scan ubuntu with ossec + postfix prepare for pci-dss 0unmp9

Nessus ReportNessus Scan Report

26/Sep/2013:04:40:53

HomeFeed: Commercial use of the report is prohibited

Any time Nessus is used in a commercial environment you MUST maintain an activesubscription to the ProfessionalFeed in order to be compliant with our license agreement:http://www.nessus.org/products/nessus-professionalfeed

http://www.nessus.org/products/nessus-professionalfeed

Table Of ContentsHosts Summary (Executive).................................................................................................3

•10.42.14.159................................................................................................................................................................4

Vulnerabilities By Host......................................................................................................... 5

•10.42.14.159................................................................................................................................................................6

Vulnerabilities By Plugin.....................................................................................................20

•11229 (1) - Web Server info.php / phpinfo.php Detection........................................................................................ 21

•12213 (1) - TCP/IP Sequence Prediction Blind Reset Spoofing DoS...................................................................... 22

•62101 (1) - Apache 2.2 < 2.2.23 Multiple Vulnerabilities......................................................................................... 24

•64912 (1) - Apache 2.2 < 2.2.24 Multiple Cross-Site Scripting Vulnerabilities......................................................... 25

•67140 (1) - OpenSSH LoginGraceTime / MaxStartups DoS.................................................................................... 26

•68915 (1) - Apache 2.2 < 2.2.25 Multiple Vulnerabilities......................................................................................... 27

•11219 (2) - Nessus SYN scanner.............................................................................................................................28

•22964 (2) - Service Detection...................................................................................................................................29

•10107 (1) - HTTP Server Type and Version............................................................................................................ 30

•10114 (1) - ICMP Timestamp Request Remote Date Disclosure.............................................................................31

•10267 (1) - SSH Server Type and Version Information........................................................................................... 32

•10287 (1) - Traceroute Information...........................................................................................................................33

•10662 (1) - Web mirroring........................................................................................................................................ 34

•10881 (1) - SSH Protocol Versions Supported.........................................................................................................35

•11032 (1) - Web Server Directory Enumeration.......................................................................................................36

•11936 (1) - OS Identification.....................................................................................................................................37

•18261 (1) - Apache Banner Linux Distribution Disclosure........................................................................................38

•19506 (1) - Nessus Scan Information.......................................................................................................................39

•24260 (1) - HyperText Transfer Protocol (HTTP) Information..................................................................................40

•25220 (1) - TCP/IP Timestamps Supported............................................................................................................. 41

•43111 (1) - HTTP Methods Allowed (per directory)................................................................................................. 42

•45590 (1) - Common Platform Enumeration (CPE)..................................................................................................43

•54615 (1) - Device Type...........................................................................................................................................44

•66334 (1) - Patch Report..........................................................................................................................................45

Hosts Summary (Executive)

4

10.42.14.159Summary

Critical High Medium Low Info Total

0 0 6 0 18 24

Details

Severity Plugin Id Name

Medium (6.9) 62101 Apache 2.2 < 2.2.23 Multiple Vulnerabilities

Medium (5.1) 68915 Apache 2.2 < 2.2.25 Multiple Vulnerabilities

Medium (5.0) 11229 Web Server info.php / phpinfo.php Detection

Medium (5.0) 12213 TCP/IP Sequence Prediction Blind Reset Spoofing DoS

Medium (5.0) 67140 OpenSSH LoginGraceTime / MaxStartups DoS

Medium (4.3) 64912 Apache 2.2 < 2.2.24 Multiple Cross-Site Scripting Vulnerabilities

Info 10107 HTTP Server Type and Version

Info 10114 ICMP Timestamp Request Remote Date Disclosure

Info 10267 SSH Server Type and Version Information

Info 10287 Traceroute Information

Info 10662 Web mirroring

Info 10881 SSH Protocol Versions Supported

Info 11032 Web Server Directory Enumeration

Info 11219 Nessus SYN scanner

Info 11936 OS Identification

Info 18261 Apache Banner Linux Distribution Disclosure

Info 19506 Nessus Scan Information

Info 22964 Service Detection

Info 24260 HyperText Transfer Protocol (HTTP) Information

Info 25220 TCP/IP Timestamps Supported

Info 43111 HTTP Methods Allowed (per directory)

Info 45590 Common Platform Enumeration (CPE)

Info 54615 Device Type

Info 66334 Patch Report

http://www.nessus.org/plugins/index.php?view=single&id=62101
























Vulnerabilities By Host

6

10.42.14.159Scan Information

Start time: Thu Sep 26 04:38:18 2013

End time: Thu Sep 26 04:40:40 2013

Host Information

IP: 10.42.14.159

OS: Linux Kernel 3.5 on Ubuntu 12.10 (quantal)

Results Summary

Critical High Medium Low Info Total

0 0 6 0 20 26

Results Details0/icmp10114 - ICMP Timestamp Request Remote Date DisclosureSynopsis

It is possible to determine the exact time set on the remote host.

