检测报告
本报表列出了被检测主机的详细漏洞信息, 请根据提示信息或链接内容进行相应修补. 欢迎
扫描时间
2005-5-1 10:48:39 - 2005-5-1 10:54:28
检测结果
存活主机 1
漏洞数量 5
警告数量 11
提示数量 22
主机列表
主机 检测结果
192.168.0.1 发现安全漏洞
主机摘要 - OS: Windows 2000; PORT/TCP: 25, 110, 135, 139, 389, 445, 1025
[返回顶部]
主机分析: 192.168.0.1
主机地址 端口/服务 服务漏洞
192.168.0.1 ldap (389/tcp) 发现安全提示
192.168.0.1 smtp (25/tcp) 发现安全提示
192.168.0.1 pop3 (110/tcp) 发现安全提示
192.168.0.1 epmap (135/tcp) 发现安全漏洞
192.168.0.1 network blackjack (1025/tcp) 发现安全提示
192.168.0.1 microsoft-ds (445/tcp) 发现安全提示
192.168.0.1 netbios-ssn (139/tcp) 发现安全漏洞
192.168.0.1 cifs (445/tcp) 发现安全漏洞
192.168.0.1 smb (139/tcp) 发现安全提示
192.168.0.1 DCE/1ff70682-0a51-30e8-076d-740be8cee98b (1025/tcp) 发现安全提示
192.168.0.1 unknown (3005/udp) 发现安全提示
192.168.0.1 DCE/378e52b0-c0a9-11cf-822d-00aa0051e40f (1025/tcp) 发现安全提示
192.168.0.1 netbios-ns (137/udp) 发现安全警告
192.168.0.1 domain (53/udp) 发现安全警告
192.168.0.1 tcp 发现安全漏洞
192.168.0.1 unknown (1720/tcp) 发现安全提示
安全漏洞及解决方案: 192.168.0.1
类型 端口/服务 安全漏洞及解决方案
提示 ldap (389/tcp) The service closed the connection after 1 seconds without sending any data
It might be protected by some TCP wrapper
NESSUS_ID : 10330
提示 smtp (25/tcp) The service closed the connection after 1 seconds without sending any data
It might be protected by some TCP wrapper
NESSUS_ID : 10330
提示 pop3 (110/tcp) The service closed the connection after 1 seconds without sending any data
It might be protected by some TCP wrapper
NESSUS_ID : 10330
漏洞 epmap (135/tcp) 远程Windows主机的RPC接口存在缓冲区溢出漏洞。
该漏洞可导致远程攻击者以SYSTEM权限在系统中执行任意代码。
远程攻击者或蠕虫能据此获得主机的控制权。
注意:此BUG不同于NMS03-026,NMS03-026漏洞造成了';MSBlast'; (又名LoveSan)蠕虫泛滥
解决方案:参考 http://www.microsoft.com/technet/security/bulletin/MS03-039.asp
风险等级 : 高
___________________________________________________________________
The remote host is running a version of Windows which has a flaw in
its RPC interface, which may allow an attacker to execute arbitrary code
and gain SYSTEM privileges.
An attacker or a worm could use it to gain the control of this host.
Note that this is NOT the same bug as the one described in MS03-026
which fixes the flaw exploited by the ';MSBlast'; (or LoveSan) worm.
Solution: see http://www.microsoft.com/technet/security/bulletin/MS03-039.mspx
Risk factor : High
CVE_ID : CAN-2003-0715, CAN-2003-0528, CAN-2003-0605
BUGTRAQ_ID : 8458, 8460
NESSUS_ID : 11835
Other references : IAVA:2003-A-0012
警告 epmap (135/tcp)
Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
NESSUS_ID : 10736
警告 epmap (135/tcp)
Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
NESSUS_ID : 10736
提示 epmap (135/tcp) Maybe the "epmap" service running on this port.
NESSUS_ID : 10330
提示 network blackjack (1025/tcp) Maybe the "network blackjack" service running on this port.
NESSUS_ID : 10330
提示 network blackjack (1025/tcp) 一个不知名的服务正在这个端口运行。
他可能是由一个木马所打开.
除非你确实知道这个端口所运行的程序,
你最好检查你的系统.
