Board logo

标题: 请高手看看我的机器这个漏洞怎么补? [打印本页]
作者: guiyu1022    时间: 2004-4-26 20:43     标题: 请高手看看我的机器这个漏洞怎么补?

各位高手大家好:
    今天我用X-SCAN扫描本机发现以下漏洞,但怎么也看不懂是什么意思,请高手帮忙啊。
如果入侵者利用这个漏洞会怎么样造成危害?
附件是X-SCAN生成的报表。

提示 https (443/tcp) Maybe the "https" service running on this port.
NESSUS_ID : 10330

漏洞 www (80/tcp)
The remote WebDAV server may be vulnerable to a buffer overflow when
it receives a too long request.
An attacker may use this flaw to execute arbitrary code within the
LocalSystem security context.
*** As safe checks are enabled, Nessus did not actually test for this
*** flaw, so this might be a false positive
Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx
Risk Factor : High
CVE_ID : CAN-2003-0109
BUGTRAQ_ID : 7116
NESSUS_ID : 11412
Other references : IAVA:2003-A-0005

警告 www (80/tcp) CGI漏洞: http://127.0.0.1/_vti_bin
警告 www (80/tcp) CGI漏洞: http://127.0.0.1/_vti_bin/_vti_adm
警告 www (80/tcp) CGI漏洞: http://127.0.0.1/_vti_bin/_vti_aut
警告 www (80/tcp) CGI漏洞: http://127.0.0.1/_vti_inf.html
警告 www (80/tcp) CGI漏洞: http://127.0.0.1/_vti_bin/fpcount.exe?Page=default.htm|Image=2|Digits=1
警告 www (80/tcp) CGI漏洞: http://127.0.0.1/_vti_bin/shtml.dll/_vti_rpc
警告 www (80/tcp) CGI漏洞: http://127.0.0.1/_vti_bin/shtml.dll
警告 www (80/tcp) CGI漏洞: http://127.0.0.1/_vti_bin/shtml.dll/nosuch.htm
警告 www (80/tcp) CGI漏洞: http://127.0.0.1/_vti_bin/shtml.exe
警告 www (80/tcp) CGI漏洞: http://127.0.0.1/iissamples
警告 www (80/tcp) CGI漏洞: http://127.0.0.1/msadc
警告 www (80/tcp) CGI漏洞: http://127.0.0.1/msadc/msadcs.dll
警告 www (80/tcp) CGI漏洞: http://127.0.0.1/scripts
提示 www (80/tcp) A web server is running on this port
NESSUS_ID : 10330

提示 www (80/tcp) The following directories were discovered:
/_vti_bin, /iisadmin, /iissamples, /images
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
The following directories require authentication:
/printers
NESSUS_ID : 11032

提示 www (80/tcp) This web server was fingerprinted as MS IIS 5.0 on Win2000 SP4 or 5.1 on WinXP SP1
which is consistent with the displayed banner: Microsoft-IIS/5.0
NESSUS_ID : 11919

提示 www (80/tcp) The remote web server type is :
Microsoft-IIS/5.0
Solution : You can use urlscan to change reported server for IIS.
NESSUS_ID : 10107

警告 epmap (135/tcp)
Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
NESSUS_ID : 10736

提示 epmap (135/tcp) Maybe the "epmap" service running on this port.
NESSUS_ID : 10330

提示 microsoft-ds (445/tcp) Maybe the "microsoft-ds" service running on this port.
NESSUS_ID : 10330

