| Security Issues and Fixes: www.phpnuke.com.my |
| Type |
Port |
Issue and Fix |
| Informational |
smtp (25/tcp) |
An SMTP server is running on this port
Here is its banner :
220 web1.mercumaya.biz ESMTP
Nessus ID : 10330 |
| Informational |
smtp (25/tcp) |
Remote SMTP server banner :
220 web1.mercumaya.biz ESMTP
This is probably: Qmail
Nessus ID : 10263 |
| Informational |
smtp (25/tcp) |
smtpscan was not able to reliably identify this server. It might be:
Qmail 1.0.3
The fingerprint differs from these known signatures on 1 point(s)
If you known precisely what it is, please send this fingerprint
to the Nessus team :
:250:250:250:250:250:250:250:214:252:502:502:502:502:250:220
Nessus ID : 11421 |
| Vulnerability |
ssh (22/tcp) |
You are running a version of OpenSSH which is older than 3.4
There is a flaw in this version that can be exploited remotely to
give an attacker a shell on this host.
Note that several distribution patched this hole without changing
the version number of OpenSSH. Since Nessus solely relied on the
banner of the remote SSH server to perform this check, this might
be a false positive.
If you are running a RedHat host, make sure that the command :
rpm -q openssh-server
Returns :
openssh-server-3.1p1-6
Solution : Upgrade to OpenSSH 3.4 or contact your vendor for a patch
Risk factor : High
CVE : CVE-2002-0639, CVE-2002-0640, CAN-2002-0639, CAN-2002-0640
BID : 5093
Nessus ID : 11031 |
| Vulnerability |
ssh (22/tcp) |
You are running a version of OpenSSH which is older than 3.7.1
Versions older than 3.7.1 are vulnerable to a flaw in the buffer management
functions which might allow an attacker to execute arbitrary commands on this
host.
An exploit for this issue is rumored to exist.
Note that several distribution patched this hole without changing
the version number of OpenSSH. Since Nessus solely relied on the
banner of the remote SSH server to perform this check, this might
be a false positive.
If you are running a RedHat host, make sure that the command :
rpm -q openssh-server
Returns :
openssh-server-3.1p1-13 (RedHat 7.x)
openssh-server-3.4p1-7 (RedHat 8.0)
openssh-server-3.5p1-11 (RedHat 9)
Solution : Upgrade to OpenSSH 3.7.1
See also : http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2
Risk factor : High
CVE : CAN-2003-0693, CAN-2003-0695
BID : 8628
Nessus ID : 11837 |
| Vulnerability |
ssh (22/tcp) |
You are running a version of OpenSSH older than OpenSSH 3.2.1
A buffer overflow exists in the daemon if AFS is enabled on
your system, or if the options KerberosTgtPassing or
AFSTokenPassing are enabled. Even in this scenario, the
vulnerability may be avoided by enabling UsePrivilegeSeparation.
Versions prior to 2.9.9 are vulnerable to a remote root
exploit. Versions prior to 3.2.1 are vulnerable to a local
root exploit.
Solution :
Upgrade to the latest version of OpenSSH
Risk factor : High
CVE : CVE-2002-0575, CAN-2002-0575
BID : 4560
Nessus ID : 10954 |
| Warning |
ssh (22/tcp) |
You are running OpenSSH-portable 3.6.1p1 or older.
If PAM support is enabled, an attacker may use a flaw in this version
to determine the existence or a given login name by comparing the times
the remote sshd daemon takes to refuse a bad password for a non-existant
login compared to the time it takes to refuse a bad password for a
valid login.
An attacker may use this flaw to set up a brute force attack against
the remote host.
*** Nessus did not check whether the remote SSH daemon is actually
*** using PAM or not, so this might be a false positive
Solution : Upgrade to OpenSSH-portable 3.6.1p2 or newer
Risk Factor : Low
CVE : CAN-2003-0190
BID : 7482, 7467, 7342
Nessus ID : 11574 |
| Warning |
ssh (22/tcp) |
You are running OpenSSH-portable 3.6.1 or older.
There is a flaw in this version which may allow an attacker to
bypass the access controls set by the administrator of this server.
OpenSSH features a mechanism which can restrict the list of
hosts a given user can log from by specifying a pattern
in the user key file (ie: *.mynetwork.com would let a user
connect only from the local network).