解决方案: 运行最好的反病毒软件确认是否有木马在运行。
风险等级:低
___________________________________________________________________
An unknown service runs on this port.
It is sometimes opened by this/these Trojan horse(s):
Fraggle Rock
md5 Backdoor
NetSpy
Remote Storm
Unless you know for sure what is behind it, you';d better
check your system
*** Anyway, don';t panic, Nessus only found an open port. It may
*** have been dynamically allocated to some service (RPC...)
Solution: if a trojan horse is running, run a good antivirus scanner
Risk factor : Low
NESSUS_ID : 11157
提示 microsoft-ds (445/tcp) Maybe the "microsoft-ds" service running on this port.
NESSUS_ID : 10330
漏洞 netbios-ssn (139/tcp) NT-Server弱口令: "sdx/[空口令]"
警告 netbios-ssn (139/tcp) [服务器信息 Level 101]:
主机名称: "192.168.0.1"
操作系统: Windows NT
系统版本: 5.0
注释:""
主机类型: WORKSTATION SERVER POTENTIAL_BROWSER MASTER_BROWSER
警告 netbios-ssn (139/tcp) [服务器时间]:
05-01-2005 02:32:52 GMT
警告 netbios-ssn (139/tcp) [网络共享资源列表 Level 1]:
E$: 磁盘 - [默认共享] (System)
IPC$: 进程间通信(IPC$) - [远程 IPC] (System)
D$: 磁盘 - [默认共享] (System)
WoWOBInstaller-1.3.0-zhCN: 磁盘 - []
F$: 磁盘 - [默认共享] (System)
E: 磁盘 - []
ADMIN$: 磁盘 - [远程管理] (System)
C$: 磁盘 - [默认共享] (System)
警告 netbios-ssn (139/tcp) [网络用户列表 Level 20]:
Administrator(ID:0x000001f4) - [管理计算机(域)的内置帐户]
用户标记: 执行登录脚本 口令永不过期
帐户类型: 标准帐户
用户全称: "sdx"
Guest(ID:0x000001f5) - [供来宾访问计算机或访问域的内置帐户]
用户标记: 执行登录脚本 允许空口令 禁止改变口令
帐户类型: 标准帐户
sdx(ID:0x000003e8) - []
用户标记: 执行登录脚本 口令永不过期
帐户类型: 标准帐户
用户全称: "sdx"
警告 netbios-ssn (139/tcp) [网络用户列表 Level 3]:
Administrator - [管理计算机(域)的内置帐户]
口令使用时间: 0 Day 0 Hour 45 Minute 26 Sec.
帐户类型: 管理员(Administrator)
用户全称: "sdx"
最后登录时间: GMT Mon Apr 25 12:57:06 2005
错口令次数: 80, 成功登录次数: 0
USER ID: 0x000001f4, GROUP ID: 0x00000201
Guest - [供来宾访问计算机或访问域的内置帐户]
口令使用时间: 49 Day 14 Hour 18 Minute 34 Sec.
帐户类型: 来访者(Guest)
错口令次数: 0, 成功登录次数: 0
USER ID: 0x000001f5, GROUP ID: 0x00000201
sdx - []
口令使用时间: 0 Day 0 Hour 18 Minute 30 Sec.
帐户类型: 管理员(Administrator)
用户全称: "sdx"
最后登录时间: GMT Sat Apr 30 05:21:02 2005
错口令次数: 0, 成功登录次数: 77
USER ID: 0x000003e8, GROUP ID: 0x00000201
警告 netbios-ssn (139/tcp) [本地组列表 Level 1]:
Administrators - [管理员对计算机/域有不受限制的完全访问权]
主机\Administrator - 用户帐号
主机\sdx - 用户帐号
Backup Operators - [备份操作员为了备份或还原文件可以替代安全限制]
Guests - [按默认值,来宾跟用户组的成员有同等访问权,但来宾帐户的限制更多]
主机\Guest - 用户帐号
Power Users - [权限高的用户拥有最高的管理权限,但有限制。因此,权限高的用户可以运行经过证明的文件,也可以运行继承应用程序]
Replicator - [支持域中的文件复制]
Users - [用户无法进行有意或无意的改动。因此,用户可以运行经过证明的文件,但不能运行大多数继承应用程序]
NT AUTHORITY\INTERACTIVE - 知名组帐号
NT AUTHORITY\Authenticated Users - 知名组帐号
漏洞 cifs (445/tcp) 通过发送特殊构造的数据包可以使远程windows崩溃。
攻击者可以利用该漏洞妨碍主机正常工作。
该攻击被称作SMBDie。
解决方案: http://www.microsoft.com/technet/security/bulletin/ms02-045.asp
风险等级: 高
___________________________________________________________________
The remote host is vulnerable to a denial of service attack in its SMB
stack.
