安全漏洞及解决方案: 61.161.66.211
类型 端口/服务 安全漏洞及解决方案
提示 echo (7/tcp) An echo server is running on this port
NESSUS_ID : 10330
提示 daytime (13/tcp) Maybe the "daytime" service running on this port.
Here is its banner:
31 31 3a 32 33 3a 34 37 20 32 30 30 34 2d 31 32 11:23:47 2004-12
2d 31 30 0a -10
NESSUS_ID : 10330
提示 www (80/tcp) A web server is running on this port
NESSUS_ID : 10330
提示 www (80/tcp) The remote web server type is :
Microsoft-IIS/5.0
Solution : You can use urlscan to change reported server for IIS.
NESSUS_ID : 10107
漏洞 smtp (25/tcp) SMTP弱口令: "admin/[空口令]"
提示 smtp (25/tcp) A SMTP server is running on this port
Here is its banner :
220 ygmotor.com ESMTP 服務器就緒...
NESSUS_ID : 10330
提示 chargen (19/tcp) Chargen is running on this port
NESSUS_ID : 10330
提示 ftp (21/tcp) A FTP server is running on this port.
Here is its banner :
220 Serv-U FTP Server v4.0 for WinSock ready...
NESSUS_ID : 10330
提示 ftp (21/tcp) 通过登陆目标服务器并经过缓冲器接收可查出FTP服务的类型和版本。这些注册过的标识信息将给予潜在的攻击者们关于他们要攻击的系统的额外信息。版本和类型会在可能的地方被泄露。
解决方案:将这些注册过的标识信息转变为普通类别的信息。。
风险等级:低
___________________________________________________________________
Remote FTP server banner :
220 Serv-U FTP Server v4.0 for WinSock ready...
NESSUS_ID : 10092
漏洞 pop3 (110/tcp)
The remote POP3 server might be vulnerable to a buffer overflow
bug when it is issued at least one of these commands, with a too long
argument :
auth
user
pass
If confirmed, this problem might allow an attacker to execute
arbitrary code on the remote system, thus giving him an interactive
session on this host.
Solution : If you do not use POP3, disable this service in /etc/inetd.conf
and restart the inetd process. Otherwise, upgrade to a newer version.
See also : http://online.securityfocus.com/archive/1/27197
Risk factor : High
CVE_ID : CAN-2002-0799, CAN-1999-0822
BUGTRAQ_ID : 789, 790, 830, 894, 942, 1965, 2781, 2811, 4055, 4295, 4614
NESSUS_ID : 10184
提示 pop3 (110/tcp) A pop3 server is running on this port
NESSUS_ID : 10330
提示 imap (143/tcp) An IMAP server is running on this port
NESSUS_ID : 10330
提示 https (443/tcp) Maybe the "https" service running on this port.
NESSUS_ID : 10330
提示 ms-sql-s (1433/tcp) Maybe the "ms-sql-s" service running on this port.
NESSUS_ID : 10330
提示 ms-sql-s (1433/tcp)
Microsoft SQL server is running on this port.
You should never let any unauthorized users establish
connections to this service.
Solution: Block this port from outside communication
Risk factor : Medium
CVE_ID : CAN-1999-0652
NESSUS_ID : 10144
提示 www (8080/tcp) A web server is running on this port
NESSUS_ID : 10330
提示 discard (9/tcp) Maybe the "discard" service running on this port.
NESSUS_ID : 10330
警告 netbios-ns (137/udp) 如果NetBIOS端口(UDP:137)已经打开,
一个远程攻击者可以利用这个漏洞获得主机
的敏感信息,比如机器名,工作组/域名,
当前登陆用户名等。
解决方法:阻止这个端口的外部通信。
风险等级:中
___________________________________________________________________
The following 9 NetBIOS names have been gathered :
WMSERVER
WMSERVER = This is the computer name
= Workgroup / Domain name
= Workgroup / Domain name (part of the Browser elections)
__MSBROWSE__
INet~Services = Workgroup / Domain name (Domain Controller)
IS~WMSERVER
WMSERVER = Computer name that is registered for the messenger service on a computer that is a WINS client.
The remote host has the following MAC address on its adapter :
00:e0:4c:77:db:d4
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE_ID : CAN-1999-0621
NESSUS_ID : 10150
The remote MS SQL server is vulnerable to the Hello overflow.
An attacker may use this flaw to execute commands against
the remote host as LOCAL/SYSTEM, as well as read your database content.
*** This alert might be a false positive.
Solution : Install Microsoft Patch Q316333 at
http://support.microsoft.com/default.aspx?scid=kb
en-us
Q316333&sd=tech
or disable the Microsoft SQL Server service or use a firewall to protect the
MS SQL port (1433).
Risk factor : High
CVE_ID : CAN-2002-1123
BUGTRAQ_ID : 5411
NESSUS_ID : 11067
Other references : IAVA:2002-B-0007