However there is a flaw in the way OpenSSH does reverse DNS lookups.
If an attacker configures his DNS server to send a numeric IP address
when a reverse lookup is performed, he may be able to circumvent
this mechanism.
Solution : Upgrade to OpenSSH 3.6.2 when it comes out
Risk Factor : Low
CVE : CAN-2003-0386
BID : 7831
Nessus ID : 11712 |
| Informational |
ssh (22/tcp) |
An ssh server is running on this port
Nessus ID : 10330 |
| Informational |
ssh (22/tcp) |
Remote SSH version : SSH-2.0-OpenSSH_3.1p1
Nessus ID : 10267 |
| Informational |
ssh (22/tcp) |
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.99
. 2.0
Nessus ID : 10881 |
| Vulnerability |
ftp (21/tcp) |
The remote host is running a version of ProFTPd which seems
to be vulnerable to a buffer overflow when a user downloads
a malformed ASCII file.
An attacker with upload privileges on this host may abuse this
flaw to gain a root shell on this host.
*** The author of ProFTPD did not increase the version number
*** of his product when fixing this issue, so it might be false
*** positive.
Solution : Upgrade to ProFTPD 1.2.9 when available or to 1.2.8p
Risk Factor : High
BID : 8679
Nessus ID : 11849 |
| Vulnerability |
ftp (21/tcp) |
The remote FTP server seems to be vulnerable to an exhaustion
attack which may makes it consume all available memory on the remote
host when it receives the command :
NLST /../*/../*/../*/../*/../*/../*/../*/../*/../*/../
Solution : upgrade to ProFTPd 1.2.2 and modify your configuration
file to include :
DenyFilter \*.*/
If you use another FTP server, contact your vendor.
Reference : http://online.securityfocus.com/archive/1/169069
Risk factor : High
BID : 6341
Nessus ID : 10634 |
| Informational |
ftp (21/tcp) |
An FTP server is running on this port.
Here is its banner :
220 ProFTPD 1.2.8 Server (Mercu Maya FTP) [web1.mercumaya.biz]
Nessus ID : 10330 |
| Informational |
ftp (21/tcp) |
Remote FTP server banner :
220 ProFTPD 1.2.8 Server (Mercu Maya FTP) [web1.mercumaya.biz]
Nessus ID : 10092 |
| Vulnerability |
domain (53/tcp) |
The remote BIND 9 DNS server, according to its version number, is vulnerable to a
buffer overflow which may allow an attacker to gain a shell on this host or
to disable this server.
Solution : upgrade to bind 9.2.2 or downgrade to the 8.x series
See also : http://www.isc.org/products/BIND/bind9.html
http://cert.uni-stuttgart.de/archive/bugtraq/2003/03/msg00075.html
http://www.cert.org/advisories/CA-2002-19.html
Risk factor : High
CVE : CAN-2002-0684
Nessus ID : 11318 |
| Warning |
domain (53/tcp) |
The remote name server allows recursive queries to be performed
by the host running nessusd.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as www.nessus.org).
This allows hackers to do cache poisoning attacks against this
nameserver.
If the host allows these recursive queries via UDP,
then the host can be used to 'bounce' Denial of Service attacks
against another network or system.
See also : http://www.cert.org/advisories/CA-1997-22.html
Solution : Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction
'allow-recursion' in the 'options' section of your named.conf
If you are using bind 9, you can define a grouping of internal addresses
using the 'acl' command
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
For more info on Bind 9 administration (to include recursion), see:
http://www.nominum.com/content/documents/bind9arm.pdf
If you are using another name server, consult its documentation.
Risk factor : Serious
CVE : CVE-1999-0024
BID : 678
Nessus ID : 10539 |
| Informational |
domain (53/tcp) |
A DNS server is running on this port. If you do not use it, disable it.
Risk factor : Low
Nessus ID : 11002 |
| Informational |
domain (53/tcp) |
BIND 'NAMED' is an open-source DNS server from ISC.org.
Many proprietary DNS servers are based on BIND source code.
The BIND based NAMED servers (or DNS servers) allow remote users
to query for version and type information. The query of the CHAOS
TXT record 'version.bind', will typically prompt the server to send
the information back to the querying source.
The remote bind version is : 9.2.1
Solution :
Using the 'version' directive in the 'options' section will block
the 'version.bind' query, but it will not log such attempts.
