| Home |
This test was against Solaris 6 on a Sparc 5 platform with the latest cluster patch in March, 2002. Solaris 6 was installed with all default options. The results for this Operating System were Surprising to me since it only cleaned up 1 hole it had. Similar to the SUN Solaris 8 project, SUN definetly looks at security differently than NESSUS or we see it.
Nessus Scan Report
--------------------------------------------------------------------------------
Number of hosts which were alive during the test : 1
Number of security holes found : 4
Number of security warnings found : 20
Number of security notes found : 3
List of the tested hosts :
10.10.10.10 (Security holes found)
--------------------------------------------------------------------------------
10.10.10.10 :
finger (79/tcp) (Security warnings found)
general/udp (9/tcp) (Security notes found)
snmp (161/udp) (Security hole found)
unknown (32777/udp) (Security warnings found)
unknown (32775/tcp) (Security warnings found)
unknown (32772/udp) (Security warnings found)
telnet (23/tcp) (Security hole found)
unknown (32776/udp) (Security warnings found)
unknown (32773/udp) (Security hole found)
unknown (32775/udp) (Security warnings found)
unknown (32778/udp) (Security warnings found)
unknown (32774/udp) (Security warnings found)
smtp (25/tcp) (Security notes found)
unknown (4045/udp) (Security warnings found)
unknown (32779/udp) (Security hole found)
general/tcp (Security warnings found)
general/icmp (Security warnings found)
echo (7/tcp) (Security warnings found)
echo (7/udp) (Security warnings found)
daytime (13/tcp) (Security warnings found)
daytime (13/udp) (Security warnings found)
chargen (19/tcp) (Security warnings found)
chargen (19/udp) (Security warnings found)
exec (512/tcp) (Security warnings found)
Warning found on port finger (79/tcp)
The remote finger daemon accepts
to redirect requests. That is, users can perform
requests like :
finger user@host@victim
This allows crackers to use your computer
as a relay to gather informations on another
network, making the other network think you
are making the requests.
Solution: disable your finger daemon (comment out
the finger line in /etc/inetd.conf) or
install a more secure one.
Risk factor : Low
CVE :
CAN-1999-0105
Warning found on port finger (79/tcp)
The 'finger' service provides useful informations
to crackers, since it allow them to gain usernames, check if a machine
is being used, and so on...
Risk factor : Low.
Solution : comment out the 'finger' line in /etc/inetd.conf
CVE :
CVE-1999-0612
Information found on port general/udp
For your information, here is the traceroute to
10.10.10.10 :
10.10.10.10
Vulnerability found on port snmp (161/udp)
SNMP Agent responded as expected with community name:
public
CVE :
CAN-1999-0517
Vulnerability found on port snmp (161/udp)
SNMP Agent responded as expected with community name:
private
CVE :
CAN-1999-0517
Warning found on port unknown (32777/udp)
The walld RPC service is running.
It is usually used by the administrator
to tell something to the users of a
network by making a message appear
on their screen.
Since this service lacks any kind
of authentification, a cracker
may use it to trick users into
doing something (change their password,
leave the console, or worse), by sending
a message which would appear to be
written by the administrator.
It can also be used as a denial of service
attack, by continually sending garbage
to the users screens, preventing them
from working properly.
Solution : Deactivate this service.
Risk factor : Medium
CVE :
CVE-1999-0181
Warning found on port unknown (32775/tcp)
The tooltalk RPC service is running.
An possible implementation fault in the
ToolTalk object database server may allow a
cracker to execute arbitrary commands as
root.
** This warning may be a false
positive since the presence
of the bug was not tested **
Solution : Disable this service.
See also : CERT Advisory CA-98.11
Risk factor : High
CVE :
CVE-1999-0003
Warning found on port unknown (32772/udp)
The statd RPC service is running.
This service has a long history of
security holes, so you should really
know what you are doing if you decide
to let it run.
* NO SECURITY HOLE REGARDING THIS
PROGRAM HAVE BEEN TESTED, SO
THIS MIGHT BE A FALSE POSITIVE *
We suggest you to disable this
service.
Risk factor : High
CVE :
CVE-1999-0018
Information found on port telnet (23/tcp)
Remote telnet banner :
Warning found on port unknown (32776/udp)
The sprayd RPC service is running.
If you do not use this service, then
disable it as it may become a security
threat in the future, if a vulnerability
is discovered.
Risk factor : Low
CVE :
CAN-1999-0613
Vulnerability found on port unknown (32773/udp)
The sadmin RPC service is running.
There is a bug in Solaris versions of
this service that allow an intruder to
execute arbitrary commands on your system.
Solution : disable this service
Risk factor : High
Warning found on port unknown (32775/udp)
The rusersd RPC service is running.
It provides an attacker interesting
informations such as how often the
system is being used, the names of
the users, and so on.
It usually not a good idea to let this
service open.
Risk factor : Low
CVE :
CVE-1999-0626
Warning found on port unknown (32778/udp)
The rstatd RPC service is running.
