<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE>Nessus Scan Report</TITLE>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
BODY {
BACKGROUND-COLOR: #ffffff
}
A { TEXT-DECORATION: none }
A:visited { COLOR: #0000cf; TEXT-DECORATION: none }
A:link { COLOR: #0000cf; TEXT-DECORATION: none }
A:active { COLOR: #0000cf; TEXT-DECORATION: underline }
A:hover { COLOR: #0000cf; TEXT-DECORATION: underline }
OL { COLOR: #333333; FONT-FAMILY: tahoma,helvetica,sans-serif }
UL { COLOR: #333333; FONT-FAMILY: tahoma,helvetica,sans-serif }
P { COLOR: #333333; FONT-FAMILY: tahoma,helvetica,sans-serif }
BODY { COLOR: #333333; FONT-FAMILY: tahoma,helvetica,sans-serif }
TD { COLOR: #333333; FONT-FAMILY: tahoma,helvetica,sans-serif }
TR { COLOR: #333333; FONT-FAMILY: tahoma,helvetica,sans-serif }
TH { COLOR: #333333; FONT-FAMILY: tahoma,helvetica,sans-serif }
FONT.title { BACKGROUND-COLOR: white; COLOR: #363636; FONT-FAMILY: tahoma,helvetica,verdana,lucida console,utopia; FONT-SIZE: 10pt; FONT-WEIGHT: bold }
FONT.sub { BACKGROUND-COLOR: white; COLOR: #000000; FONT-FAMILY: tahoma,helvetica,verdana,lucida console,utopia; FONT-SIZE: 10pt }
FONT.layer { COLOR: #ff0000; FONT-FAMILY: courrier,sans-serif,arial,helvetica; FONT-SIZE: 8pt; TEXT-ALIGN: left }
TD.title { BACKGROUND-COLOR: #A2B5CD; COLOR: #555555; FONT-FAMILY: tahoma,helvetica,verdana,lucida console,utopia; FONT-SIZE: 10pt; FONT-WEIGHT: bold; HEIGHT: 20px; TEXT-ALIGN: right }
TD.sub { BACKGROUND-COLOR: #DCDCDC; COLOR: #555555; FONT-FAMILY: tahoma,helvetica,verdana,lucida console,utopia; FONT-SIZE: 10pt; FONT-WEIGHT: bold; HEIGHT: 18px; TEXT-ALIGN: left }
TD.content { BACKGROUND-COLOR: white; COLOR: #000000; FONT-FAMILY: tahoma,arial,helvetica,verdana,lucida console,utopia; FONT-SIZE: 8pt; TEXT-ALIGN: left; VERTICAL-ALIGN: middle }
TD.default { BACKGROUND-COLOR: WHITE; COLOR: #000000; FONT-FAMILY: tahoma,arial,helvetica,verdana,lucida console,utopia; FONT-SIZE: 8pt; }
TD.border { BACKGROUND-COLOR: #cccccc; COLOR: black; FONT-FAMILY: tahoma,helvetica,verdana,lucida console,utopia; FONT-SIZE: 10pt; HEIGHT: 25px }
TD.border-HILIGHT { BACKGROUND-COLOR: #ffffcc; COLOR: black; FONT-FAMILY: verdana,arial,helvetica,lucida console,utopia; FONT-SIZE: 10pt; HEIGHT: 25px }
-->
</style>
</HEAD>
<BODY>
<table bgcolor="#a1a1a1" border=0 cellpadding=0 cellspacing=0 width="95%">
<tbody>
<tr><td>
<table border=0 cellpadding=2 cellspacing=1 width="100%">
<tbody>
<tr>
<td class=title>Nessus Scan Report</td></tr>
<tr>
<td class=content>This report gives details on hosts that were tested
and issues that were found. Please follow the recommended
steps and procedures to eradicate these threats.