An attacker may exploit this flaw to crash the remote host remotely, without
any kind of authentication.
Solution : http://www.microsoft.com/technet/security/bulletin/ms02-045.mspx
Risk factor : High
CVE_ID : CAN-2002-0724
BUGTRAQ_ID : 5556
NESSUS_ID : 11110
漏洞 cifs (445/tcp) 通过发送特殊构造的数据包可以使远程windows崩溃。
攻击者可以利用该漏洞妨碍主机正常工作。
该攻击被称作SMBDie。
解决方案: http://www.microsoft.com/technet/security/bulletin/ms02-045.asp
风险等级: 高
___________________________________________________________________
The remote host is vulnerable to a denial of service attack in its SMB
stack.
An attacker may exploit this flaw to crash the remote host remotely, without
any kind of authentication.
Solution : http://www.microsoft.com/technet/security/bulletin/ms02-045.mspx
Risk factor : High
CVE_ID : CAN-2002-0724
BUGTRAQ_ID : 5556
NESSUS_ID : 11110
提示 cifs (445/tcp) 远程主机开放了445端口,没有开放139端口。
两台Windows 2000 主机间的';Netbios-less';通讯通过445端口完成。攻击者可以利用该漏洞获取主机的共享连接,用户名列表及其他信息...
解决方案: 过滤该端口收到的数据。
风险等级: 中
___________________________________________________________________
A CIFS server is running on this port
NESSUS_ID : 11011
提示 cifs (445/tcp) 用户可以使用SMB测试中的login / password 组合远程连接注册表。
允许远程连接注册表存在潜在危险,攻击者可能由此获取更多主机信息。
解决方案: 如果还没有安装service pack 3补丁,先安装之。同时设置注册表子键
HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg
的权限,只允许管理员用户浏览其内容。
另外,有必要考虑从相关端口过滤主机接收到的数据。
风险等级: 低
___________________________________________________________________
It was not possible to connect to PIPE\winreg on the remote host.
If you intend to use Nessus to perform registry-based checks, the registry
checks will not work because the ';Remote Registry Access'; service (winreg)
has been disabled on the remote host or can not be connected to with the
supplied credentials.
NESSUS_ID : 10400
提示 cifs (445/tcp) 用户可以使用SMB测试中的login / password 组合远程连接注册表。
允许远程连接注册表存在潜在危险,攻击者可能由此获取更多主机信息。
解决方案: 如果还没有安装service pack 3补丁,先安装之。同时设置注册表子键
HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg
的权限,只允许管理员用户浏览其内容。
另外,有必要考虑从相关端口过滤主机接收到的数据。
风险等级: 低
___________________________________________________________________
It was not possible to connect to PIPE\winreg on the remote host.
If you intend to use Nessus to perform registry-based checks, the registry
checks will not work because the ';Remote Registry Access'; service (winreg)
has been disabled on the remote host or can not be connected to with the
supplied credentials.
NESSUS_ID : 10400
提示 cifs (445/tcp) 当前插件尝试探测远程native lan manager 名(Samba, Windows...)。
风险等级: 低
___________________________________________________________________
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : SDX
NESSUS_ID : 10785
提示 cifs (445/tcp) 当前插件尝试探测远程native lan manager 名(Samba, Windows...)。
风险等级: 低
___________________________________________________________________
The remote native lan manager is : Windows 2000 LAN Manager
The remote Operating System is : Windows 5.0
The remote SMB Domain Name is : SDX
NESSUS_ID : 10785
提示 smb (139/tcp) 远程主机开放了445端口,没有开放139端口。
两台Windows 2000 主机间的';Netbios-less';通讯通过445端口完成。攻击者可以利用该漏洞获取主机的共享连接,用户名列表及其他信息...