Description

The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set onthe targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authenticationprotocols.Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, butusually within 1000 seconds of the actual system time.

Solution

Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Risk Factor

None

References

CVE CVE-1999-0524

XREF OSVDB:94

XREF CWE:200

Plugin Information:

Publication date: 1999/08/01, Modification date: 2012/06/18

Portsicmp/0

The difference between the local and remote clocks is 1 second.

0/tcp12213 - TCP/IP Sequence Prediction Blind Reset Spoofing DoSSynopsis

It may be possible to send spoofed RST packets to the remote system.

Description

The remote host might be affected by a sequence number approximation vulnerability that may allow an attacker tosend spoofed RST packets to the remote host and close established connections. This may cause problems for somededicated services (BGP, a VPN over TCP, etc).

See Also

https://downloads.avaya.com/elmodocs2/security/ASA-2006-217.htm

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0524

http://osvdb.org/show/osvdb/94

http://cwe.mitre.org/data/definitions/200


7

http://www.kb.cert.org/vuls/id/JARL-5ZQR4D

http://www-01.ibm.com/support/docview.wss?uid=isg1IY55949



http://www.juniper.net/support/security/alerts/niscc-236929.txt

http://technet.microsoft.com/en-us/security/bulletin/ms05-019


http://www.kb.cert.org/vuls/id/JARL-5YGQ9G

http://www.kb.cert.org/vuls/id/JARL-5ZQR7H

http://www.kb.cert.org/vuls/id/JARL-5YGQAJ

http://www.nessus.org/u?9a548ae4

http://isc.sans.edu/diary.html?date=2004-04-20

Solution

Contact the vendor for a patch or mitigation advice.

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Temporal Score


References

BID 10183

CVE CVE-2004-0230

XREF OSVDB:4030

XREF CERT:415294

XREF EDB-ID:276

XREF EDB-ID:291

Plugin Information:


Portstcp/025220 - TCP/IP Timestamps SupportedSynopsis

The remote service implements TCP timestamps.

Description

The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptimeof the remote host can sometimes be computed.

See Also













http://www.securityfocus.com/bid/10183



8

http://www.ietf.org/rfc/rfc1323.txt

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/018261 - Apache Banner Linux Distribution DisclosureSynopsis

The name of the Linux distribution running on the remote host was found in the banner of the web server.

Description

This script extracts the banner of the Apache web server and attempts to determine which Linux distribution theremote host is running.

Solution

If you do not wish to display this information, edit httpd.conf and set the directive 'ServerTokens Prod' and restartApache.

Risk Factor

None

Plugin Information:


Portstcp/0

The linux distribution detected was : - Ubuntu 12.04 (precise) - Ubuntu 12.10 (quantal) - Ubuntu 13.04 (raring)

11936 - OS IdentificationSynopsis

It is possible to guess the remote operating system.

Description

Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name ofthe remote operating system in use. It is also sometimes possible to guess the version of the operating system.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/0

Remote operating system : Linux Kernel 3.5 on Ubuntu 12.10 (quantal)Confidence Level : 95Method : SSH The remote host is running Linux Kernel 3.5 on Ubuntu 12.10 (quantal)

54615 - Device Type


9

Synopsis

It is possible to guess the remote device type.

Description

Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,router, general-purpose computer, etc).

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/0

Remote device type : general-purposeConfidence level : 95

45590 - Common Platform Enumeration (CPE)Synopsis

It is possible to enumerate CPE names that matched on the remote system.

Description

By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matchesfor various hardware and software products found on a host.Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on theinformation available from the scan.

See Also

http://cpe.mitre.org/

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/0

The remote operating system matched the following CPE : cpe:/o:canonical:ubuntu_linux:12.10 -> Canonical Ubuntu Linux 12.10 Following application CPE's matched on the remote system : cpe:/a:openbsd:openssh:6.0 -> OpenBSD OpenSSH 6.0 cpe:/a:apache:http_server:2.2.22 -> Apache Software Foundation Apache HTTP Server 2.2.22

66334 - Patch ReportSynopsis

The remote host is missing several patches

Description

The remote host is missing one or several security patches.This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.

