
12003   TIMESINK detection
11146   Microsoft RDP flaws could allow sniffing and DOS(Q324380)
15952   Nullsoft Winamp Remote Denial of Service
11995   BONZI BUDDY detection
15455   WebDAV XML Message Handler Denial of Service (824151)
11999   RADIATE detection
11125   mldonkey www
10761   Detect CIS ports
11778   Web Server hosting copyrighted material
10865   Checks for MS HOTFIX for snmp buffer overruns
11845   Overnet P2P check
10499   Local Security Policy Corruption
15926   Sun Java Applet Invocation Version Specification
11885   Buffer Overrun in the ListBox and in the ComboBox (824141)
10431   SMB Registry : missing winreg
12114   ISS BlackICE Vulnerable versions
15789   RealPlayer Skin File Remote Buffer Overflow
11457   SMB Registry : Winlogon caches passwords
12220   * not found in current plugin list *
14247   Opera web browser file download extension spoofing
11992   Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
12076   Trillian remote Overflow
16226   Sun JRE Java Plugin-In Multiple Applet Vulnerabilities
11870   Microsoft's SQL version less than or equal to 7
11329   The remote host is infected by a virus
12204   Microsoft Hotfix for KB835732 IIS SSL check
10404   SMB log in as users
11124   mldonkey telnet
10525   LPC and LPC Ports Vulnerabilities patch
11711   FTP Voyager Overflow
11920   Word and/or Excel may allow arbitrary code to run
14728   Mozilla/Firefox multiple flaws
16192   TrendMicro Anti Virus Check
11832   Visual Basic for Application Overflow
11640   CesarFTP stores passwords in cleartext
15894   Cumulative Security Update for Internet Explorer (889293)
14263   PuTTY SSH2 authentication password persistence weakness
12244   Sun Java Runtime Environment DoS
11119   SMB Registry : XP Service Pack version
10428   SMB fully accessible registry
10615   Malformed PPTP Packet Stream vulnerability
10908   Users in the Domain Admin group
12015   IPINSIGHT detection
11427   LimeWire is installed
16324   Vulnerability in Windows Shell (890047)
10344   Detect the presence of Napster
11818   The remote host is infected by msblast.exe
11868   SMB Registry : permissions of the SNMP key
13852   MS Task Scheduler vulnerability
11756   CuteFTP multiple flaws
12108   Multiple Overflows in WS_FTP client
12205   Microsoft Hotfix KB835732 (registry check)
12005   WEBHANCER detection
11578   Opera remote heap corruption vulnerability
11458   SMB Registry : No dial in
10400   SMB accessible registry
15817   Nullsoft Winamp IN_CDDA.dll Remote Buffer Overflow Vulnerability
10486   Relative Shell Path patch
12001   SaveNOW detection
10835   Unchecked Buffer in XP upnp
11432   Yahoo!Messenger is installed
11777   SMB share hosting copyrighted material
11839   Possible Compromise through a vulnerability in RPC
12092   Vulnerability in Outlook could allow code execution (828040)
17213   Trend Micro VSAPI ARJ Handling Heap Overflow
11143   Exchange 2000 Exhaust CPU Resources (Q320436)
11306   Unchecked buffer in ASP.NET worker process
11506   Quicktime player buffer overflow
11459   SMB Registry : Do not show the last user name
11882   AOL Instant Messenger is Installed
11460   SMB Registry : Classic Logon Screen
10430   SMB Registry : permissions of keys that can lead to admin
10945   Opening Group Policy Files (Q318089)
11215   Flaw in SMB Signing Could Enable Group Policy to be Modified
(329170)
16327   Vulnerability in OLE and COM Could Allow Code Execution (873333)
11304   Unchecked buffer in SQLXML
15965   Vulnerabilities in DHCP (885249) (registry check)
14835   Symantec Norton AntiVirus Version Detection
11883   Gator/GAIN Spyware Installed
16328   Vulnerability in PNG Processing Could Allow Remote Code Execution
(890261)
12286   JS.Scob.Trojan or Download.Ject Trojan
11994   AUREATE detection
15821   Sun JRE Java Plug-in JavaScript Security Restriction Bypass
16085   Mozilla Browser Network News Transport Protocol Remote Heap Overflow
Vulnerability
12209   Microsoft Hotfix for KB835732 (SMB check)
13639   IIS Redirection Vulnerability (841373) (registry check)
11649   Blackmoon FTP stores passwords in cleartext
10567   SMB Registry : permissions of the RAS key
14729   Mozilla/Thunderbird multiple flaws
11022   eDonkey/eMule detection
12111   PhatBOT detection
15820   Van Dyke SecureCRT Remote Command Execution Vulnerability
10860   SMB use host SID to enumerate local users
11105   ARCserve hidden share
12231   RIS Installation Check
15962   WINS Code Execution (870763) (registry check)
11765   scan for UPNP/Tcp hosts
11635   Java Media Framework (JMF) Vulnerability
13640   Task Scheduler Vulnerability (841873)
11683   Cumulative Patch for Internet Information Services (Q11114)
10866   XML Core Services patch (Q318203)
11431   XoloX is installed
10427   SMB Registry : permissions of HKLM
10412   SMB Registry : Autologon
17212   OFF2000: Office Programs Can Browse Restricted Drives (Q302753)
11286   Flaw in WinXP Help center could enable file deletion
16199   Nullsoft Winamp Filename Handler Local Buffer Overrun
11217   Microsoft's SQL Version Query
11433   Microsoft ISA Server DNS - Denial Of Service (MS03-009)
10144   Microsoft SQL TCP/IP listener is running
12000   SAHAGENT detection
11890   Buffer Overrun in Messenger Service (real test)
10946   Gnutella servent detection
10899   Users information : User has never logged in
10940   Windows Terminal Service Enabled
16204   Nullsoft Winamp .WSZ Overflow
11430   WinMX is installed
14236   Putty Modpow integer handling
15408   Firefox Downloaded Files Removal
11867   SMB Registry : permissions of the Microsoft Transaction Server key
11792   Buffer overrun in Windows Shell (821557)
11844   Kazaa P2P check
10395   SMB shares enumeration
14818   Possible GDI+ compromise
10434   NT ResetBrowser frame & HostAnnouncement flood patch
17218   Firefox < 1.0.1
16314   Potentially unwanted software
15996   Windows XP SP2 Firewall Critical Update (886185)
11830   NetBIOS Name Service Reply Information Leakage
10668   Malformed request to index server
10032   CA Unicenter's File Transfer Service is running
12208   Cumulative Update for Outlook Express (837009)
13641   Vulnerability in HTML Help Could Allow Code Execution (840315)
11322   MS SQL Installation may leave passwords on system