警告 netbios-ssn (139/tcp) [远程注册表信息]:
[ProductName]: Microsoft Windows 2000
[SOFTWARE\Microsoft\Windows NT\CurrentVersion]:
CurrentBuild: 1.511.1 () (Obsolete data - do not use)
InstallDate: DB 7D 30 40
ProductName: Microsoft Windows 2000
RegDone:
RegisteredOrganization: win2000
RegisteredOwner: win2000
SoftwareType: SYSTEM
CurrentVersion: 5.0
CurrentBuildNumber: 2195
CurrentType: Uniprocessor Free
CSDVersion: Service Pack 4
SystemRoot: C:\WINNT
SourcePath: D:\SETUP\PRO\I386
PathName: C:\WINNT
ProductId: 52375-005-6861993-09835
DigitalProductId: A4 00 00 00 03 00 00 00 35 32 33 37 35 2D 30 30 35 2D 36 38 36 31 39 39 33 2D 30 39 38 33 35 00 12 00 00 00 41 32 32 2D 30 30 30 30 31 00 00 00 00 00 00 00 6E 87 AD 00 DB 18 D9 52 65 FD F3 71 D4 6B 02 00 00 00 00 00 26 EE 30 40 97 4C 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 35 31 34 32 32 00 00 00 00 00 00 00 B0 09 00 00 9F 04 77 AC 00 01 00 00 AA 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B4 63 9D B1
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]:
AutoRestartShell: 01 00 00 00
DefaultDomainName: TSG001
DefaultUserName: Administrator
LegalNoticeCaption:
LegalNoticeText:
PowerdownAfterShutdown: 0
ReportBootOk: 1
Shell: Explorer.exe
ShutdownWithoutLogon: 1
System:
Userinit: C:\WINNT\system32\userinit.exe,
VmApplet: rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota: FF FF FF FF
PreloadFontFile: simsun
allocatecdroms: 0
allocatedasd: 0
allocatefloppies: 0
cachedlogonscount: 10
passwordexpirywarning: 0E 00 00 00
scremoveoption: 0
DebugServerCommand: no
SFCDisable: 00 00 00 00
AutoAdminLogon: 1
ShowLogonOptions: 00 00 00 00
AltDefaultUserName: Administrator
AltDefaultDomainName: N4-2
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix]:
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB329115]:
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB329115\File 1]:
Flags:
New File:
New Link Date:
Old Link Date:
Installed: 01 00 00 00
Comments: Windows 2000 修补程序 - KB329115
Backup Dir:
Fix Description: Windows 2000 修补程序 - KB329115
Installed By:
Installed On:
Service Pack: 05 00 00 00
Valid: 01 00 00 00
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823182]:
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823182\File 1]:
Flags:
New File:
New Link Date:
Old Link Date:
Installed: 01 00 00 00
Comments: Windows 2000 修补程序 - KB823182
Backup Dir:
Fix Description: Windows 2000 修补程序 - KB823182
Installed By:
Installed On:
Service Pack: 05 00 00 00
Valid: 01 00 00 00
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823559]:
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823559\File 1]:
Flags:
New File:
New Link Date:
Old Link Date:
Installed: 01 00 00 00
Comments: Windows 2000 修补程序 - KB823559
Backup Dir:
Fix Description: Windows 2000 修补程序 - KB823559
Installed By:
Installed On:
Service Pack: 05 00 00 00
Valid: 01 00 00 00
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824105]:
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824105\File 1]:
Flags:
New File:
New Link Date:
Old Link Date:
Installed: 01 00 00 00
Comments: Windows 2000 修补程序 - KB824105
Backup Dir:
Fix Description: Windows 2000 修补程序 - KB824105
Installed By:
Installed On:
Service Pack: 05 00 00 00
Valid: 01 00 00 00
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824141]:
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824141\File 1]:
Flags:
New File:
New Link Date:
Old Link Date:
Installed: 01 00 00 00
Comments: Windows 2000 修补程序 - KB824141
Backup Dir:
Fix Description: Windows 2000 修补程序 - KB824141
Installed By:
Installed On:
Service Pack: 05 00 00 00
Valid: 01 00 00 00
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824146]:
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB824146\File 1]:
Flags:
New File:
New Link Date:
Old Link Date:
Installed: 01 00 00 00
Comments: Windows 2000 修补程序 - KB824146
Backup Dir:
Fix Description: Windows 2000 修补程序 - KB824146
Installed By:
Installed On:
Service Pack: 05 00 00 00
Valid: 01 00 00 00
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB825119]:
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB825119\File 1]:
Flags:
New File:
New Link Date:
Old Link Date:
Installed: 01 00 00 00
Comments: Windows 2000 修补程序 - KB825119
Backup Dir:
Fix Description: Windows 2000 修补程序 - KB825119
Installed By:
Installed On:
Service Pack: 05 00 00 00
Valid: 01 00 00 00
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB826232]:
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB826232\File 1]:
Flags:
New File:
New Link Date:
Old Link Date:
Installed: 01 00 00 00
Comments: Windows 2000 修补程序 - KB826232
Backup Dir:
Fix Description: Windows 2000 修补程序 - KB826232
Installed By:
Installed On:
Service Pack: 05 00 00 00
Valid: 01 00 00 00
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB828028]:
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB828028\File 1]:
Flags:
New File:
New Link Date:
Old Link Date:
Installed: 01 00 00 00
Comments: Windows 2000 修补程序 - KB828028
Backup Dir:
Fix Description: Windows 2000 修补程序 - KB828028
Installed By:
Installed On:
Service Pack: 05 00 00 00
Valid: 01 00 00 00
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB828035]:
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB828035\File 1]:
Flags:
New File:
New Link Date:
Old Link Date:
Installed: 01 00 00 00
Comments: Windows 2000 修补程序 - KB828035
Backup Dir:
Fix Description: Windows 2000 修补程序 - KB828035
Installed By:
Installed On:
Service Pack: 05 00 00 00
Valid: 01 00 00 00
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB828749]:
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB828749\File 1]:
Flags:
New File:
New Link Date:
Old Link Date:
Installed: 01 00 00 00
Comments: Windows 2000 修补程序 - KB828749
Backup Dir:
Fix Description: Windows 2000 修补程序 - KB828749
Installed By:
Installed On:
Service Pack: 05 00 00 00
Valid: 01 00 00 00
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q147222]:
Installed: 01 00 00 00
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q828026]:
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q828026\File 1]:
Flags:
New File:
New Link Date:
Old Link Date:
Installed: 01 00 00 00
Comments: Windows Media Player Hotfix [请参阅 Q828026 以获得更多信息]
Backup Dir:
Fix Description: Windows Media Player Hotfix [请参阅 Q828026 以获得更多信息]
Installed By:
Installed On:
Service Pack: 00 00 00 00
Valid: 01 00 00 00
01 00 00 00