Solution

Install the patches listed below

Risk Factor


10

None

Plugin Information:


Portstcp/0

. You need to take the following 2 actions: [ OpenSSH LoginGraceTime / MaxStartups DoS (67140) ] + Action to take: Upgrade to OpenSSH 6.2 and review the associated server configuration settings. [ Apache 2.2 < 2.2.25 Multiple Vulnerabilities (68915) ] + Action to take: Either ensure that the affected modules are not in use or upgrade to Apache version 2.2.25 or later. + Impact: Taking this action will resolve 6 different vulnerabilities (CVEs).

19506 - Nessus Scan InformationSynopsis

Information about the Nessus scan.

Description

This script displays, for each tested host, information about the scan itself :- The version of the plugin set- The type of plugin feed (HomeFeed or ProfessionalFeed)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/0

Information about this scan : Nessus version : 5.2.2Plugin feed version : 201309251115Type of plugin feed : HomeFeed (Non-commercial use only)Scanner IP : 10.42.12.28Port scanner(s) : nessus_syn_scanner Port range : 1-65535Thorough tests : noExperimental tests : noParanoia level : 2Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : None

11

CGI scanning : enabledWeb application tests : enabledWeb app tests - Test mode : singleWeb app tests - Try all HTTP methods : yesWeb app tests - Maximum run time : 10 minutes.Web app tests - Stop at first flaw : paramMax hosts : 20Max checks : 4Recv timeout : 15Backports : NoneAllow post-scan editing: YesScan Start Date : 2013/9/26 4:38Scan duration : 142 sec

0/udp10287 - Traceroute InformationSynopsis

It was possible to obtain traceroute information.

Description

Makes a traceroute to the remote host.

Solution

n/a

Risk Factor

None

Plugin Information:


Portsudp/0

For your information, here is the traceroute from 10.42.12.28 to 10.42.14.159 : 10.42.12.2810.42.12.110.42.14.159

22/tcp67140 - OpenSSH LoginGraceTime / MaxStartups DoSSynopsis

The remote SSH service is susceptible to a remote denial of service attack.

Description

According to its banner, a version of OpenSSH earlier than version 6.2 is listening on this port. The defaultconfiguration of OpenSSH installs before 6.2 could allow a remote attacker to bypass the LoginGraceTime andMaxStartups thresholds by periodically making a large number of new TCP connections and thereby preventlegitimate users from gaining access to the service.Note that this plugin has not tried to exploit the issue or detect whether the remote service uses a vulnerableconfiguration. Instead, it has simply checked the version of OpenSSH running on the remote host.

See Also

http://www.openwall.com/lists/oss-security/2013/02/06/5

http://openssh.org/txt/release-6.2

http://tools.cisco.com/security/center/viewAlert.x?alertId=28883

Solution

Upgrade to OpenSSH 6.2 and review the associated server configuration settings.

Risk Factor

Medium

CVSS Base Score


CVSS Temporal Score




12


References

BID 58162

CVE CVE-2010-5107

XREF OSVDB:90007

Plugin Information:


Portstcp/22

Version source : SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1 Installed version : 6.0p1 Fixed version : 6.2

11219 - Nessus SYN scannerSynopsis

It is possible to determine which TCP ports are open.

Description

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution

Protect your target with an IP filter.

Risk Factor

None

Plugin Information:


Portstcp/22

Port 22/tcp was found to be open

22964 - Service DetectionSynopsis

The remote service could be identified.

Description

It was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/22

An SSH server is running on this port.

10267 - SSH Server Type and Version InformationSynopsis

An SSH server is listening on this port.




13

Description

It is possible to obtain information about the remote SSH server by sending an empty authentication request.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/22

SSH version : SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1SSH supported authentication : publickey,password

10881 - SSH Protocol Versions SupportedSynopsis

A SSH server is running on the remote host.

Description

This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/22

The remote SSH daemon supports the following versions of theSSH protocol : - 1.99 - 2.0 SSHv2 host key fingerprint : d2:2b:99:ab:9b:5e:2e:62:96:4e:b8:57:d2:0c:3d:9c

80/tcp11229 - Web Server info.php / phpinfo.php DetectionSynopsis

The remote web server contains a PHP script that is prone to an information disclosure attack.