</td></tr></tbody></table></td></tr></tbody></table><br>
<table bgcolor="#a1a1a1" border=0 cellpadding=0 cellspacing=0 width="60%">
<tbody><tr><td>
<table border=0 cellpadding=2 cellspacing=1 width="100%">
<tbody>
<tr>
<td class=title colspan=2>Scan Details</td></tr>
<tr>
<td class=default width="60%">Hosts which were alive and responding during test</td>
<td class=default width="30%">1</td></tr>
<tr>
<td class=default width="60%">Number of security holes found</td>
<td class=default width="30%">0</td></tr>
<tr>
<td class=default width="60%">Number of security warnings found</td>
<td class=default width="30%">2</td></tr>
</tbody></table></td></tr></tbody></table><br><br>
<a name="toc"></a><table bgcolor="#a1a1a1" border=0 cellpadding=0 cellspacing=0 width="60%">
<tbody><tr><td>
<table border=0 cellpadding=2 cellspacing=1 width="100%">
<tbody>
<tr>
<td class=title colspan=2>Host List</td></tr>
<tr>
<td class=sub width="60%">Host(s)</td>
<td class=sub width="40%">Possible Issue</td></tr>
<tr>
<td class=default width="60%"><a href="#81_168_107_198">81.168.107.198</a></td>
<td class=default width="40%">Security warning(s) found</td></tr>
</tbody></table></td></tr></tbody></table>
<a name="81_168_107_198"></a>
<a name="81_168_107_198_toc"></a>
<div align="left"><font size=-2><a href="#toc">[ return to top ]</a></font></div><br><br>
<table bgcolor="#a1a1a1" border=0 cellpadding=0 cellspacing=0 width="60%">
<tbody><tr><td>
<table cellpadding=2 cellspacing=1 border=0 width="100%">
<tbody>
<tr>
<td class=title colspan=3>Analysis of Host</td></tr>
<tr>
<td class=sub width="20%">Address of Host</td>
<td class=sub width="30%">Port/Service</td>
<td class=sub width="30%">Issue regarding Port</td></tr>
<tr>
<td class=default width="20%">81.168.107.198</td>
<td class=default width="30%"><a href="#81_168_107_198_25_tcp">smtp (25/tcp)</a></td>
<td class=default width="30%">Security notes found</td></tr>
<tr>
<td class=default width="20%">81.168.107.198</td>
<td class=default width="30%"><a href="#81_168_107_198_80_tcp">http (80/tcp)</a></td>
<td class=default width="30%">Security warning(s) found</td></tr>
<tr>
<td class=default width="20%">81.168.107.198</td>
<td class=default width="30%"><a href="#81_168_107_198_143_tcp">imap (143/tcp)</a></td>
<td class=default width="30%">Security notes found</td></tr>
<tr>
<td class=default width="20%">81.168.107.198</td>
<td class=default width="30%"><a href="#81_168_107_198_53_udp">domain (53/udp)</a></td>
<td class=default width="30%">Security warning(s) found</td></tr>
<tr>
<td class=default width="20%">81.168.107.198</td>
<td class=default width="30%"><a href="#81_168_107_198_general_udp">general/udp</a></td>
<td class=default width="30%">Security notes found</td></tr>
</tbody></table></td></tr></tbody></table><br><br>
<table bgcolor="#a1a1a1" cellpadding=0 cellspacing=0 border=0 width="75%">
<tbody><tr><td>
<table cellpadding=2 cellspacing=1 border=0 width="100%">
<td class=title colspan=3>Security Issues and Fixes: 81.168.107.198</td></tr>
<tr>
<td class=sub width="10%">Type</td>
<td class=sub width="10%">Port</td>
<td class=sub width="80%">Issue and Fix</td></tr>
<tr>
<td valign=top class=default width="10%">Informational</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_25_tcp"></a>smtp (25/tcp)</td>
<td class=default width="80%">An SMTP server is running on this port<br>
Here is its banner : <br>
220 codepoets.co.uk ESMTP Postfix
<br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=10330">10330</a></td></tr>
<tr>
<td valign=top class=default width="10%">Informational</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_25_tcp"></a>smtp (25/tcp)</td>
<td class=default width="80%">Remote SMTP server banner :<br>
220 codepoets.co.uk ESMTP Postfix
<br>
<br>
<br>
<br>
This is probably: Postfix<br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=10263">10263</a></td></tr>
<tr>
<td valign=top class=default width="10%">Informational</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_25_tcp"></a>smtp (25/tcp)</td>
<td class=default width="80%">This server could be fingerprinted as being Postfix 2.0.3<br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=11421">11421</a></td></tr>
<tr>
<td valign=top class=default width="10%">Warning</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_80_tcp"></a>http (80/tcp)</td>
<td class=default width="80%"><br>
Your webserver supports the TRACE and/or TRACK methods. TRACE and TRACK<br>
are HTTP methods which are used to debug web server connections. <br>
<br>
It has been shown that servers supporting this method are subject<br>
to cross-site-scripting attacks, dubbed XST for<br>
"Cross-Site-Tracing", when used in conjunction with<br>
various weaknesses in browsers.<br>
<br>
An attacker may use this flaw to trick your<br>
legitimate web users to give him their <br>
credentials.<br>
<br>
Solution: Disable these methods.<br>
<br>
<br>
If you are using Apache, add the following lines for each virtual<br>
host in your configuration file :<br>
<br>
RewriteEngine on<br>
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)<br>
RewriteRule .* - [F]<br>
<br>
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE<br>
requests or to permit only the methods needed to meet site requirements<br>
and policy.<br>
<br>
If you are using Sun ONE Web Server releases 6.0 SP2 and later, add the<br>
following to the default object section in obj.conf:<br>
<Client method="TRACE"><br>
AuthTrans fn="set-variable"<br>