警告 netbios-ssn (139/tcp) [服务器信息 Level 101]:
主机名称: "127.0.0.1"
操作系统: Windows NT
系统版本: 5.0
注释:""
主机类型: WORKSTATION SERVER POTENTIAL_BROWSER MASTER_BROWSER

警告 netbios-ssn (139/tcp) [网络共享资源列表 Level 1]:
"E$": 磁盘 - [默认共享] (System)
"IPC$": 进程间通信(IPC$) - [远程 IPC] (System)
"D$": 磁盘 - [默认共享] (System)
"ADMIN$": 磁盘 - [远程管理] (System)
"C$": 磁盘 - [默认共享] (System)

警告 netbios-ssn (139/tcp) [网络用户列表 Level 20]:
Administrator(ID:0x000001f4) - [管理计算机(域)的内置帐户]
用户标记: 执行登录脚本 口令永不过期
帐户类型: 标准帐户
Guest(ID:0x000001f5) - [供来宾访问计算机或访问域的内置帐户]
用户标记: 执行登录脚本 帐号被禁止 允许空口令 禁止改变口令 口令永不过期
帐户类型: 标准帐户
IUSR_TSG001(ID:0x000003e9) - [匿名访问 Internet 信息服务的内置帐号]
用户标记: 执行登录脚本 允许空口令 禁止改变口令 口令永不过期
帐户类型: 标准帐户
用户全称: "Internet 来宾帐号 "
IWAM_TSG001(ID:0x000003ea) - [启动进程之外的应用程序的 Internet 信息服务的内置帐号]
用户标记: 执行登录脚本 允许空口令 禁止改变口令 口令永不过期
帐户类型: 标准帐户
用户全称: "启动 IIS 进程帐号"
VUSR_TSG001(ID:0x000003ee) - [Account for the Visual Studio Analyzer server components]
用户标记: 执行登录脚本 允许空口令 口令永不过期
帐户类型: 标准帐户
用户全称: "VSA Server Account"
VUSR_TSG0011(ID:0x000003ef) - [Account for the Visual Studio Analyzer server components]
用户标记: 执行登录脚本 允许空口令 口令永不过期
帐户类型: 标准帐户
用户全称: "VSA Server Account"