14646   Xedus Denial of Service
11616   DBTools DBManager Information Disclosure
10906   Users in the 'Replicator' group
14644   Xedus detection
11144   Flaw in Certificate Enrollment Control (Q323172)
10926   IE VBScript Handling patch (Q318089)
11301   Unchecked buffer in MDAC Function
12215   Sophos Anti Virus Check
12090   Windows Media Services Remote Denial of Service
10736   DCE Services Enumeration
11330   MS SQL7.0 Service Pack may leave passwords on system
15822   SecureCRT SSH1 protocol version string overflow
16325   Vulnerability in the License Logging Service (885834)
11774   Windows Media Player Library Access
12091   MSN Messenger Information Disclosure
11892   Citrix redirection bug
11530   WinAMP3 buffer overflow
10897   Users information : disabled accounts
14261   Opera remote location object cross-domain scripting vulnerability
12207   Microsoft Hotfix KB837001 (registry check)
10482   NetBIOS Name Server Protocol Spoofing patch
12206   Microsoft Hotfix KB828741 (registry check)
10180   Ping the remote host
15432   Mozilla/Firefox default installation file permission flaw
15467   Vulnerability in RPC Runtime Library Could Allow Information
Disclosure and Denial of Service (873350)
16337   Vulnerability in Windows Could Allow Information Disclosure (888302)
(network check)
12028   WindowsUpdate disabled
10892   Obtains user information
12233   eMule Plus Web Server detection
10432   SMB Registry : permissions of keys that can change common paths
15395   RealPlayer Remote Vulnerabilities
10911   Local users information : automatically disabled accounts
12010   BARGAINBUDDY detection
16326   Vulnerability in SMB may allow remote code execution (885250)
12642   Mozilla/Firefox code execution
14248   Opera web browser large javaScript array handling vulnerability
10397   SMB LanMan Pipe Server browse listing
10901   Users in the 'Account Operator' group
11583   Microsoft Shlwapi.dll Malformed HTML form tag DoS
12226   Quicktime player/plug-in Heap overflow
10433   NT IP fragment reassembly patch not applied (jolt2)
14235   Opera web browser URI obfuscation
10902   Users in the Admin group
10457   The alerter service is running
11454   SMB log in with W32/Deloder passwords
10458   The messenger service is running
12106   Norton Anti Virus Check
11631   Drag And Zip Overflow
11595   Windows Media Player Skin Download Overflow
11091   Windows Network Manager Privilege Elevation (Q326886)
16333   ASP.NET Path Validation Vulnerability (887219)
11846   shareaza P2P check
10399   SMB use domain SID to enumerate users
17254   RealPlayer Multiple Remote Overflows
11887   Buffer Overflow in Windows Troubleshooter ActiveX Control (826232)
11878   Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
11967   DameWare Mini Remote Control Service Installed
12018   POWER SEARCH detection
14249   Opera web browser news url denial of service vulnerability
11696   IRCXPro Clear Text Passwords
12044   RealPlayer File Handler Code Execution
14244   Opera web browser address bar spoofing weakness
11148   Unchecked Buffer in Decompression Functions(Q329048)
12055   ASN.1 Parsing Vulnerabilities (HTTP check)
16124   Cursor and Icon Format Handling Code Execution (891711) (registry
check)
16123   HTML Help Code Execution (890175) (registry check)
10394   SMB log in
11428   Trillian is installed
11413   Unchecked Buffer in ntdll.dll (Q815021)
10396   SMB shares access
14647   Xedus XSS
11888   Buffer Overrun in Messenger Service (828035)
12013   DOWNLOADWARE detection
17163   Sybase Adaptive Server Enterprise Unspecified Vulnerability
12002   LOP.COM detection
10751   Kazaa / Morpheus Client Detection
10785   SMB NativeLanMan
16331   Vulnerability in Windows Could Allow Information Disclosure (888302)
11496   RealPlayer PNG deflate heap corruption
11625   DrWeb Folder Name Overflow
14250   Opera skin zip file buffer overflow vulnerability
10915   Local users information : User has never logged on
11363   Gupta SQLBase EXECUTE buffer overflow
12107   McAfee Anti Virus Check
17159   PuTTY Multiple Integer Overflow Vulnerablities
11404   Multiple flaws in the Opera web browser
12235   Microsoft Help Center Remote Code Execution (840374)
14246   Opera relative path directory traversal file corruption
vulnerability
16330   Vulnerability in the Hyperlink Object Library may allow code
execution (888113)
10673   Microsoft's SQL Blank Password
11993   Check for a Yahoo Messenger Instance
10904   Users in the 'Backup Operator' group
11423   Flaw in Windows Script Engine (Q814078)
11996   BRILLIANT DIGITAL detection
11429   Windows Messenger is installed
15966   Vulnerabilities in WordPad (885836)
10619   Malformed request to domain controller
11928   Buffer Overrun in Windows Help (825119)
10916   Local users information : Passwords never expires
13751   Direct Connect hub detection
11307   Unchecked buffer in Windows Shell
14262   PuTTY window title escape character arbitrary command execution
10555   Domain account lockout vulnerability
10859   SMB get host SID
11366   Trusting domains bad verification
13642   Buffer overrun in Windows Shell (839645)
11998   GATOR detection
11177   Flaw in Microsoft VM Could Allow Code Execution (810030)
14245   Opera web browser address bar spoofing weakness (2)
10509   Malformed RPC Packet patch
15912   WINS Buffer Overflow (830352 - netbios check)
10504   Still Image Service Privilege Escalation patch
16125   Indexing Service Code Execution (871250) (registry check)
11067   Microsoft's SQL Hello Overflow
15834   Open DC Hub Remote Buffer Overflow Vulnerability
11922   Opera Multiple MIME Type File Dropping Weaknesses
16329   Vulnerability in the DHTML Editing Component may allow code
execution (891781)
13643   Cumulative Security Update for Outlook Express (823353)
11572   Multiple ICQ Vulnerabilities
10150   Using NetBIOS to retrieve information from a Windows host
10524   SMB Windows9x password verification vulnerability
15459   Vulnerability in zipped folders may allow code execution (873376)
10603   Winsock Mutex vulnerability
10429   SMB Registry : permissions of winlogon
11194   Unchecked Buffer in XP Shell Could Enable System Compromise (329390)
11309   Winreg registry key writeable by non-admins
10862   Microsoft's SQL Server Brute Force