Nessus ID : 10028 |
| Warning |
kerberos-sec (88/tcp) |
The SSLv2 server offers 5 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
Nessus ID : 10863 |
| Informational |
kerberos-sec (88/tcp) |
A SSLv2 server answered on this port
Nessus ID : 10330 |
| Informational |
kerberos-sec (88/tcp) |
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=MY, ST=Kuala Lumpur, L=Malaysia, O=Mercu Maya Enterprise, CN=secure.mercumaya.net/emailAddress=sales@mercumaya.net
Validity
Not Before: Oct 30 07:07:26 2003 GMT
Not After : Oct 29 07:07:26 2004 GMT
Subject: C=MY, ST=Kuala Lumpur, L=Malaysia, O=Mercu Maya Enterprise, CN=secure.mercumaya.net/emailAddress=sales@mercumaya.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:da:25:e9:04:d4:41:ea:fc:dc:54:19:80:7c:44:
3c:6b:12:4a:8a:36:09:ec:78:5c:81:28:72:98:34:
bb:7b:40:32:cc:ac:a3:13:a7:7f:7a:7a:ce:3a:83:
5d:12:ce:5b:b1:05:ab:a4:c7:ac:f7:39:e6:74:5c:
a5:4e:14:9b:44:8a:ce:ff:71:02:34:b6:df:23:fc:
e3:cd:92:ed:87:bd:09:f0:7b:f6:33:fa:0e:52:63:
41:df:9c:5e:40:91:01:9c:fd:72:a7:f3:62:5a:a7:
85:49:f2:56:a5:62:df:19:12:20:5d:93:27:93:4f:
fa:47:87:6e:fb:dc:b5:c8:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:38:DC:9B:09:89:55:65:9A:73:D7:CB:A8:04:65:B4:89:DA:A3:14
X509v3 Authority Key Identifier:
keyid:9A:38:DC:9B:09:89:55:65:9A:73:D7:CB:A8:04:65:B4:89:DA:A3:14
DirName:/C=MY/ST=Kuala Lumpur/L=Malaysia/O=Mercu Maya Enterprise/CN=secure.mercumaya.net/emailAddress=sales@mercumaya.net
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
2e:2c:7a:0c:0d:62:6d:db:a4:01:14:36:97:7b:22:3a:19:d1:
f4:20:c9:4e:56:45:2f:20:b5:ae:51:e1:f2:ef:4c:e8:3b:0c:
af:62:65:f0:81:29:e8:12:7f:c3:e8:cf:2d:c1:69:35:09:0f:
9f:af:00:21:86:3a:1a:f6:86:f4:19:fd:96:a4:e0:1c:5f:99:
c8:0e:0b:d0:52:50:40:8a:ee:94:f4:c3:8b:a6:a4:48:45:f7:
b2:4f:bb:d0:12:cf:d4:02:a5:51:2f:19:5e:06:80:05:d9:0c:
db:63:a6:ef:b9:9b:8e:66:41:4e:25:42:7f:f8:87:67:db:36:
20:6c
Nessus ID : 10863 |
| Informational |
kerberos-sec (88/tcp) |
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
RC4-64-MD5
Nessus ID : 10863 |
| Informational |
kerberos-sec (88/tcp) |
This SSLv2 server also accepts SSLv3 connections.
This SSLv2 server also accepts TLSv1 connections.
Nessus ID : 10863 |
| Informational |
kerberos-sec (88/tcp) |
An unknown server is running on this port.
If you know what it is, please send this banner to the Nessus team:
00: 3c 62 6f 64 79 20 6f 6e 4c 6f 61 64 3d 22 74 6f <body onLoad="to
10: 70 2e 6c 6f 63 61 74 69 6f 6e 3d 27 2f 6c 6f 67 p.location='/log
20: 69 6e 2e 70 68 70 33 27 22 3e 3c 2f 62 6f 64 79 in.php3'"></body
30: 3e >
Nessus ID : 11154 |
| Vulnerability |
http (80/tcp) |
The remote host is running a copy of PHP-Nuke.
Given the insecurity history of this package, the Nessus
team recommands that you do not use it but
use something else instead, as security was clearly
not in the mind of the persons who wrote it.