remove-headers="transfer-encoding"<br>
set-headers="content-length: -1"<br>
error="501"<br>
</Client><br>
<br>
If you are using Sun ONE Web Server releases 6.0 SP2 or below, compile<br>
the NSAPI plugin located at:<br>
<a href="http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603">http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603</a><br>
<br>
<br>
See <a href="http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf">http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf</a><br>
<a href="http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html">http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html</a><br>
<a href="http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603">http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603</a><br>
<a href="http://www.kb.cert.org/vuls/id/867593">http://www.kb.cert.org/vuls/id/867593</a><br>
<br>
Risk factor : Medium<br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=11213">11213</a></td></tr>
<tr>
<td valign=top class=default width="10%">Informational</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_80_tcp"></a>http (80/tcp)</td>
<td class=default width="80%">A web server is running on this port<br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=10330">10330</a></td></tr>
<tr>
<td valign=top class=default width="10%">Informational</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_80_tcp"></a>http (80/tcp)</td>
<td class=default width="80%">The following directories were discovered:<br>
/cgi-bin, /doc, /icons, /manual<br>
<br>
While this is not, in and of itself, a bug, you should manually inspect <br>
these directories to ensure that they are in compliance with company<br>
security standards<br>
<br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=11032">11032</a></td></tr>
<tr>
<td valign=top class=default width="10%">Informational</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_80_tcp"></a>http (80/tcp)</td>
<td class=default width="80%">The following CGI have been discovered :<br>
<br>
Syntax : cginame (arguments [default value])<br>
<br>
/src/redirect.php (login_username [] secretkey [] js_autodetect_results [SMPREF_JS_OFF] just_logged_in [1] )<br>
<br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=10662">10662</a></td></tr>
<tr>
<td valign=top class=default width="10%">Informational</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_80_tcp"></a>http (80/tcp)</td>
<td class=default width="80%">The remote web server type is :<br>
<br>
Apache/2.0.48 (Unix) PHP/4.3.3 mod_jk/1.2.5
<br>
<br>
<br>
Solution : You can set the directive 'ServerTokens Prod' to limit<br>
the information emanating from the server in its response headers.<br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=10107">10107</a></td></tr>
<tr>
<td valign=top class=default width="10%">Informational</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_80_tcp"></a>http (80/tcp)</td>
<td class=default width="80%">An information leak occurs on Apache based web servers <br>
whenever the UserDir module is enabled. The vulnerability allows an external <br>
attacker to enumerate existing accounts by requesting access to their home <br>
directory and monitoring the response.<br>
<br>
<br>
Solution: <br>
1) Disable this feature by changing 'UserDir public_html' (or whatever) to <br>
'UserDir disabled'.<br>
<br>
Or<br>
<br>
2) Use a RedirectMatch rewrite rule under Apache -- this works even if there <br>
is no such entry in the password file, e.g.:<br>
RedirectMatch ^/~(.*)$ <a href="http://my-target-webserver.somewhere.org/$1">http://my-target-webserver.somewhere.org/$1</a><br>
<br>
Or<br>
<br>
3) Add into httpd.conf:<br>
ErrorDocument 404 <a href="http://localhost/sample.html">http://localhost/sample.html</a><br>
ErrorDocument 403 <a href="http://localhost/sample.html">http://localhost/sample.html</a><br>
(NOTE: You need to use a FQDN inside the URL for it to work properly).<br>
<br>
Additional Information:<br>
<a href="http://www.securiteam.com/unixfocus/5WP0C1F5FI.html">http://www.securiteam.com/unixfocus/5WP0C1F5FI.html</a><br>
<br>
<br>
Risk factor : Low<br>
CVE : <a href="http://cgi.nessus.org/cve.php3?cve=CAN-2001-1013">CAN-2001-1013</a><br>
BID : <a href="http://cgi.nessus.org/bid.php3?bid=3335">3335</a><br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=10766">10766</a></td></tr>
<tr>
<td valign=top class=default width="10%">Informational</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_80_tcp"></a>http (80/tcp)</td>
<td class=default width="80%">This web server was fingerprinted as: Apache/2.0.4x PHP/4.3.x<br>
which is not consistent with the displayed banner: Apache/2.0.48 (Unix) PHP/4.3.3 mod_jk/1.2.5<br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=11919">11919</a></td></tr>
<tr>
<td valign=top class=default width="10%">Informational</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_143_tcp"></a>imap (143/tcp)</td>
<td class=default width="80%">An IMAP server is running on this port<br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=10330">10330</a></td></tr>
<tr>
<td valign=top class=default width="10%">Informational</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_143_tcp"></a>imap (143/tcp)</td>
<td class=default width="80%">The remote imap server banner is :<br>
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE STARTTLS] Courier-IMAP ready. Copyright 1998-2003 Double Precision, Inc. See COPYING for distribution information.