解决方案: 过滤该端口收到的数据。
风险等级: 中
___________________________________________________________________
An SMB server is running on this port
NESSUS_ID : 11011
提示 DCE/1ff70682-0a51-30e8-076d-740be8cee98b (1025/tcp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:219.145.142.26[1025]
Named pipe : atsvc
Win32 service or process : mstask.exe
Description : Scheduler service
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.1[1025]
Named pipe : atsvc
Win32 service or process : mstask.exe
Description : Scheduler service
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:219.145.142.26[1025]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.0.1[1025]
Solution : filter incoming traffic to this port.
Risk factor : Low
NESSUS_ID : 10736
提示 unknown (3005/udp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.0.1[3005]
Annotation: Messenger Service
Named pipe : ntsvcs
Win32 service or process : messenger
Description : Messenger service
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:219.145.142.26[3005]
Annotation: Messenger Service
Named pipe : ntsvcs
Win32 service or process : messenger
Description : Messenger service
Solution : filter incoming traffic to this port.
Risk factor : Low
NESSUS_ID : 10736
提示 unknown (3005/udp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.0.1[3005]
Annotation: Messenger Service
Named pipe : ntsvcs
Win32 service or process : messenger
Description : Messenger service
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:219.145.142.26[3005]
Annotation: Messenger Service
Named pipe : ntsvcs
Win32 service or process : messenger
Description : Messenger service
Solution : filter incoming traffic to this port.
Risk factor : Low
NESSUS_ID : 10736
提示 DCE/378e52b0-c0a9-11cf-822d-00aa0051e40f (1025/tcp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:219.145.142.26[1025]
Named pipe : atsvc
Win32 service or process : mstask.exe
Description : Scheduler service
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.0.1[1025]
Named pipe : atsvc
Win32 service or process : mstask.exe
Description : Scheduler service
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:219.145.142.26[1025]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.0.1[1025]
Solution : filter incoming traffic to this port.
Risk factor : Low
NESSUS_ID : 10736
警告 netbios-ns (137/udp) 如果NetBIOS端口(UDP:137)已经打开,
一个远程攻击者可以利用这个漏洞获得主机
的敏感信息,比如机器名,工作组/域名,
当前登陆用户名等。
解决方法:阻止这个端口的外部通信。
风险等级:中
___________________________________________________________________
The following 8 NetBIOS names have been gathered :
= This is the computer name registered for workstation services by a WINS client.
= Computer name
SDX = Workgroup / Domain name
= This is the current logged in user registered for this workstation.
SDX = Workgroup / Domain name (part of the Browser elections)
SDX = This is the current logged in user registered for this workstation.
SDX
__MSBROWSE__
The remote host has the following MAC address on its adapter :
00:0a:eb:65:be:ed
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Medium
CVE_ID : CAN-1999-0621
NESSUS_ID : 10150
警告 netbios-ns (137/udp)
The remote host is running a version of the NetBT name
service which suffers from a memory disclosure problem.
An attacker may send a special packet to the remote NetBT name
service, and the reply will contain random arbitrary data from
the remote host memory. This arbitrary data may be a fragment from
the web page the remote user is viewing, or something more serious
like a POP password or anything else.
An attacker may use this flaw to continuously ';poll'; the content
of the memory of the remote host and might be able to obtain sensitive
information.
Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-034.mspx
Risk factor : Medium
CVE_ID : CAN-2003-0661
BUGTRAQ_ID : 8532
NESSUS_ID : 11830
警告 domain (53/udp)
The remote name server allows recursive queries to be performed
by the host running nessusd.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as www.nessus.org).
This allows hackers to do cache poisoning attacks against this
nameserver.
If the host allows these recursive queries via UDP,
then the host can be used to ';bounce'; Denial of Service attacks
against another network or system.
See also : http://www.cert.org/advisories/CA-1997-22.html
Solution : Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction
';allow-recursion'; in the ';options'; section of your named.conf
If you are using bind 9, you can define a grouping of internal addresses
using the ';acl'; command
Then, within the options block, you can explicitly state:
';allow-recursion { hosts_defined_in_acl }';
For more info on Bind 9 administration (to include recursion), see:
http://www.nominum.com/content/documents/bind9arm.pdf
If you are using another name server, consult its documentation.