Description

Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo()' fordebugging purposes. Various PHP applications may also include such a file. By accessing such a file, a remoteattacker can discover a large amount of information about the remote web server, including :- The username of the user who installed php and if they are a SUDO user.- The IP address of the host.- The version of the operating system.- The web server version.- The root directory of the web server.- Configuration information about the remote PHP installation.

Solution

Remove the affected file(s).

Risk Factor

Medium

14

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:


Portstcp/80

Nessus discovered the following URL that calls phpinfo() : - http://10.42.14.159/info.php

62101 - Apache 2.2 < 2.2.23 Multiple VulnerabilitiesSynopsis

The remote web server may be affected by multiple vulnerabilities.

Description

According to its banner, the version of Apache 2.2 installed on the remote host is earlier than 2.2.23. It is, therefore,potentially affected by the following vulnerabilities:- The utility 'apachectl' can receive a zero-length directory name in the LD_LIBRARY_PATH via the 'envvars'file. A local attacker with access to that utility could exploit this to load a malicious Dynamic Shared Object (DSO),leading to arbitrary code execution.(CVE-2012-0883)- An input validation error exists related to 'mod_negotiation', 'Multiviews' and untrusted uploads that can allow cross-site scripting attacks.(CVE-2012-2687)Note that Nessus did not actually test for these flaws, but instead has relied on the version in the server's banner.

See Also

http://www.apache.org/dist/httpd/CHANGES_2.2.23

http://httpd.apache.org/security/vulnerabilities_22.html

Solution

Upgrade to Apache version 2.2.23 or later.

Risk Factor

Medium

CVSS Base Score

6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score


References

BID 53046

BID 55131

CVE CVE-2012-0883

CVE CVE-2012-2687

XREF OSVDB:81359

XREF OSVDB:84818

Plugin Information:


Portstcp/80









15

Version source : Server: Apache/2.2.22 Installed version : 2.2.22 Fixed version : 2.2.23

64912 - Apache 2.2 < 2.2.24 Multiple Cross-Site Scripting VulnerabilitiesSynopsis

The remote web server may be affected by multiple cross-site scripting vulnerabilities.

Description

According to its banner, the version of Apache 2.2 installed on the remote host is earlier than 2.2.24. It is, therefore,potentially affected by the following cross-site scripting vulnerabilities :- Errors exist related to the modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp andunescaped hostnames and URIs that could allow cross- site scripting attacks. (CVE-2012-3499)- An error exists related to the mod_proxy_balancer module's manager interface that could allow cross-site scriptingattacks. (CVE-2012-4558)Note that Nessus did not actually test for these issues, but instead has relied on the version in the server's banner.

See Also



Solution

Either ensure that the affected modules are not in use or upgrade to Apache version 2.2.24 or later.

Risk Factor

Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Temporal Score


References

BID 58165

CVE CVE-2012-3499

CVE CVE-2012-4558

XREF OSVDB:90556

XREF OSVDB:90557

Plugin Information:


Portstcp/80


68915 - Apache 2.2 < 2.2.25 Multiple VulnerabilitiesSynopsis


Description

According to its banner, the version of Apache 2.2 installed on the remote host is earlier than 2.2.25. It is, therefore,potentially affected by the following vulnerabilities :- A flaw exists in the 'RewriteLog' function where it fails to sanitize escape sequences from being written to log files,making it potentially vulnerable to arbitrary command execution. (CVE-2013-1862)- A denial of service vulnerability exists relating to the 'mod_dav' module as it relates to MERGE requests.(CVE-2013-1896)








16

Note that Nessus did not actually test for these issues, but instead has relied on the version in the server's banner.

See Also



http://www.nessus.org/u?f050c342

Solution


Risk Factor

Medium

CVSS Base Score

5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

CVSS Temporal Score


STIG Severity

I

References

BID 59826

BID 61129

CVE CVE-2013-1862

CVE CVE-2013-1896

XREF OSVDB:93366

XREF OSVDB:95498

XREF IAVA:2013-A-0146

Plugin Information:


Portstcp/80


11219 - Nessus SYN scannerSynopsis


Description


Solution


Risk Factor

None

Plugin Information:










17


Portstcp/80


22964 - Service DetectionSynopsis


Description


Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

A web server is running on this port.

11032 - Web Server Directory EnumerationSynopsis

It is possible to enumerate directories on the web server.

Description

This plugin attempts to determine the presence of various common directories on the remote web server. By sendinga request for a directory, the web server response code indicates if it is a valid directory or not.