警告 netbios-ssn (139/tcp) [网络用户列表 Level 3]:
Administrator - [管理计算机(域)的内置帐户]
口令使用时间: 70 Day 3 Hour 52 Minute 54 Sec.
帐户类型: 管理员(Administrator)
最后登录时间: GMT Mon Apr 26 11:14:13 2004
错口令次数: 0, 成功登录次数: 67
USER ID: 0x000001f4, GROUP ID: 0x00000201
Guest - [供来宾访问计算机或访问域的内置帐户]
口令使用时间: 0 Day 0 Hour 0 Minute 0 Sec.
帐户类型: 来访者(Guest)
错口令次数: 0, 成功登录次数: 0
USER ID: 0x000001f5, GROUP ID: 0x00000201
IUSR_TSG001 - [匿名访问 Internet 信息服务的内置帐号]
口令使用时间: 70 Day 3 Hour 29 Minute 9 Sec.
帐户类型: 来访者(Guest)
用户全称: "Internet 来宾帐号 "
注释: "匿名访问 Internet 信息服务的内置帐号"
最后登录时间: GMT Mon Apr 26 12:23:30 2004
错口令次数: 0, 成功登录次数: 0
USER ID: 0x000003e9, GROUP ID: 0x00000201
IWAM_TSG001 - [启动进程之外的应用程序的 Internet 信息服务的内置帐号]
口令使用时间: 70 Day 3 Hour 29 Minute 8 Sec.
帐户类型: 来访者(Guest)
用户全称: "启动 IIS 进程帐号"
注释: "启动进程之外的应用程序的 Internet 信息服务的内置帐号"
最后登录时间: GMT Mon Apr 26 12:23:30 2004
错口令次数: 0, 成功登录次数: 2
USER ID: 0x000003ea, GROUP ID: 0x00000201
VUSR_TSG001 - [Account for the Visual Studio Analyzer server components]
口令使用时间: 68 Day 9 Hour 13 Minute 55 Sec.
帐户类型: 来访者(Guest)
用户全称: "VSA Server Account"
错口令次数: 0, 成功登录次数: 0
USER ID: 0x000003ee, GROUP ID: 0x00000201
VUSR_TSG0011 - [Account for the Visual Studio Analyzer server components]
口令使用时间: 68 Day 8 Hour 43 Minute 37 Sec.
帐户类型: 来访者(Guest)
用户全称: "VSA Server Account"
错口令次数: 0, 成功登录次数: 0
USER ID: 0x000003ef, GROUP ID: 0x00000201

警告 netbios-ssn (139/tcp) [本地组列表 Level 1]:
Administrators - [管理员对计算机/域有不受限制的完全访问权]
N4-2\Administrator - 用户帐号
Backup Operators - [备份操作员为了备份或还原文件可以替代安全限制]
Guests - [按默认值,来宾跟用户组的成员有同等访问权,但来宾帐户的限制更多]
N4-2\Guest - 用户帐号
N4-2\IUSR_TSG001 - 用户帐号
N4-2\IWAM_TSG001 - 用户帐号
Power Users - [权限高的用户拥有最高的管理权限,但有限制。因此,权限高的用户可以运行经过证明的文件,也可以运行继承应用程序]
Replicator - [支持域中的文件复制]
Users - [用户无法进行有意或无意的改动。因此,用户可以运行经过证明的文件,但不能运行大多数继承应用程序]
NT AUTHORITY\INTERACTIVE - 知名组帐号
NT AUTHORITY\Authenticated Users - 知名组帐号
TSG001 Admins - [TSG001 管理员 - 成员可以创建和管理站点]
BUILTIN\Administrators -
TSG001 Authors - [TSG001 作者 - 成员可以创建和修改站点中的文件夹和文件]
TSG001 Browsers - [TSG001 浏览者 - 成员可以读取站点中的文档]

提示 cifs (445/tcp) A CIFS server is running on this port
NESSUS_ID : 11011

提示 cifs (445/tcp)
It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access
To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html

All the smb tests will be done as ''/''
CVE_ID : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222, CAN-1999-0505, CAN-2002-1117
BUGTRAQ_ID : 494, 990
NESSUS_ID : 10394

提示 DCE/1ff70682-0a51-30e8-076d-740be8cee98b (1025/tcp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.

Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.8.27[1025]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.8.27[1025]

Solution : filter incoming traffic to this port.
Risk Factor : Low
NESSUS_ID : 10736

提示 DCE/82ad4280-036b-11cf-972c-00aa006887b0 (1026/tcp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.

Here is the list of DCE services running on this port:
UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:192.168.8.27[1026]

Solution : filter incoming traffic to this port.
Risk Factor : Low
NESSUS_ID : 10736

提示 DCE/906b0ce0-c70b-1067-b317-00dd010662da (1115/tcp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.

Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.8.27[1115]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.8.27[1115]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.8.27[1115]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:192.168.8.27[1115]

Solution : filter incoming traffic to this port.
Risk Factor : Low
NESSUS_ID : 10736

作者: guiyu1022    时间: 2004-4-26 20:46     标题: 请高手看看我的机器这个漏洞怎么补?

我是2000的系统。
作者: 飛鳥    时间: 2004-4-26 20:56     标题: 请高手看看我的机器这个漏洞怎么补?

靠~~~连隐藏共享都没关!
作者: guiyu1022    时间: 2004-4-28 09:48     标题: 请高手看看我的机器这个漏洞怎么补?

???看不懂。
作者: guiyu1022    时间: 2004-5-8 09:26     标题: 请高手看看我的机器这个漏洞怎么补?

??



欢迎光临 黑色海岸线论坛 (http://bbs.thysea.com/) Powered by Discuz! 7.2