Preferences settings for this scan

max_hosts               16
max_checks              10
log_whole_attack                yes
cgi_path                /cgi-bin
port_range              1-65535
optimize_test           no
language                english
checks_read_timeout             5
non_simult_ports                139, 445
plugins_timeout         320
safe_checks             no
auto_enable_dependencies                yes
silent_dependencies             yes
use_mac_addr            no
save_knowledge_base             yes
kb_restore              no
only_test_hosts_whose_kb_we_dont_have           no
only_test_hosts_whose_kb_we_have                no
kb_dont_replay_scanners         no
kb_dont_replay_info_gathering           no
kb_dont_replay_attacks          no
kb_dont_replay_denials          no
kb_max_age              864000
plugin_upload           no
plugin_upload_suffixes          .nasl, .inc
slice_network_addresses         no
ntp_save_sessions               yes
ntp_detached_sessions           yes
server_info_nessusd_version             2.2.4
server_info_libnasl_version             2.2.4
server_info_libnessus_version           2.2.4
server_info_thread_manager              fork
server_info_os          Linux
server_info_os_version          2.6.5-7.97-smp
reverse_lookup          no
ntp_keep_communication_alive            yes
ntp_opt_show_end                yes
save_session            yes
detached_scan           no
continuous_scan         no


Summary of scanned hosts

Host    Holes   Warnings        Open ports      State
163.119.247.41  2       5       10      Finished


163.119.247.41

Service Severity        Description
epmap (135/tcp) 
Info
        Port is open
netbios-ssn (139/tcp)   
Info
        Port is open
microsoft-ds (445/tcp)  
Info
        Port is open
fpitp (1045/tcp)        
Info
        Port is open
syscomlan (1065/tcp)    
Info
        Port is open
hppronetman (3908/tcp)  
Info
        Port is open
unknown (5764/tcp)      
Info
        Port is open
unknown (8040/tcp)      
Info
        Port is open
unknown (5763/tcp)      
Info
        Port is open
netbios-ns (137/udp)    
Info
        Port is open
microsoft-ds (445/tcp)  
High
        
The remote host is running a version of Internet Explorer 6 SP1 which is
vulnerable to a vulnerability which may allow an attacker to execute
arbitrary
code on the remote host.

To exploit this flaw, an attacker would need to lure a victim on the remote
system into visiting a rogue website.

See http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
Risk factor : High
CVE : CAN-2004-1050
Other references : IAVA:2004-A-0020
microsoft-ds (445/tcp)  
High
        
The remote host has a version of Outlook express which has a bug in its
MHTML URL processor, which may allow an attacker to execute arbitrary
code on this host.

To exploit this flaw, an attacker would need to send a malformed email to
a user of this host using Outlook, or would need to lure him into visiting
a rogue website.

Solution : http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx
Risk factor : High
CVE : CAN-2004-0380
BID : 9105, 9107, 9658
Other references : IAVA:2004-A-0009
netbios-ns (137/udp)    
Medium
        The following 7 NetBIOS names have been gathered :
ISD254
LBS_NT
LBS_NT
ISD254
ISD254
ISD254$
MMACLEOD
The remote host has the following MAC address on its adapter :
00:c0:4f:17:91:65

If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.

Risk factor : Medium
CVE : CAN-1999-0621
microsoft-ds (445/tcp)  
Medium
        Here is the list of the SMB shares of this host :

IPC$
ADMIN$
C$


This is potentially dangerous as this may help the attack
of a potential hacker.

Solution : filter incoming traffic to this port
Risk factor : Medium
epmap (135/tcp) 
Medium
        
Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate
queries.

An attacker may use this fact to gain more knowledge
about the remote host.

Solution : filter incoming traffic to this port.
Risk factor : Low
microsoft-ds (445/tcp)  
Medium
        
The remote host is missing a cumulative security update for Outlook Express
which fixes a denial of service vulnerability in the Outlook Express mail
client.

To exploit this vulnerability, an attacker would need to send a malformed
message to a victim on the remote host. The message will crash her version
of Outlook, thus preventing her from reading her e-mail.

Solution : http://www.microsoft.com/technet/security/bulletin/ms04-018.mspx
Risk factor : Medium
CVE : CAN-2004-0215
BID : 10711
microsoft-ds (445/tcp)  
Medium
        
The remote version of Windows contains a flaw which may allow an attacker
to cause it to disclose information over the use of a named pipe through
a NULL session.

An attacker may exploit this flaw to gain more knowledge about the
remote host.

Solution : http://www.microsoft.com/technet/security/bulletin/MS05-007.mspx
Risk factor : Low
CVE : CAN-2005-0051
BID : 12486
microsoft-ds (445/tcp)  
Info
        
The remote registry can be accessed remotely using the login / password
combination used for the SMB tests.
microsoft-ds (445/tcp)  
Info
        The remote Windows 2000 system has Service Pack 4 applied.