See Also

http://projects.webappsec.org/Predictable-Resource-Location

Solution

n/a

Risk Factor

None

References

XREF OWASP:OWASP-CM-006

Plugin Information:


Portstcp/80

The following directories were discovered:/cgi-bin, /icons While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with companysecurity standards

10662 - Web mirroringSynopsis

Nessus crawled the remote web site.

Description

This script makes a mirror of the remote web site(s) and extracts the list of CGIs that are used by the remote host.


18

It is suggested that you change the number of pages to mirror in the 'Options' section of the client.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

Webmirror performed 9 queries in 1s (9.000 queries per second)

10107 - HTTP Server Type and VersionSynopsis

A web server is running on the remote host.

Description

This plugin attempts to determine the type and the version of the remote web server.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

The remote web server type is : Apache/2.2.22 (Ubuntu) You can set the directive 'ServerTokens Prod' to limit the informationemanating from the server in its response headers.

43111 - HTTP Methods Allowed (per directory)Synopsis

This plugin determines which HTTP methods are allowed on various CGI directories.

Description

By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests'is set to 'yes'in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receivesa response code of 400, 403, 405, or 501.Note that the plugin output is only informational and does not necessarily indicate the presence of any securityvulnerabilities.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

Based on the response to an OPTIONS request :

19

- HTTP methods GET HEAD OPTIONS POST are allowed on : / /icons /manager /recipe Based on tests of each method : - HTTP methods ACL BASELINE-CONTROL BCOPY BDELETE BMOVE BPROPFIND BPROPPATCH CHECKIN CHECKOUT COPY DEBUG DELETE GET HEAD INDEX LABEL LOCK MERGE MKACTIVITY MKCOL MKWORKSPACE MOVE NOTIFY OPTIONS ORDERPATCH PATCH POLL POST PROPFIND PROPPATCH PUT REPORT RPC_IN_DATA RPC_OUT_DATA SEARCH SUBSCRIBE UNCHECKOUT UNLOCK UNSUBSCRIBE UPDATE VERSION-CONTROL X-MS-ENUMATTS are allowed on : /cgi-bin - HTTP methods GET HEAD OPTIONS POST are allowed on : / /icons /manager /recipe - Invalid/unknown HTTP methods are allowed on : /cgi-bin

24260 - HyperText Transfer Protocol (HTTP) InformationSynopsis

Some information about the remote HTTP configuration can be extracted.

Description

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive andHTTP pipelining are enabled, etc...This test is informational only and does not denote any security problem.

Solution

n/a

Risk Factor

None

Plugin Information:


Portstcp/80

Protocol version : HTTP/1.1SSL : noKeep-Alive : yesOptions allowed : (Not implemented)Headers : Date: Wed, 25 Sep 2013 21:40:20 GMT Server: Apache/2.2.22 (Ubuntu) Last-Modified: Thu, 05 Sep 2013 16:38:50 GMT ETag: "2c14-b1-4e5a58e89f052" Accept-Ranges: bytes Content-Length: 177 Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html

Vulnerabilities By Plugin

21

11229 (1) - Web Server info.php / phpinfo.php DetectionSynopsis

The remote web server contains a PHP script that is prone to an information disclosure attack.

Description

Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo()' fordebugging purposes. Various PHP applications may also include such a file. By accessing such a file, a remoteattacker can discover a large amount of information about the remote web server, including :- The username of the user who installed php and if they are a SUDO user.- The IP address of the host.- The version of the operating system.- The web server version.- The root directory of the web server.- Configuration information about the remote PHP installation.

Solution

Remove the affected file(s).

Risk Factor

Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Plugin Information:


Hosts10.42.14.159 (tcp/80)

Nessus discovered the following URL that calls phpinfo() : - http://10.42.14.159/info.php

22

12213 (1) - TCP/IP Sequence Prediction Blind Reset Spoofing DoSSynopsis

It may be possible to send spoofed RST packets to the remote system.

Description

The remote host might be affected by a sequence number approximation vulnerability that may allow an attacker tosend spoofed RST packets to the remote host and close established connections. This may cause problems for somededicated services (BGP, a VPN over TCP, etc).

See Also














Solution

Contact the vendor for a patch or mitigation advice.

Risk Factor

Medium

CVSS Base Score


CVSS Temporal Score


References

BID 10183

CVE CVE-2004-0230

XREF OSVDB:4030

XREF CERT:415294

XREF EDB-ID:276

XREF EDB-ID:291

Plugin Information:

















23


Hosts10.42.14.159 (tcp/0)

24

62101 (1) - Apache 2.2 < 2.2.23 Multiple VulnerabilitiesSynopsis

The remote web server may be affected by multiple vulnerabilities.