Risk factor : High
CVE_ID : CVE-1999-0024
BUGTRAQ_ID : 136, 678
NESSUS_ID : 10539
提示 domain (53/udp)
A DNS server is running on this port. If you do not use it, disable it.
Risk factor : Low
NESSUS_ID : 11002
提示 domain (53/udp) 远程DNS服务器回应没有设置递归查询标志位的查询请求。
这会允许远程攻击者判断最近哪个域名通过这个服务器被解析了,
和因此哪个主机最近被访问了。
例如,如果攻击者关心你的公司是否使用特定的金融机构的在线服务,
他们将可以用这个攻击建立起一个关于公司对上述金融机构的使用的
统计模型。当然,这个攻击也可被用来发现B2B的伙伴、上网浏览的特征、
外部的邮件服务器等等.
要想得到更多的关于允许DNS缓存信息被匿名的请求的潜在威胁的讨论,请看:
http://community.sidestep.pt/~luis/DNS-Cache-Snooping/DNS_Cache_Snooping_1.1.pdf
风险等级 : 低
___________________________________________________________________
The remote DNS server answers to queries for third party domains which do
not have the recursion bit set.
This may allow a remote attacker to determine which domains have recently
been resolved via this name server, and therefore which hosts have been
recently visited.
For instance, if an attacker was interested in whether your company utilizes
the online services of a particular financial institution, they would
be able to use this attack to build a statistical model regarding
company usage of aforementioned financial institution. Of course,
the attack can also be used to find B2B partners, web-surfing patterns,
external mail servers, and more...
For a much more detailed discussion of the potential risks of allowing
DNS cache information to be queried anonymously, please see:
http://community.sidestep.pt/~luis/DNS-Cache-Snooping/DNS_Cache_Snooping_1.1.pdf
Risk factor : Low
NESSUS_ID : 12217
提示 domain (53/udp) BIND ';NAMED'; is an open-source DNS server from ISC.org.
Many proprietary DNS servers are based on BIND source code.
The BIND based NAMED servers (or DNS servers) allow remote users
to query for version and type information. The query of the CHAOS
TXT record ';version.bind';, will typically prompt the server to send
the information back to the querying source.
The remote bind version is : Secured !!! Here no any useful information to you !!!
Solution :
Using the ';version'; directive in the ';options'; section will block
the ';version.bind'; query, but it will not log such attempts.
NESSUS_ID : 10028
漏洞 tcp 计划任务应用程序存在一个缺陷,它允许远程攻击者能够远程执行代码。
有许多攻击工具利用了这个缺陷。
一个利用此漏洞的攻击者将有能力连接到目标主机或者能够强迫本地用户安装.job文件或浏览一个恶意的web站点。
参考:http://www.microsoft.com/technet/security/bulletin/ms04-022.mspx
风险等级:高
___________________________________________________________________
There is a flaw in the Task Scheduler application which could allow a
remote attacker to execute code remotely. There are many attack vectors
for this flaw. An attacker, exploiting this flaw, would need to either
have the ability to connect to the target machine or be able to coerce a
local user to either install a .job file or browse to a malicious website.
See also : http://www.microsoft.com/technet/security/bulletin/ms04-022.mspx
Risk factor : High
CVE_ID : CAN-2004-0212
BUGTRAQ_ID : 10708
NESSUS_ID : 13852
提示 tcp The remote host is running Microsoft Windows 2000
NESSUS_ID : 11936
提示 unknown (1720/tcp) H323是互联网上广泛流行的一种协议。它被用于Voice Over IP (VoIP),
___________________________________________________________________
H323 is a protocol used all over the Internet. It is used for
Voice Over IP (VoIP), Microsoft NetMeeting, and countless other
applications. Nessus was able to determine that the remote device
supports the H323 protocol. It is in your best interest to run a
separate audit against this IP to determine the potential risk
introduced by this application.
Risk factor : None
NESSUS_ID : 12243
--------------------------------------------------------------------------------
未知驱动探索,专注成就专业
|