CVE : CAN-1999-0662
BID : 7930, 8090, 8128, 8154
microsoft-ds (445/tcp)  
Info
        - NULL sessions are enabled on the remote host
- The SMB tests will be done as 'nessustest'/'******'
CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222, CAN-1999-0505,
CAN-2002-1117
BID : 494, 990, 11199
netbios-ssn (139/tcp)   
Info
        An SMB server is running on this port
microsoft-ds (445/tcp)  
Info
        Computer Browser [ Browser ]
DHCP Client [ Dhcp ]
Logical Disk Manager [ dmserver ]
DNS Client [ Dnscache ]
Event Log [ Eventlog ]
COM+ Event System [ EventSystem ]
HP ProCurve Datastore [ HP ProCurve Datastore ]
HP ProCurve Network Manager Server [ HP ProCurve Network Manager Server ]
HP ProCurve Traffic Launch Service [ HPTLS ]
Server [ lanmanserver ]
Workstation [ lanmanworkstation ]
TCP/IP NetBIOS Helper Service [ LmHosts ]
Messenger [ Messenger ]
Net Logon [ Netlogon ]
Network Connections [ Netman ]
Removable Storage [ NtmsSvc ]
Plug and Play [ PlugPlay ]
IPSEC Policy Agent [ PolicyAgent ]
Protected Storage [ ProtectedStorage ]
Remote Access Connection Manager [ RasMan ]
Remote Registry Service [ RemoteRegistry ]
Remote Procedure Call (RPC) [ RpcSs ]
Security Accounts Manager [ SamSs ]
Task Scheduler [ Schedule ]
RunAs Service [ seclogon ]
System Event Notification [ SENS ]
Print Spooler [ Spooler ]
Telephony [ TapiSrv ]
Distributed Link Tracking Client [ TrkWks ]
Windows Time [ W32Time ]
Windows Management Instrumentation [ WinMgmt ]
Windows Management Instrumentation Driver Extensions [ Wmi ]
Automatic Updates [ wuauserv ]

You should turn off the services you do not use.
This list is useful to an attacker, who can make his attack
more silent by not portscanning this host.

Solution : To prevent the listing of the services for being
obtained, you should either have tight login restrictions,
so that only trusted users can access your host, and/or you
should filter incoming traffic to this port.

Risk factor : Low
microsoft-ds (445/tcp)  
Info
        

The registry key
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount
is non-null. It means that the remote host locally caches the passwords
of the users when they log in, in order to continue to allow the users
to log in in the case of the failure of the PDC.


Solution : use regedt32 and set the value of this key to 0
Risk factor : Low
microsoft-ds (445/tcp)  
Info
        The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : LBS_NT

general/tcp     
Info
        The following users are in the local administrator group :

. Administrator (User)
. Domain Admins (Group)


You should make sure that only the proper users are member of this
group
Risk factor : Low
microsoft-ds (445/tcp)  
Info
        A CIFS server is running on this port
fpitp (1045/tcp)        
Info
        Distributed Computing Environment (DCE) services running on the
remote host
can be enumerated by connecting on port 135 and doing the appropriate
queries.

An attacker may use this fact to gain more knowledge
about the remote host.


Here is the list of DCE services running on this port:

UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:163.119.247.41[1045]
Named pipe : atsvc
Win32 service or process : mstask.exe
Description : Scheduler service

UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:163.119.247.41[1045]



Solution : filter incoming traffic to this port.
Risk factor : Low

Network Vulnerability Assessment Report

26.05.2005

Sorted by host names

Session name: isd254	Start Time:	26.05.2005 15:12:17
	Finish Time:	26.05.2005 15:15:44
	Elapsed:	0 day(s) 00:03:26

Total records generated:	27
high severity:	2
Medium severity:	5
informational:	20