Description

According to its banner, the version of Apache 2.2 installed on the remote host is earlier than 2.2.23. It is, therefore,potentially affected by the following vulnerabilities:- The utility 'apachectl' can receive a zero-length directory name in the LD_LIBRARY_PATH via the 'envvars'file. A local attacker with access to that utility could exploit this to load a malicious Dynamic Shared Object (DSO),leading to arbitrary code execution.(CVE-2012-0883)- An input validation error exists related to 'mod_negotiation', 'Multiviews' and untrusted uploads that can allow cross-site scripting attacks.(CVE-2012-2687)Note that Nessus did not actually test for these flaws, but instead has relied on the version in the server's banner.

See Also



Solution

Upgrade to Apache version 2.2.23 or later.

Risk Factor

Medium

CVSS Base Score


CVSS Temporal Score


References

BID 53046

BID 55131

CVE CVE-2012-0883

CVE CVE-2012-2687

XREF OSVDB:81359

XREF OSVDB:84818

Plugin Information:


Hosts10.42.14.159 (tcp/80)










25

64912 (1) - Apache 2.2 < 2.2.24 Multiple Cross-Site Scripting VulnerabilitiesSynopsis


Description

According to its banner, the version of Apache 2.2 installed on the remote host is earlier than 2.2.24. It is, therefore,potentially affected by the following cross-site scripting vulnerabilities :- Errors exist related to the modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp andunescaped hostnames and URIs that could allow cross- site scripting attacks. (CVE-2012-3499)- An error exists related to the mod_proxy_balancer module's manager interface that could allow cross-site scriptingattacks. (CVE-2012-4558)Note that Nessus did not actually test for these issues, but instead has relied on the version in the server's banner.

See Also



Solution


Risk Factor

Medium

CVSS Base Score


CVSS Temporal Score


References

BID 58165

CVE CVE-2012-3499

CVE CVE-2012-4558

XREF OSVDB:90556

XREF OSVDB:90557

Plugin Information:


Hosts10.42.14.159 (tcp/80)









26

67140 (1) - OpenSSH LoginGraceTime / MaxStartups DoSSynopsis

The remote SSH service is susceptible to a remote denial of service attack.

Description

According to its banner, a version of OpenSSH earlier than version 6.2 is listening on this port. The defaultconfiguration of OpenSSH installs before 6.2 could allow a remote attacker to bypass the LoginGraceTime andMaxStartups thresholds by periodically making a large number of new TCP connections and thereby preventlegitimate users from gaining access to the service.Note that this plugin has not tried to exploit the issue or detect whether the remote service uses a vulnerableconfiguration. Instead, it has simply checked the version of OpenSSH running on the remote host.

See Also




Solution

Upgrade to OpenSSH 6.2 and review the associated server configuration settings.

Risk Factor

Medium

CVSS Base Score


CVSS Temporal Score


References

BID 58162

CVE CVE-2010-5107

XREF OSVDB:90007

Plugin Information:


Hosts10.42.14.159 (tcp/22)

Version source : SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1 Installed version : 6.0p1 Fixed version : 6.2







27

68915 (1) - Apache 2.2 < 2.2.25 Multiple VulnerabilitiesSynopsis


Description

According to its banner, the version of Apache 2.2 installed on the remote host is earlier than 2.2.25. It is, therefore,potentially affected by the following vulnerabilities :- A flaw exists in the 'RewriteLog' function where it fails to sanitize escape sequences from being written to log files,making it potentially vulnerable to arbitrary command execution. (CVE-2013-1862)- A denial of service vulnerability exists relating to the 'mod_dav' module as it relates to MERGE requests.(CVE-2013-1896)Note that Nessus did not actually test for these issues, but instead has relied on the version in the server's banner.

See Also




Solution


Risk Factor

Medium

CVSS Base Score


CVSS Temporal Score


STIG Severity

I

References

BID 59826

BID 61129

CVE CVE-2013-1862

CVE CVE-2013-1896

XREF OSVDB:93366

XREF OSVDB:95498

XREF IAVA:2013-A-0146

Plugin Information:


Hosts10.42.14.159 (tcp/80)











28

11219 (2) - Nessus SYN scannerSynopsis


Description


Solution


Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (tcp/22)


10.42.14.159 (tcp/80)


29

22964 (2) - Service DetectionSynopsis


Description


Solution

n/a

Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (tcp/22)

An SSH server is running on this port.