The author of PHP-Nuke (Francisco Burzi) even started to rewrite
the program from scratch, given the huge number of vulnerabilities
(http://www.phpnuke.org/modules.php?name=News&file=article&sid=5640)
Solution : De-install this package and use something else
Risk factor : High
CVE : CAN-2001-0292, CAN-2001-0320, CAN-2001-0854, CAN-2001-0911, CAN-2001-1025, CAN-2002-0206, CAN-2002-0483, CAN-2002-1242
BID : 6446, 6465, 6503, 6750, 6887, 6890, 7031, 7060, 7078, 7079
Nessus ID : 11236 |
| Warning |
http (80/tcp) |
Your webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
If you are using Sun ONE Web Server releases 6.0 SP2 and later, add the
following to the default object section in obj.conf:
<Client method="TRACE">
AuthTrans fn="set-variable"
remove-headers="transfer-encoding"
set-headers="content-length: -1"
error="501"
</Client>
If you are using Sun ONE Web Server releases 6.0 SP2 or below, compile
the NSAPI plugin located at:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
http://www.kb.cert.org/vuls/id/867593
Risk factor : Medium
Nessus ID : 11213 |
| Warning |
http (80/tcp) |
The following files are calling the function phpinfo() which
disclose potentially sensitive information to the remote attacker :
/info.php
Solution : Delete them or restrict access to them
Risk factor : Low
Nessus ID : 11229 |
| Warning |
http (80/tcp) |
Some Web Servers use a file called /robot(s).txt to make search engines and
any other indexing tools visit their WebPages more frequently and
more efficiently.
By connecting to the server and requesting the /robot(s).txt file, an
attacker may gain additional information about the system they are
attacking.
Such information as, restricted directories, hidden directories, cgi script
directories and etc. Take special care not to tell the robots not to index
sensitive directories, since this tells attackers exactly which of your
directories are sensitive.
The file 'robots.txt' contains the following:
User-agent: *
Disallow: admin.php
Disallow: /admin/
Disallow: /images/
Disallow: /includes/
Disallow: /themes/
Disallow: /blocks/
Disallow: /modules/
Disallow: /language/
Risk factor : Medium
Nessus ID : 10302 |
| Informational |
http (80/tcp) |
A web server is running on this port
Nessus ID : 10330 |
| Informational |
http (80/tcp) |
The following directories were discovered:
/admin, /cgi-bin, /db, /download, /email, /icons, /images, /includes, /misc, /status, /themes, /blocks, /modules, /language
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Nessus ID : 11032 |
| Informational |
http (80/tcp) |
The remote web server type is :
Apache
and the 'ServerTokens' directive is ProductOnly
Apache does not permit to hide the server type.
Nessus ID : 10107 |
| Informational |
pop3 (110/tcp) |
A pop3 server is running on this port
Nessus ID : 10330 |
| Informational |
pop3pw (106/tcp) |
An unknown server is running on this port.
If you know what it is, please send this banner to the Nessus team:
00: 32 30 30 20 70 6f 70 70 61 73 73 64 20 68 65 6c 200 poppassd hel
10: 6c 6f 2c 20 77 68 6f 20 61 72 65 20 79 6f 75 3f lo, who are you?
20: 0d 0a 35 30 30 20 55 73 65 72 6e 61 6d 65 20 72 ..500 Username r
30: 65 71 75 69 72 65 64 2e 0d 0a equired...
Nessus ID : 11154 |
| Informational |
imap (143/tcp) |
An IMAP server is running on this port
Nessus ID : 10330 |
| Informational |
imap (143/tcp) |
The remote imap server banner is :
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE STARTTLS] Courier-IMAP ready. Copyright 1998-2003 Double Precision, Inc. See COPYING for distribution information.
Versions and types should be omitted where possible.
Change the imap banner to something generic.