Scan configuration

Plugins used in this scan

Id	Name
14645	Xedus directory traversal
10632	Webserver file request parsing
11562	The ScriptLogic service is running
11425	ICQ is installed
12052	ASN.1 parsing vulnerability (828028)
10531	SMB Registry : Win2k Service Pack version
10964	Windows Debugger flaw can Lead to Elevated Privileges (Q320206)
10914	Local users information : Never changed password
12006	Web3000 detection
11145	Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
14668	Mozilla/Firefox security manager certificate handling DoS
11325	Word can lead to Script execution on mail reply
16299	NetBIOS Name Service Reply Information Leakage (824105) (registry check)
10894	Obtains the lists of users groups
11029	Windows RAS overflow (Q318138)
11191	WM_TIMER Message Handler Privilege Elevation (Q328310)
13844	Multiple flaws in the Opera web browser (2)
11693	PFTP clear-text passwords
10907	Guest belongs to a group
10693	NTLMSSP Privilege Escalation
17162	Sybase SQL Blank Password
11831	Word Macros may run automatically
10829	scan for UPNP hosts
11709	SmartFTP Overflow
11789	Flaw in message handling through utility mgr
10033	CA Unicenter's Transport Service is running
10519	Telnet Client NTLM Authentication Vulnerability
10553	SMB Registry : permissions of WinVNC's key
13637	Utility Manager Could Allow Code Execution (842526)
15458	Microsoft Excel Code Execution (886836)
15465	MS NNTP Vulnerability (883935)
14597	WS_FTP client weak stored password
16332	Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)
10456	SMB enum services
14270	ISS BlackICE Vulnerable config files
13638	Vulnerability in POSIX could allow code execution (841872)
11485	Flaw in RPC Endpoint Mapper (MS03-010)
14346	Opera Resource Detection
11011	SMB on port 445
14732	Vulnerability in WordPerfect Converter (884933)
15712	Firefox IMG Tag Multiple Vulnerabilities
10905	Users in the 'Print Operator' group
11231	Unchecked Buffer in XP Redirector (Q810577)
14724	Buffer Overrun in JPEG Processing (833987)
10398	SMB get domain SID
12016	MAPQUEST TOOLBAR detection
11886	Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)
15456	Vulnerability in NetDDE Could Allow Code Execution (841533)
11790	Buffer overrun in RPC Interface (824146)
10861	IE 5.01 5.5 6.0 Cumulative patch (890923)
15460	Vulnerability in Windows Shell (841356)
12051	WINS Buffer Overflow (830352)
14686	Trillian MSN Overflow
10674	Microsoft's SQL UDP Info Query
12063	Bagle.B detection
15572	Vulnerability NetDDE Could Allow Code Execution (Netbios Check)
11561	scriptlogic logging share
11212	Unchecked buffer in Locate Service
10806	RPC Endpoint Mapper can Cause RPC Service to Fail
11802	Flaw in Windows Function may allow DoS (823803)
11302	Cumulative patch for Windows Media Player
10426	SMB Registry : permissions of Schedule
14181	Mozilla/Firefox user interface spoofing
10896	Users information : Can't change password
11323	Security issues in the remote version of FlashPlayer
12267	Vulnerability in DirectPlay Could Allow Denial of Service (839643)
10642	SMB Registry : SQL7 Patches
10912	Local users information : Can't change password
11804	Cumulative Patch for MS SQL Server (815495)
11541	Buffer overrun in NT kernel message handling
10913	Local users information : disabled accounts
12298	ADODB.Stream object from Internet Explorer (KB870669)
11900	Opera web browser HREF overflow
11300	Unchecked buffer in Network Share Provider (Q326830)
11990	MDAC Buffer Overflow (832483)
12012	CYDOOR detection
12017	NCASE detection
10401	SMB Registry : NT4 Service Pack version
15714	ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
11178	Unchecked Buffer in PPTP Implementation Could Enable DOS Attacks (Q329834)
11787	SMB Request Handler Buffer Overflow
10449	SMB Registry : value of SFCDisable
16152	Nullsoft Winamp Multiple Unspecified Vulnerabilities
10895	Users information : automatically disabled accounts
10943	Cumulative Patch for Internet Information Services (Q327696)
12004	VCATCH detection
11147	Unchecked Buffer in Windows Help(Q323255)
14336	Opera _javascript_ Denial of Service
11921	Buffer Overflow in the Workstation Service (828749)
15860	CuteFTP multiple flaws (2)
10944	MUP overlong request kernel overflow Patch (Q311967)
12070	Netsky.B
11705	LeapFTP Overflow
16193	Anti Virus Check
11997	DSSAGENT detection
14192	Mozilla SOAPParameter Integer Overlow
10893	Obtains the lists of users aliases
11989	Exchange Privilege Escalation (832759)
14198	DrWeb Unspecified buffer overflow
11803	DirectX MIDI Overflow (819696)
11528	Flaw in Microsoft VM (816093)
10734	IrDA access violation patch
12027	Bagle remover
11952	FlashPlayer files reading
11336	Cumulative patches for Excel and Word for Windows
12019	WILDTANGENT detection
10335	Nessus TCP scanner
11426	Kazaa is installed
14254	Vulnerability in Exchange Server 5.5 Outlook Web Access XSS (842436)
15970	WINS Code Execution (870763) (network check)
14197	Firefox Cache File
11534	Microsoft ISA Server Winsock Proxy DoS (MS03-012)
11326	Cumulative VM update
10763	Detect the HTTP RPC endpoint mapper
11710	FlashFXP Overflow
10898	Users information : Never changed password
14638	Opera Empty Embedded Object DoS
15964	Vulnerabilities in HyperTerminal (873339)
11214	Microsoft's SQL Overflows
15963	Vulnerabilities in Windows Kernel and LSASS (885835)
11211	GameSpy detection
10485	Service Control Manager Named Pipe Impersonation patch
11779	FTP server hosting copyrighted material
17161	Sybase TCP/IP listener is running
15457	Security Update for Microsoft Windows (840987)
13855	Installed Windows Hotfixes
10413	SMB Registry : is the remote host a PDC/BDC
10910	Obtains local user information
10900	Users information : Passwords never expires
16230	VERITAS Backup Exec Agent Browser Remote Buffer Overflow Vulnerability
12011	BETTERINTERNET detection
10563	Incomplete TCP/IP packet vulnerability
12014	FREE COMMUNITY detection
14278	RealPlayer multiple remote overflows
11847	WinMX P2P check
12054	ASN.1 Parsing Vulnerabilities (NTLM check)