10.42.14.159 (tcp/80)

A web server is running on this port.

30

10107 (1) - HTTP Server Type and VersionSynopsis

A web server is running on the remote host.

Description

This plugin attempts to determine the type and the version of the remote web server.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (tcp/80)

The remote web server type is : Apache/2.2.22 (Ubuntu) You can set the directive 'ServerTokens Prod' to limit the informationemanating from the server in its response headers.

31

10114 (1) - ICMP Timestamp Request Remote Date DisclosureSynopsis

It is possible to determine the exact time set on the remote host.

Description

The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set onthe targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authenticationprotocols.Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, butusually within 1000 seconds of the actual system time.

Solution

Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Risk Factor

None

References

CVE CVE-1999-0524

XREF OSVDB:94

XREF CWE:200

Plugin Information:


Hosts10.42.14.159 (icmp/0)

The difference between the local and remote clocks is 1 second.



http://cwe.mitre.org/data/definitions/200

32

10267 (1) - SSH Server Type and Version InformationSynopsis

An SSH server is listening on this port.

Description

It is possible to obtain information about the remote SSH server by sending an empty authentication request.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (tcp/22)

SSH version : SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1SSH supported authentication : publickey,password

33

10287 (1) - Traceroute InformationSynopsis

It was possible to obtain traceroute information.

Description

Makes a traceroute to the remote host.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (udp/0)

For your information, here is the traceroute from 10.42.12.28 to 10.42.14.159 : 10.42.12.2810.42.12.110.42.14.159

34

10662 (1) - Web mirroringSynopsis

Nessus crawled the remote web site.

Description

This script makes a mirror of the remote web site(s) and extracts the list of CGIs that are used by the remote host.It is suggested that you change the number of pages to mirror in the 'Options' section of the client.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (tcp/80)

Webmirror performed 9 queries in 1s (9.000 queries per second)

35

10881 (1) - SSH Protocol Versions SupportedSynopsis

A SSH server is running on the remote host.

Description

This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (tcp/22)

The remote SSH daemon supports the following versions of theSSH protocol : - 1.99 - 2.0 SSHv2 host key fingerprint : d2:2b:99:ab:9b:5e:2e:62:96:4e:b8:57:d2:0c:3d:9c

36

11032 (1) - Web Server Directory EnumerationSynopsis

It is possible to enumerate directories on the web server.

Description

This plugin attempts to determine the presence of various common directories on the remote web server. By sendinga request for a directory, the web server response code indicates if it is a valid directory or not.

See Also


Solution

n/a

Risk Factor

None

References

XREF OWASP:OWASP-CM-006

Plugin Information:


Hosts10.42.14.159 (tcp/80)

The following directories were discovered:/cgi-bin, /icons While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with companysecurity standards


37

11936 (1) - OS IdentificationSynopsis

It is possible to guess the remote operating system.

Description

Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name ofthe remote operating system in use. It is also sometimes possible to guess the version of the operating system.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (tcp/0)

Remote operating system : Linux Kernel 3.5 on Ubuntu 12.10 (quantal)Confidence Level : 95Method : SSH The remote host is running Linux Kernel 3.5 on Ubuntu 12.10 (quantal)

38

18261 (1) - Apache Banner Linux Distribution DisclosureSynopsis

The name of the Linux distribution running on the remote host was found in the banner of the web server.

Description

This script extracts the banner of the Apache web server and attempts to determine which Linux distribution theremote host is running.

Solution

If you do not wish to display this information, edit httpd.conf and set the directive 'ServerTokens Prod' and restartApache.

Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (tcp/0)

The linux distribution detected was : - Ubuntu 12.04 (precise) - Ubuntu 12.10 (quantal) - Ubuntu 13.04 (raring)

39

19506 (1) - Nessus Scan InformationSynopsis

Information about the Nessus scan.

Description

This script displays, for each tested host, information about the scan itself :- The version of the plugin set- The type of plugin feed (HomeFeed or ProfessionalFeed)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (tcp/0)

Information about this scan : Nessus version : 5.2.2Plugin feed version : 201309251115Type of plugin feed : HomeFeed (Non-commercial use only)Scanner IP : 10.42.12.28Port scanner(s) : nessus_syn_scanner Port range : 1-65535Thorough tests : noExperimental tests : noParanoia level : 2Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : enabledWeb application tests : enabledWeb app tests - Test mode : singleWeb app tests - Try all HTTP methods : yesWeb app tests - Maximum run time : 10 minutes.Web app tests - Stop at first flaw : paramMax hosts : 20Max checks : 4Recv timeout : 15Backports : NoneAllow post-scan editing: YesScan Start Date : 2013/9/26 4:38Scan duration : 142 sec

40

24260 (1) - HyperText Transfer Protocol (HTTP) InformationSynopsis

Some information about the remote HTTP configuration can be extracted.