It provides an attacker interesting
informations such as :
- the CPU usage
- the system uptime
- its network usage
- and more
It usually not a good idea to let this
service open
Risk factor : Low
CVE :
CAN-1999-0624
Warning found on port unknown (32774/udp)
The rquotad RPC service is running.
If you do not use this service, then
disable it as it may become a security
threat in the future, if a vulnerability
is discovered.
Risk factor : Low
CVE :
CAN-1999-0625
Information found on port smtp (25/tcp)
Remote SMTP server banner :
0
0
Warning found on port unknown (4045/udp)
The nlockmgr RPC service is running.
If you do not use this service, then
disable it as it may become a security
threat in the future, if a vulnerability
is discovered.
Risk factor : Low
CVE :
CAN-2000-0508
Vulnerability found on port unknown (32779/udp)
The cmsd RPC service is running.
This service has a long history of
security holes, so you should really
know what you are doing if you decide
to let it run.
* NO SECURITY HOLE REGARDING THIS
PROGRAM HAS BEEN TESTED, SO
THIS MIGHT BE A FALSE POSITIVE *
We suggest you to disable this
service.
Risk factor : High
CVE :
CVE-1999-0320
Warning found on port general/tcp
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
Warning found on port general/icmp
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the
date which is set on your machine.
This may help him to defeat all your
time based authentifications protocols.
Solution : filter out the icmp timestamp
requests (13), and the outgoing icmp
timestamp replies (14).
Risk factor : Low
CVE :
CAN-1999-0524
Warning found on port general/icmp
The remote host answered to an ICMP_MASKREQ
query and sent us its netmask.
An attacker can use this information to
understand how your network is set up
and how the routing is done. This may
help him to bypass your filters.
Solution : reconfigure the remote host so
that it does not answer to those requests.
Set up filters that deny ICMP packets of
type 17.
Risk factor : Low
CVE :
CAN-1999-0524
Warning found on port echo (7/tcp)
The 'echo' port is open. This port is
not of any use nowadays, and may be a source of problems,
since it can be used along with other ports to perform a denial
of service. You should really disable this service.
Risk factor : Low.
Solution : comment out 'echo' in /etc/inetd.conf
CVE :
CVE-1999-0103
Warning found on port echo (7/udp)
The 'echo' port is open. This port is
not of any use nowadays, and may be a source of problems,
since it can be used along with other ports to perform a denial
of service. You should really disable this service.
Risk factor : Low.
Solution : comment out 'echo' in /etc/inetd.conf
CVE :
CVE-1999-0103
Warning found on port daytime (13/tcp)
The daytime service is running.
The date format issued by this service
may sometimes help an attacker to guess
the operating system type.
In addition to that, when the UDP version of
daytime is running, an attacker may link it
to the echo port using spoofing, thus creating
a possible denial of service.
Solution : disable this service in /etc/inetd.conf.
Risk factor : Low
CVE :
CVE-1999-0103
Warning found on port daytime (13/udp)
The daytime service is running.
The date format issued by this service
may sometimes help an attacker to guess
the operating system type.
In addition to that, when the UDP version of
daytime is running, an attacker may link it
to the echo port using spoofing, thus creating
a possible denial of service.
Solution : disable this service in /etc/inetd.conf.
Risk factor : Low
CVE :
CVE-1999-0103
Warning found on port chargen (19/tcp)
The chargen service is running.
The 'chargen' service should only be enabled when testing the machine.
When contacted, chargen responds with some random (something like all
the characters in the alphabet in row). When contacted via UDP, it
will respond with a single UDP packet. When contacted via TCP, it will
continue spewing characters until the client closes the connection.
An easy attack is 'pingpong' which IP spoofs a packet between two machines
running chargen. They will commence spewing characters at each other,
slowing
the machines down and saturating the network.
Solution : disable this service in /etc/inetd.conf.
Risk factor : Low
CVE :
CVE-1999-0103
Warning found on port chargen (19/udp)
The chargen service is running.
The 'chargen' service should only be enabled when testing the machine.
When contacted, chargen responds with some random (something like all
the characters in the alphabet in row). When contacted via UDP, it
will respond with a single UDP packet. When contacted via TCP, it will
continue spewing characters until the client closes the connection.
An easy attack is 'pingpong' which IP spoofs a packet between two machines
running chargen. They will commence spewing characters at each other,
slowing
the machines down and saturating the network.
Solution : disable this service in /etc/inetd.conf.
Risk factor : Low
CVE :
CVE-1999-0103
Warning found on port exec (512/tcp)
The rexecd service is open.
Because rexecd does not provide any good
means of authentification, it can be
used by crackers to scan a third party
host, giving you troubles or bypassing
your firewall.
Solution : comment out the 'exec' line
in /etc/inetd.conf.
Risk factor: Medium
CVE : CVE-1999-0618
| Privacy
Policy Site Map |
All images, content & text
(unless other ownership applies) are © copyrighted 2002, Infosecwriters.com. All rights reserved. Comments are property of the
respective posters.
|