10903	Users in the 'System Operator' group
12003	TIMESINK detection
11146	Microsoft RDP flaws could allow sniffing and DOS(Q324380)
15952	Nullsoft Winamp Remote Denial of Service
11995	BONZI BUDDY detection
15455	WebDAV XML Message Handler Denial of Service (824151)
11999	RADIATE detection
11125	mldonkey www
10761	Detect CIS ports
11778	Web Server hosting copyrighted material
10865	Checks for MS HOTFIX for snmp buffer overruns
11845	Overnet P2P check
10499	Local Security Policy Corruption
15926	Sun Java Applet Invocation Version Specification
11885	Buffer Overrun in the ListBox and in the ComboBox (824141)
10431	SMB Registry : missing winreg
12114	ISS BlackICE Vulnerable versions
15789	RealPlayer Skin File Remote Buffer Overflow
11457	SMB Registry : Winlogon caches passwords
12220	* not found in current plugin list *
14247	Opera web browser file download extension spoofing
11992	Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
12076	Trillian remote Overflow
16226	Sun JRE Java Plugin-In Multiple Applet Vulnerabilities
11870	Microsoft's SQL version less than or equal to 7
11329	The remote host is infected by a virus
12204	Microsoft Hotfix for KB835732 IIS SSL check
10404	SMB log in as users
11124	mldonkey telnet
10525	LPC and LPC Ports Vulnerabilities patch
11711	FTP Voyager Overflow
11920	Word and/or Excel may allow arbitrary code to run
14728	Mozilla/Firefox multiple flaws
16192	TrendMicro Anti Virus Check
11832	Visual Basic for Application Overflow
11640	CesarFTP stores passwords in cleartext
15894	Cumulative Security Update for Internet Explorer (889293)
14263	PuTTY SSH2 authentication password persistence weakness
12244	Sun Java Runtime Environment DoS
11119	SMB Registry : XP Service Pack version
10428	SMB fully accessible registry
10615	Malformed PPTP Packet Stream vulnerability
10908	Users in the Domain Admin group
12015	IPINSIGHT detection
11427	LimeWire is installed
16324	Vulnerability in Windows Shell (890047)
10344	Detect the presence of Napster
11818	The remote host is infected by msblast.exe
11868	SMB Registry : permissions of the SNMP key
13852	MS Task Scheduler vulnerability
11756	CuteFTP multiple flaws
12108	Multiple Overflows in WS_FTP client
12205	Microsoft Hotfix KB835732 (registry check)
12005	WEBHANCER detection
11578	Opera remote heap corruption vulnerability
11458	SMB Registry : No dial in
10400	SMB accessible registry
15817	Nullsoft Winamp IN_CDDA.dll Remote Buffer Overflow Vulnerability
10486	Relative Shell Path patch
12001	SaveNOW detection
10835	Unchecked Buffer in XP upnp
11432	Yahoo!Messenger is installed
11777	SMB share hosting copyrighted material
11839	Possible Compromise through a vulnerability in RPC
12092	Vulnerability in Outlook could allow code execution (828040)
17213	Trend Micro VSAPI ARJ Handling Heap Overflow
11143	Exchange 2000 Exhaust CPU Resources (Q320436)
11306	Unchecked buffer in ASP.NET worker process
11506	Quicktime player buffer overflow
11459	SMB Registry : Do not show the last user name
11882	AOL Instant Messenger is Installed
11460	SMB Registry : Classic Logon Screen
10430	SMB Registry : permissions of keys that can lead to admin
10945	Opening Group Policy Files (Q318089)
11215	Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)
16327	Vulnerability in OLE and COM Could Allow Code Execution (873333)
11304	Unchecked buffer in SQLXML
15965	Vulnerabilities in DHCP (885249) (registry check)
14835	Symantec Norton AntiVirus Version Detection
11883	Gator/GAIN Spyware Installed
16328	Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)
12286	JS.Scob.Trojan or Download.Ject Trojan
11994	AUREATE detection
15821	Sun JRE Java Plug-in _javascript_ Security Restriction Bypass
16085	Mozilla Browser Network News Transport Protocol Remote Heap Overflow Vulnerability
12209	Microsoft Hotfix for KB835732 (SMB check)
13639	IIS Redirection Vulnerability (841373) (registry check)
11649	Blackmoon FTP stores passwords in cleartext
10567	SMB Registry : permissions of the RAS key
14729	Mozilla/Thunderbird multiple flaws
11022	eDonkey/eMule detection
12111	PhatBOT detection
15820	Van Dyke SecureCRT Remote Command Execution Vulnerability
10860	SMB use host SID to enumerate local users
11105	ARCserve hidden share
12231	RIS Installation Check
15962	WINS Code Execution (870763) (registry check)
11765	scan for UPNP/Tcp hosts
11635	Java Media Framework (JMF) Vulnerability
13640	Task Scheduler Vulnerability (841873)
11683	Cumulative Patch for Internet Information Services (Q11114)
10866	XML Core Services patch (Q318203)
11431	XoloX is installed
10427	SMB Registry : permissions of HKLM
10412	SMB Registry : Autologon
17212	OFF2000: Office Programs Can Browse Restricted Drives (Q302753)
11286	Flaw in WinXP Help center could enable file deletion
16199	Nullsoft Winamp Filename Handler Local Buffer Overrun
11217	Microsoft's SQL Version Query
11433	Microsoft ISA Server DNS - Denial Of Service (MS03-009)
10144	Microsoft SQL TCP/IP listener is running
12000	SAHAGENT detection
11890	Buffer Overrun in Messenger Service (real test)
10946	Gnutella servent detection
10899	Users information : User has never logged in
10940	Windows Terminal Service Enabled
16204	Nullsoft Winamp .WSZ Overflow
11430	WinMX is installed
14236	Putty Modpow integer handling
15408	Firefox Downloaded Files Removal
11867	SMB Registry : permissions of the Microsoft Transaction Server key
11792	Buffer overrun in Windows Shell (821557)
11844	Kazaa P2P check
10395	SMB shares enumeration
14818	Possible GDI+ compromise
10434	NT ResetBrowser frame & HostAnnouncement flood patch
17218	Firefox < 1.0.1
16314	Potentially unwanted software
15996	Windows XP SP2 Firewall Critical Update (886185)
11830	NetBIOS Name Service Reply Information Leakage
10668	Malformed request to index server
10032	CA Unicenter's File Transfer Service is running
12208	Cumulative Update for Outlook Express (837009)
13641	Vulnerability in HTML Help Could Allow Code Execution (840315)
11322	MS SQL Installation may leave passwords on system