Description

This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive andHTTP pipelining are enabled, etc...This test is informational only and does not denote any security problem.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (tcp/80)

Protocol version : HTTP/1.1SSL : noKeep-Alive : yesOptions allowed : (Not implemented)Headers : Date: Wed, 25 Sep 2013 21:40:20 GMT Server: Apache/2.2.22 (Ubuntu) Last-Modified: Thu, 05 Sep 2013 16:38:50 GMT ETag: "2c14-b1-4e5a58e89f052" Accept-Ranges: bytes Content-Length: 177 Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html

41

25220 (1) - TCP/IP Timestamps SupportedSynopsis

The remote service implements TCP timestamps.

Description

The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptimeof the remote host can sometimes be computed.

See Also


Solution

n/a

Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (tcp/0)


42

43111 (1) - HTTP Methods Allowed (per directory)Synopsis

This plugin determines which HTTP methods are allowed on various CGI directories.

Description

By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests'is set to 'yes'in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receivesa response code of 400, 403, 405, or 501.Note that the plugin output is only informational and does not necessarily indicate the presence of any securityvulnerabilities.

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (tcp/80)

Based on the response to an OPTIONS request : - HTTP methods GET HEAD OPTIONS POST are allowed on : / /icons /manager /recipe Based on tests of each method : - HTTP methods ACL BASELINE-CONTROL BCOPY BDELETE BMOVE BPROPFIND BPROPPATCH CHECKIN CHECKOUT COPY DEBUG DELETE GET HEAD INDEX LABEL LOCK MERGE MKACTIVITY MKCOL MKWORKSPACE MOVE NOTIFY OPTIONS ORDERPATCH PATCH POLL POST PROPFIND PROPPATCH PUT REPORT RPC_IN_DATA RPC_OUT_DATA SEARCH SUBSCRIBE UNCHECKOUT UNLOCK UNSUBSCRIBE UPDATE VERSION-CONTROL X-MS-ENUMATTS are allowed on : /cgi-bin - HTTP methods GET HEAD OPTIONS POST are allowed on : / /icons /manager /recipe - Invalid/unknown HTTP methods are allowed on : /cgi-bin

43

45590 (1) - Common Platform Enumeration (CPE)Synopsis

It is possible to enumerate CPE names that matched on the remote system.

Description

By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matchesfor various hardware and software products found on a host.Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on theinformation available from the scan.

See Also


Solution

n/a

Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (tcp/0)

The remote operating system matched the following CPE : cpe:/o:canonical:ubuntu_linux:12.10 -> Canonical Ubuntu Linux 12.10 Following application CPE's matched on the remote system : cpe:/a:openbsd:openssh:6.0 -> OpenBSD OpenSSH 6.0 cpe:/a:apache:http_server:2.2.22 -> Apache Software Foundation Apache HTTP Server 2.2.22


44

54615 (1) - Device TypeSynopsis

It is possible to guess the remote device type.

Description

Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,router, general-purpose computer, etc).

Solution

n/a

Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (tcp/0)

Remote device type : general-purposeConfidence level : 95

45

66334 (1) - Patch ReportSynopsis

The remote host is missing several patches

Description

The remote host is missing one or several security patches.This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.

Solution

Install the patches listed below

Risk Factor

None

Plugin Information:


Hosts10.42.14.159 (tcp/0)

. You need to take the following 2 actions: [ OpenSSH LoginGraceTime / MaxStartups DoS (67140) ] + Action to take: Upgrade to OpenSSH 6.2 and review the associated server configuration settings. [ Apache 2.2 < 2.2.25 Multiple Vulnerabilities (68915) ] + Action to take: Either ensure that the affected modules are not in use or upgrade to Apache version 2.2.25 or later. + Impact: Taking this action will resolve 6 different vulnerabilities (CVEs).

scan ubuntu with ossec + postfix prepare for pci-dss 0unmp9

Documents

multiple vulnerabilities

http server type

ssh server type

version information

web mirroring

prohibitedany time nessus

nessus syn scanner

commercial use