Nessus ID : 11414 |
| Warning |
https (443/tcp) |
The SSLv2 server offers 5 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
Nessus ID : 10863 |
| Warning |
https (443/tcp) |
Your webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
If you are using Sun ONE Web Server releases 6.0 SP2 and later, add the
following to the default object section in obj.conf:
<Client method="TRACE">
AuthTrans fn="set-variable"
remove-headers="transfer-encoding"
set-headers="content-length: -1"
error="501"
</Client>
If you are using Sun ONE Web Server releases 6.0 SP2 or below, compile
the NSAPI plugin located at:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603
http://www.kb.cert.org/vuls/id/867593
Risk factor : Medium
Nessus ID : 11213 |
| Informational |
https (443/tcp) |
A SSLv2 server answered on this port
Nessus ID : 10330 |
| Informational |
https (443/tcp) |
A web server is running on this port through SSL
Nessus ID : 10330 |
| Informational |
https (443/tcp) |
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Virginia, L=Chantilly, O=Plesk, Inc., OU=Plesk, CN=plesk/emailAddress=info@plesk.com
Validity
Not Before: Sep 6 03:37:38 2003 GMT
Not After : Sep 5 03:37:38 2004 GMT
Subject: C=US, ST=Virginia, L=Chantilly, O=Plesk, Inc., OU=Plesk, CN=plesk/emailAddress=info@plesk.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:d7:10:3d:b6:97:6b:7e:62:73:be:f0:e3:af:0d:
af:71:e6:dd:5b:fb:94:92:f6:ad:4e:93:1d:1b:08:
0e:0b:7d:12:8e:ec:ab:cd:f2:4e:09:e2:96:a0:f1:
d2:f9:e7:9b:72:57:e8:f1:5a:9c:a1:3d:34:c3:57:
d3:46:8c:6c:bd:16:7e:7e:96:2d:e8:be:b5:13:7b:
47:19:a1:d0:55:85:bb:40:99:05:40:67:a8:60:4e:
c0:0b:ad:97:92:1f:72:78:e6:31:bf:42:33:84:75:
d6:35:14:5c:28:ad:1e:78:da:49:f2:9a:ae:3c:db:
40:28:df:69:18:65:ea:fd:0b:0c:27:26:da:97:49:
84:9b:d4:28:40:65:a1:a8:45:9d:42:45:b5:1c:2d:
e5:c5:cd:fa:ea:e4:9b:82:6f:ca:34:81:08:83:66:
60:fb:f0:c5:6d:49:96:6e:d9:7d:a7:74:22:79:3b:
d8:16:c5:ca:94:13:57:94:68:c5:d2:53:3e:c3:7a:
d5:bb:ea:58:56:6a:51:9a:a6:d9:6f:0e:eb:ec:95:
d7:24:06:21:5e:44:9d:16:41:01:20:41:04:aa:c9:
f4:21:a5:af:a6:28:e1:80:23:d5:6e:2c:fd:eb:6f:
07:b6:71:92:85:17:d5:64:96:71:ab:de:c8:0e:64:
17:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:D0:37:84:28:8D:71:6B:E3:F7:D8:B1:95:02:2F:ED:30:D4:E3:69
X509v3 Authority Key Identifier:
keyid:07:D0:37:84:28:8D:71:6B:E3:F7:D8:B1:95:02:2F:ED:30:D4:E3:69
DirName:/C=US/ST=Virginia/L=Chantilly/O=Plesk, Inc./OU=Plesk/CN=plesk/emailAddress=info@plesk.com
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
73:f0:7d:a7:97:4b:17:5c:39:bc:7e:9a:1e:fe:c6:a4:33:02:
f8:3e:d0:b9:6c:00:8a:32:0c:8b:be:72:c4:56:86:c9:79:46:
e9:8c:f6:35:22:a1:f5:ad:d4:c4:b0:88:08:7e:7b:2e:19:d4:
65:6d:2a:89:89:1b:41:2c:27:12:4f:cf:0c:f1:36:e0:26:09:
17:65:4e:8b:31:39:80:ec:fa:d7:42:c4:0e:90:a4:a5:83:b8:
14:ee:a5:e4:bc:90:6f:2d:42:1b:ed:4e:e7:eb:c5:50:bc:78:
0a:9f:c3:59:b3:d9:80:9e:70:b1:a3:2b:cb:d3:cd:ae:6f:37:
1b:e7:e2:34:7e:22:c0:ae:be:e1:2f:77:85:26:d5:bb:b7:b5:
cc:c2:a7:a3:1e:0a:db:dd:ec:85:58:2e:15:25:65:2d:9f:d1:
06:8b:00:df:f6:53:d4:99:11:1c:00:5a:a6:cb:29:0c:75:cf:
95:29:b1:06:b2:73:63:dc:96:82:0d:ca:80:bc:c7:85:f0:8f:
3b:e5:f3:f5:23:d5:81:5f:93:dc:25:54:69:92:58:cb:05:f4:
ea:1f:eb:d6:b5:5d:93:0e:3c:b4:69:95:29:05:b5:54:45:6b:
04:3c:30:1b:98:02:86:32:d1:0b:d5:a6:3e:d3:e2:fd:7f:91:
5e:59:ae:b8
Nessus ID : 10863 |
| Informational |
https (443/tcp) |
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
RC4-64-MD5
Nessus ID : 10863 |
| Informational |
https (443/tcp) |
This SSLv2 server also accepts SSLv3 connections.