<br>
Versions and types should be omitted where possible.<br>
Change the imap banner to something generic.<br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=11414">11414</a></td></tr>
<tr>
<td valign=top class=default width="10%">Warning</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_53_udp"></a>domain (53/udp)</td>
<td class=default width="80%"><br>
The remote name server allows recursive queries to be performed<br>
by the host running nessusd.<br>
<br>
If this is your internal nameserver, then forget this warning.<br>
<br>
If you are probing a remote nameserver, then it allows anyone<br>
to use it to resolve third parties names (such as www.nessus.org).<br>
This allows hackers to do cache poisoning attacks against this<br>
nameserver.<br>
<br>
If the host allows these recursive queries via UDP,<br>
then the host can be used to 'bounce' Denial of Service attacks<br>
against another network or system.<br>
<br>
See also : <a href="http://www.cert.org/advisories/CA-1997-22.html">http://www.cert.org/advisories/CA-1997-22.html</a><br>
<br>
Solution : Restrict recursive queries to the hosts that should<br>
use this nameserver (such as those of the LAN connected to it).<br>
<br>
If you are using bind 8, you can do this by using the instruction<br>
'allow-recursion' in the 'options' section of your named.conf<br>
<br>
If you are using bind 9, you can define a grouping of internal addresses<br>
using the 'acl' command<br>
<br>
Then, within the options block, you can explicitly state:<br>
'allow-recursion { hosts_defined_in_acl }'<br>
<br>
For more info on Bind 9 administration (to include recursion), see: <br>
<a href="http://www.nominum.com/content/documents/bind9arm.pdf">http://www.nominum.com/content/documents/bind9arm.pdf</a><br>
<br>
If you are using another name server, consult its documentation.<br>
<br>
Risk factor : Serious<br>
CVE : <a href="http://cgi.nessus.org/cve.php3?cve=CVE-1999-0024">CVE-1999-0024</a><br>
BID : <a href="http://cgi.nessus.org/bid.php3?bid=678">678</a><br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=10539">10539</a></td></tr>
<tr>
<td valign=top class=default width="10%">Informational</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_53_udp"></a>domain (53/udp)</td>
<td class=default width="80%"><br>
A DNS server is running on this port. If you do not use it, disable it.<br>
<br>
Risk factor : Low<br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=11002">11002</a></td></tr>
<tr>
<td valign=top class=default width="10%">Informational</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_53_udp"></a>domain (53/udp)</td>
<td class=default width="80%">BIND 'NAMED' is an open-source DNS server from ISC.org.<br>
Many proprietary DNS servers are based on BIND source code.<br>
<br>
The BIND based NAMED servers (or DNS servers) allow remote users<br>
to query for version and type information. The query of the CHAOS<br>
TXT record 'version.bind', will typically prompt the server to send<br>
the information back to the querying source.<br>
<br>
The remote bind version is : 9.2.3<br>
<br>
Solution :<br>
Using the 'version' directive in the 'options' section will block<br>
the 'version.bind' query, but it will not log such attempts.<br>
<br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=10028">10028</a></td></tr>
<tr>
<td valign=top class=default width="10%">Informational</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_53_udp"></a>domain (53/udp)</td>
<td class=default width="80%">The remote name server could be fingerprinted as being : ISC BIND 9.2.3<br>
<br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=11951">11951</a></td></tr>
<tr>
<td valign=top class=default width="10%">Informational</td>
<td valign=top class=default width="10%"><a name="81_168_107_198_general_udp"></a>general/udp</td>
<td class=default width="80%">For your information, here is the traceroute to 81.168.107.198 : <br>
192.168.2.120<br>
192.168.2.1<br>
?<br>
<br>
Nessus ID : <a href="http://cgi.nessus.org/nessus_id.php3?id=10287">10287</a></td></tr>
</td></tr></tbody></table></td></tr></tbody></table>
<hr>
<i>This file was generated by <a href="http://www.nessus.org">Nessus</a>, the open-sourced security scanner.</i>
</BODY>
</HTML>