14646	Xedus Denial of Service
11616	DBTools DBManager Information Disclosure
10906	Users in the 'Replicator' group
14644	Xedus detection
11144	Flaw in Certificate Enrollment Control (Q323172)
10926	IE VBScript Handling patch (Q318089)
11301	Unchecked buffer in MDAC Function
12215	Sophos Anti Virus Check
12090	Windows Media Services Remote Denial of Service
10736	DCE Services Enumeration
11330	MS SQL7.0 Service Pack may leave passwords on system
15822	SecureCRT SSH1 protocol version string overflow
16325	Vulnerability in the License Logging Service (885834)
11774	Windows Media Player Library Access
12091	MSN Messenger Information Disclosure
11892	Citrix redirection bug
11530	WinAMP3 buffer overflow
10897	Users information : disabled accounts
14261	Opera remote location object cross-domain scripting vulnerability
12207	Microsoft Hotfix KB837001 (registry check)
10482	NetBIOS Name Server Protocol Spoofing patch
12206	Microsoft Hotfix KB828741 (registry check)
10180	Ping the remote host
15432	Mozilla/Firefox default installation file permission flaw
15467	Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350)
16337	Vulnerability in Windows Could Allow Information Disclosure (888302) (network check)
12028	WindowsUpdate disabled
10892	Obtains user information
12233	eMule Plus Web Server detection
10432	SMB Registry : permissions of keys that can change common paths
15395	RealPlayer Remote Vulnerabilities
10911	Local users information : automatically disabled accounts
12010	BARGAINBUDDY detection
16326	Vulnerability in SMB may allow remote code execution (885250)
12642	Mozilla/Firefox code execution
14248	Opera web browser large _javascript_ array handling vulnerability
10397	SMB LanMan Pipe Server browse listing
10901	Users in the 'Account Operator' group
11583	Microsoft Shlwapi.dll Malformed HTML form tag DoS
12226	Quicktime player/plug-in Heap overflow
10433	NT IP fragment reassembly patch not applied (jolt2)
14235	Opera web browser URI obfuscation
10902	Users in the Admin group
10457	The alerter service is running
11454	SMB log in with W32/Deloder passwords
10458	The messenger service is running
12106	Norton Anti Virus Check
11631	Drag And Zip Overflow
11595	Windows Media Player Skin Download Overflow
11091	Windows Network Manager Privilege Elevation (Q326886)
16333	ASP.NET Path Validation Vulnerability (887219)
11846	shareaza P2P check
10399	SMB use domain SID to enumerate users
17254	RealPlayer Multiple Remote Overflows
11887	Buffer Overflow in Windows Troubleshooter ActiveX Control (826232)
11878	Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
11967	DameWare Mini Remote Control Service Installed
12018	POWER SEARCH detection
14249	Opera web browser news url denial of service vulnerability
11696	IRCXPro Clear Text Passwords
12044	RealPlayer File Handler Code Execution
14244	Opera web browser address bar spoofing weakness
11148	Unchecked Buffer in Decompression Functions(Q329048)
12055	ASN.1 Parsing Vulnerabilities (HTTP check)
16124	Cursor and Icon Format Handling Code Execution (891711) (registry check)
16123	HTML Help Code Execution (890175) (registry check)
10394	SMB log in
11428	Trillian is installed
11413	Unchecked Buffer in ntdll.dll (Q815021)
10396	SMB shares access
14647	Xedus XSS
11888	Buffer Overrun in Messenger Service (828035)
12013	DOWNLOADWARE detection
17163	Sybase Adaptive Server Enterprise Unspecified Vulnerability
12002	LOP.COM detection
10751	Kazaa / Morpheus Client Detection
10785	SMB NativeLanMan
16331	Vulnerability in Windows Could Allow Information Disclosure (888302)
11496	RealPlayer PNG deflate heap corruption
11625	DrWeb Folder Name Overflow
14250	Opera skin zip file buffer overflow vulnerability
10915	Local users information : User has never logged on
11363	Gupta SQLBase EXECUTE buffer overflow
12107	McAfee Anti Virus Check
17159	PuTTY Multiple Integer Overflow Vulnerablities
11404	Multiple flaws in the Opera web browser
12235	Microsoft Help Center Remote Code Execution (840374)
14246	Opera relative path directory traversal file corruption vulnerability
16330	Vulnerability in the Hyperlink Object Library may allow code execution (888113)
10673	Microsoft's SQL Blank Password
11993	Check for a Yahoo Messenger Instance
10904	Users in the 'Backup Operator' group
11423	Flaw in Windows Script Engine (Q814078)
11996	BRILLIANT DIGITAL detection
11429	Windows Messenger is installed
15966	Vulnerabilities in WordPad (885836)
10619	Malformed request to domain controller
11928	Buffer Overrun in Windows Help (825119)
10916	Local users information : Passwords never expires
13751	Direct Connect hub detection
11307	Unchecked buffer in Windows Shell
14262	PuTTY window title escape character arbitrary command execution
10555	Domain account lockout vulnerability
10859	SMB get host SID
11366	Trusting domains bad verification
13642	Buffer overrun in Windows Shell (839645)
11998	GATOR detection
11177	Flaw in Microsoft VM Could Allow Code Execution (810030)
14245	Opera web browser address bar spoofing weakness (2)
10509	Malformed RPC Packet patch
15912	WINS Buffer Overflow (830352 - netbios check)
10504	Still Image Service Privilege Escalation patch
16125	Indexing Service Code Execution (871250) (registry check)
11067	Microsoft's SQL Hello Overflow
15834	Open DC Hub Remote Buffer Overflow Vulnerability
11922	Opera Multiple MIME Type File Dropping Weaknesses
16329	Vulnerability in the DHTML Editing Component may allow code execution (891781)
13643	Cumulative Security Update for Outlook Express (823353)
11572	Multiple ICQ Vulnerabilities
10150	Using NetBIOS to retrieve information from a Windows host
10524	SMB Windows9x password verification vulnerability
15459	Vulnerability in zipped folders may allow code execution (873376)
10603	Winsock Mutex vulnerability
10429	SMB Registry : permissions of winlogon
11194	Unchecked Buffer in XP Shell Could Enable System Compromise (329390)
11309	Winreg registry key writeable by non-admins
10862	Microsoft's SQL Server Brute Force