This SSLv2 server also accepts TLSv1 connections.
Nessus ID : 10863 |
| Informational |
https (443/tcp) |
The remote web server type is :
Apache
and the 'ServerTokens' directive is ProductOnly
Apache does not permit to hide the server type.
Nessus ID : 10107 |
| Warning |
smtps (465/tcp) |
The SSLv2 server offers 5 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
Nessus ID : 10863 |
| Informational |
smtps (465/tcp) |
A SSLv2 server answered on this port
Nessus ID : 10330 |
| Informational |
smtps (465/tcp) |
An SMTP server is running on this port through SSL
Here is its banner :
220 web1.mercumaya.biz ESMTP
Nessus ID : 10330 |
| Informational |
smtps (465/tcp) |
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=MY, ST=Kuala Lumpur, L=Malaysia, O=Mercu Maya Enterprise, CN=secure.mercumaya.net/emailAddress=sales@mercumaya.net
Validity
Not Before: Oct 30 07:07:26 2003 GMT
Not After : Oct 29 07:07:26 2004 GMT
Subject: C=MY, ST=Kuala Lumpur, L=Malaysia, O=Mercu Maya Enterprise, CN=secure.mercumaya.net/emailAddress=sales@mercumaya.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:da:25:e9:04:d4:41:ea:fc:dc:54:19:80:7c:44:
3c:6b:12:4a:8a:36:09:ec:78:5c:81:28:72:98:34:
bb:7b:40:32:cc:ac:a3:13:a7:7f:7a:7a:ce:3a:83:
5d:12:ce:5b:b1:05:ab:a4:c7:ac:f7:39:e6:74:5c:
a5:4e:14:9b:44:8a:ce:ff:71:02:34:b6:df:23:fc:
e3:cd:92:ed:87:bd:09:f0:7b:f6:33:fa:0e:52:63:
41:df:9c:5e:40:91:01:9c:fd:72:a7:f3:62:5a:a7:
85:49:f2:56:a5:62:df:19:12:20:5d:93:27:93:4f:
fa:47:87:6e:fb:dc:b5:c8:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:38:DC:9B:09:89:55:65:9A:73:D7:CB:A8:04:65:B4:89:DA:A3:14
X509v3 Authority Key Identifier:
keyid:9A:38:DC:9B:09:89:55:65:9A:73:D7:CB:A8:04:65:B4:89:DA:A3:14
DirName:/C=MY/ST=Kuala Lumpur/L=Malaysia/O=Mercu Maya Enterprise/CN=secure.mercumaya.net/emailAddress=sales@mercumaya.net
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
2e:2c:7a:0c:0d:62:6d:db:a4:01:14:36:97:7b:22:3a:19:d1:
f4:20:c9:4e:56:45:2f:20:b5:ae:51:e1:f2:ef:4c:e8:3b:0c:
af:62:65:f0:81:29:e8:12:7f:c3:e8:cf:2d:c1:69:35:09:0f:
9f:af:00:21:86:3a:1a:f6:86:f4:19:fd:96:a4:e0:1c:5f:99:
c8:0e:0b:d0:52:50:40:8a:ee:94:f4:c3:8b:a6:a4:48:45:f7:
b2:4f:bb:d0:12:cf:d4:02:a5:51:2f:19:5e:06:80:05:d9:0c:
db:63:a6:ef:b9:9b:8e:66:41:4e:25:42:7f:f8:87:67:db:36:
20:6c
Nessus ID : 10863 |
| Informational |
smtps (465/tcp) |
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
RC4-64-MD5
Nessus ID : 10863 |
| Informational |
smtps (465/tcp) |
This SSLv2 server also accepts SSLv3 connections.
This SSLv2 server also accepts TLSv1 connections.