Preferences settings for this scan

max_hosts		16
max_checks		10
log_whole_attack		yes
cgi_path		/cgi-bin
port_range		1-65535
optimize_test		no
language		english
checks_read_timeout		5
non_simult_ports		139, 445
plugins_timeout		320
safe_checks		no
auto_enable_dependencies		yes
silent_dependencies		yes
use_mac_addr		no
save_knowledge_base		yes
kb_restore		no
only_test_hosts_whose_kb_we_dont_have		no
only_test_hosts_whose_kb_we_have		no
kb_dont_replay_scanners		no
kb_dont_replay_info_gathering		no
kb_dont_replay_attacks		no
kb_dont_replay_denials		no
kb_max_age		864000
plugin_upload		no
plugin_upload_suffixes		.nasl, .inc
slice_network_addresses		no
ntp_save_sessions		yes
ntp_detached_sessions		yes
server_info_nessusd_version		2.2.4
server_info_libnasl_version		2.2.4
server_info_libnessus_version		2.2.4
server_info_thread_manager		fork
server_info_os		Linux
server_info_os_version		2.6.5-7.97-smp
reverse_lookup		no
ntp_keep_communication_alive		yes
ntp_opt_show_end		yes
save_session		yes
detached_scan		no
continuous_scan		no

Summary of scanned hosts

Host	Holes	Warnings	Open ports	State
163.119.247.41	2	5	10	Finished

163.119.247.41

Service	Severity	Description
epmap (135/tcp)	Info	Port is open
netbios-ssn (139/tcp)	Info	Port is open
microsoft-ds (445/tcp)	Info	Port is open
fpitp (1045/tcp)	Info	Port is open
syscomlan (1065/tcp)	Info	Port is open
hppronetman (3908/tcp)	Info	Port is open
unknown (5764/tcp)	Info	Port is open
unknown (8040/tcp)	Info	Port is open
unknown (5763/tcp)	Info	Port is open
netbios-ns (137/udp)	Info	Port is open
microsoft-ds (445/tcp)	High	The remote host is running a version of Internet Explorer 6 SP1 which is vulnerable to a vulnerability which may allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to lure a victim on the remote system into visiting a rogue website. See http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx Risk factor : High CVE : CAN-2004-1050 Other references : IAVA:2004-A-0020
microsoft-ds (445/tcp)	High	The remote host has a version of Outlook express which has a bug in its MHTML URL processor, which may allow an attacker to execute arbitrary code on this host. To exploit this flaw, an attacker would need to send a malformed email to a user of this host using Outlook, or would need to lure him into visiting a rogue website. Solution : http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx Risk factor : High CVE : CAN-2004-0380 BID : 9105, 9107, 9658 Other references : IAVA:2004-A-0009
netbios-ns (137/udp)	Medium	The following 7 NetBIOS names have been gathered : ISD254 LBS_NT LBS_NT ISD254 ISD254 ISD254$ MMACLEOD The remote host has the following MAC address on its adapter : 00:c0:4f:17:91:65 If you do not want to allow everyone to find the NetBios name of your computer, you should filter incoming traffic to this port. Risk factor : Medium CVE : CAN-1999-0621
microsoft-ds (445/tcp)	Medium	Here is the list of the SMB shares of this host : IPC$ ADMIN$ C$ This is potentially dangerous as this may help the attack of a potential hacker. Solution : filter incoming traffic to this port Risk factor : Medium
epmap (135/tcp)	Medium	Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Solution : filter incoming traffic to this port. Risk factor : Low
microsoft-ds (445/tcp)	Medium	The remote host is missing a cumulative security update for Outlook Express which fixes a denial of service vulnerability in the Outlook Express mail client. To exploit this vulnerability, an attacker would need to send a malformed message to a victim on the remote host. The message will crash her version of Outlook, thus preventing her from reading her e-mail. Solution : http://www.microsoft.com/technet/security/bulletin/ms04-018.mspx Risk factor : Medium CVE : CAN-2004-0215 BID : 10711
microsoft-ds (445/tcp)	Medium	The remote version of Windows contains a flaw which may allow an attacker to cause it to disclose information over the use of a named pipe through a NULL session. An attacker may exploit this flaw to gain more knowledge about the remote host. Solution : http://www.microsoft.com/technet/security/bulletin/MS05-007.mspx Risk factor : Low CVE : CAN-2005-0051 BID : 12486
microsoft-ds (445/tcp)	Info	The remote registry can be accessed remotely using the login / password combination used for the SMB tests.
microsoft-ds (445/tcp)	Info	The remote Windows 2000 system has Service Pack 4 applied. CVE : CAN-1999-0662 BID : 7930, 8090, 8128, 8154
microsoft-ds (445/tcp)	Info	- NULL sessions are enabled on the remote host - The SMB tests will be done as 'nessustest'/'******' CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222, CAN-1999-0505, CAN-2002-1117 BID : 494, 990, 11199
netbios-ssn (139/tcp)	Info	An SMB server is running on this port
microsoft-ds (445/tcp)	Info	Computer Browser [ Browser ] DHCP Client [ Dhcp ] Logical Disk Manager [ dmserver ] DNS Client [ Dnscache ] Event Log [ Eventlog ] COM+ Event System [ EventSystem ] HP ProCurve Datastore [ HP ProCurve Datastore ] HP ProCurve Network Manager Server [ HP ProCurve Network Manager Server ] HP ProCurve Traffic Launch Service [ HPTLS ] Server [ lanmanserver ] Workstation [ lanmanworkstation ] TCP/IP NetBIOS Helper Service [ LmHosts ] Messenger [ Messenger ] Net Logon [ Netlogon ] Network Connections [ Netman ] Removable Storage [ NtmsSvc ] Plug and Play [ PlugPlay ] IPSEC Policy Agent [ PolicyAgent ] Protected Storage [ ProtectedStorage ] Remote Access Connection Manager [ RasMan ] Remote Registry Service [ RemoteRegistry ] Remote Procedure Call (RPC) [ RpcSs ] Security Accounts Manager [ SamSs ] Task Scheduler [ Schedule ] RunAs Service [ seclogon ] System Event Notification [ SENS ] Print Spooler [ Spooler ] Telephony [ TapiSrv ] Distributed Link Tracking Client [ TrkWks ] Windows Time [ W32Time ] Windows Management Instrumentation [ WinMgmt ] Windows Management Instrumentation Driver Extensions [ Wmi ] Automatic Updates [ wuauserv ] You should turn off the services you do not use. This list is useful to an attacker, who can make his attack more silent by not portscanning this host. Solution : To prevent the listing of the services for being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port. Risk factor : Low
microsoft-ds (445/tcp)	Info	The registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount is non-null. It means that the remote host locally caches the passwords of the users when they log in, in order to continue to allow the users to log in in the case of the failure of the PDC. Solution : use regedt32 and set the value of this key to 0 Risk factor : Low
microsoft-ds (445/tcp)	Info	The remote native lan manager is : Windows 2000 LAN Manager The remote Operating System is : Windows 5.0 The remote SMB Domain Name is : LBS_NT
general/tcp	Info	The following users are in the local administrator group : . Administrator (User) . Domain Admins (Group) You should make sure that only the proper users are member of this group Risk factor : Low
microsoft-ds (445/tcp)	Info	A CIFS server is running on this port
fpitp (1045/tcp)	Info	Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Here is the list of DCE services running on this port: UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 Endpoint: ncacn_ip_tcp:163.119.247.41[1045] Named pipe : atsvc Win32 service or process : mstask.exe Description : Scheduler service UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 Endpoint: ncacn_ip_tcp:163.119.247.41[1045] Solution : filter incoming traffic to this port. Risk factor : Low

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

<Prev in Thread]	Current Thread	[Next in Thread>
W2K Scans, Martin <= Re: W2K Scans, Nicolas Pouvesle

Previous by Date:	Re: Scans against round-robin web servers, Martin Mačok
Next by Date:	Re: W2K Scans, Nicolas Pouvesle
Previous by Thread:	SIGSEGV in ssh_detect.nasl on debian woody, Chris Brinegar
Next by Thread:	Re: W2K Scans, Nicolas Pouvesle
Indexes:	[Date] [Thread] [Top] [All Lists]