Nessus ID : 10863 |
| Informational |
smtps (465/tcp) |
smtpscan was not able to reliably identify this server. It might be:
Qmail 1.0.3
The fingerprint differs from these known signatures on 2 point(s)
Nessus ID : 11421 |
| Warning |
pop3s (995/tcp) |
The SSLv2 server offers 5 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
Nessus ID : 10863 |
| Informational |
pop3s (995/tcp) |
A SSLv2 server answered on this port
Nessus ID : 10330 |
| Informational |
pop3s (995/tcp) |
A pop3 server is running on this port
Nessus ID : 10330 |
| Informational |
pop3s (995/tcp) |
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=NY, L=New York, O=Courier Mail Server, OU=Automatically-generated POP3 SSL key, CN=localhost/emailAddress=postmaster@example.com
Validity
Not Before: Sep 6 03:37:05 2003 GMT
Not After : Sep 5 03:37:05 2004 GMT
Subject: C=US, ST=NY, L=New York, O=Courier Mail Server, OU=Automatically-generated POP3 SSL key, CN=localhost/emailAddress=postmaster@example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:bc:8a:c2:35:e0:3f:69:d3:46:36:7b:8f:89:a2:
2e:06:57:e4:cf:67:92:ae:30:13:b7:89:d2:40:e7:
5c:29:02:45:84:8b:7a:41:49:66:90:d8:e9:98:01:
9e:bd:c8:db:48:df:a9:03:e1:9c:ea:4f:c0:ff:e6:
78:4b:d5:af:53:82:6d:35:6c:49:8d:5b:2f:bd:f3:
9f:59:ef:1f:83:79:e6:62:d9:50:73:b9:b8:a3:ac:
eb:72:d4:14:67:9a:95:95:dc:66:35:5c:1c:73:45:
a8:44:6b:89:30:48:90:61:b2:32:82:fb:bc:83:8d:
c0:a9:3f:77:8a:d7:d5:cd:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Cert Type:
SSL Server
Signature Algorithm: md5WithRSAEncryption
88:bf:10:07:b7:13:06:d1:2f:28:88:50:1a:41:33:37:f9:d5:
04:ff:cc:d0:6f:c1:68:c0:5f:7f:32:44:ae:07:79:aa:19:94:
96:64:7d:e8:2f:34:28:29:e7:6c:e9:26:fd:38:31:bc:a0:16:
3b:16:2a:17:12:e3:15:26:fa:0f:c3:01:d5:3e:5d:77:00:fb:
e3:82:12:cc:75:9a:50:33:9f:4f:37:d4:35:82:04:1a:fb:31:
a6:b3:da:6f:90:1f:96:f7:04:bf:a3:15:65:82:da:e7:1c:5a:
8e:ee:02:2c:70:61:e0:62:0e:49:53:e9:34:c3:49:62:6f:e9:
54:11
Nessus ID : 10863 |
| Informational |
pop3s (995/tcp) |
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
RC4-64-MD5
Nessus ID : 10863 |
| Informational |
pop3s (995/tcp) |
This SSLv2 server also accepts SSLv3 connections.
This SSLv2 server also accepts TLSv1 connections.
Nessus ID : 10863 |
| Warning |
imaps (993/tcp) |
The SSLv2 server offers 5 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
Nessus ID : 10863 |
| Informational |
imaps (993/tcp) |
A SSLv2 server answered on this port
Nessus ID : 10330 |
| Informational |
imaps (993/tcp) |
An IMAP server is running on this port through SSL
Nessus ID : 10330 |
| Informational |
imaps (993/tcp) |
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=NY, L=New York, O=Courier Mail Server, OU=Automatically-generated IMAP SSL key, CN=localhost/emailAddress=postmaster@example.com
Validity
Not Before: Sep 6 03:37:05 2003 GMT
Not After : Sep 5 03:37:05 2004 GMT
Subject: C=US, ST=NY, L=New York, O=Courier Mail Server, OU=Automatically-generated IMAP SSL key, CN=localhost/emailAddress=postmaster@example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:da:f0:c7:39:79:fa:3f:b1:f0:b8:e3:91:8e:eb:
72:61:a7:56:d6:40:19:c9:ab:4d:65:38:de:2b:53:
bd:e0:f4:cc:a3:38:90:84:22:79:62:8f:29:de:cd:
d4:1e:4c:1c:72:30:5d:d4:93:a1:96:5f:ec:7f:8a:
01:8a:16:19:75:49:13:50:08:10:7a:a0:6b:51:00:
37:ce:65:08:16:4d:d3:c4:b3:cc:98:e0:d2:13:30:
d4:8a:86:b5:a4:ef:c5:f9:63:06:a8:5b:51:7e:a5:
43:d0:ae:2b:cd:61:a2:51:51:2c:1d:df:fd:00:4a:
50:49:cc:83:2e:ee:a1:cb:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Cert Type:
SSL Server
Signature Algorithm: md5WithRSAEncryption
79:27:5d:92:97:53:8d:fd:f0:03:76:0f:5a:98:ed:b7:8c:48:
02:10:c7:6f:0b:2a:40:e2:50:44:26:8a:09:02:8f:5f:ef:24:
fc:32:f6:d1:45:a7:35:e8:98:6d:68:32:cd:7d:78:9d:ba:93:
c4:3c:b7:5d:3b:29:7f:a3:a2:49:8e:89:8d:6f:0f:98:5a:da:
63:00:4f:48:3c:22:90:48:ff:7e:28:ba:5d:45:34:28:2b:b1:
66:0e:50:58:5c:20:6a:cc:a2:49:15:e7:ef:4b:bf:95:d0:d7:
7a:83:0e:cd:de:1e:d9:95:4f:23:94:11:23:c4:96:db:72:d6:
3e:d0
Nessus ID : 10863 |
| Informational |
imaps (993/tcp) |
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
RC4-64-MD5
Nessus ID : 10863 |
| Informational |
imaps (993/tcp) |
This SSLv2 server also accepts SSLv3 connections.
This SSLv2 server also accepts TLSv1 connections.
Nessus ID : 10863 |
| Informational |
imaps (993/tcp) |
The remote imap server banner is :
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN] Courier-IMAP ready. Copyright 1998-2003 Double Precision, Inc. See COPYING for distribution information.
Versions and types should be omitted where possible.
Change the imap banner to something generic.
Nessus ID : 11414 |
| Informational |
mysql (3306/tcp) |
An unknown service is running on this port.
It is usually reserved for MySQL
Nessus ID : 10330 |
| Informational |
mysql (3306/tcp) |
Remote MySQL version : 3.23.58
Nessus ID : 10719 |
| Warning |
x11 (6000/tcp) |
This X server does *not* allow any client to connect to it
however it is recommended that you filter incoming connections
to this port as attacker may send garbage data and slow down
your X session or even kill the server.
Here is the server version : 11.0
Here is the message we received : No protocol specified
Solution : filter incoming connections to ports 6000-6009
Risk factor : Low
CVE : CVE-1999-0526
Nessus ID : 10407 |
| Warning |
https-alt (8443/tcp) |
The SSLv2 server offers 5 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
Nessus ID : 10863 |
| Informational |
https-alt (8443/tcp) |
A SSLv2 server answered on this port
Nessus ID : 10330 |
| Informational |
https-alt (8443/tcp) |
Here is the SSLv2 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=MY, ST=Kuala Lumpur, L=Malaysia, O=Mercu Maya Enterprise, CN=secure.mercumaya.net/emailAddress=sales@mercumaya.net
Validity
Not Before: Oct 30 07:07:26 2003 GMT
Not After : Oct 29 07:07:26 2004 GMT
Subject: C=MY, ST=Kuala Lumpur, L=Malaysia, O=Mercu Maya Enterprise, CN=secure.mercumaya.net/emailAddress=sales@mercumaya.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:da:25:e9:04:d4:41:ea:fc:dc:54:19:80:7c:44:
3c:6b:12:4a:8a:36:09:ec:78:5c:81:28:72:98:34:
bb:7b:40:32:cc:ac:a3:13:a7:7f:7a:7a:ce:3a:83:
5d:12:ce:5b:b1:05:ab:a4:c7:ac:f7:39:e6:74:5c:
a5:4e:14:9b:44:8a:ce:ff:71:02:34:b6:df:23:fc:
e3:cd:92:ed:87:bd:09:f0:7b:f6:33:fa:0e:52:63:
41:df:9c:5e:40:91:01:9c:fd:72:a7:f3:62:5a:a7:
85:49:f2:56:a5:62:df:19:12:20:5d:93:27:93:4f:
fa:47:87:6e:fb:dc:b5:c8:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:38:DC:9B:09:89:55:65:9A:73:D7:CB:A8:04:65:B4:89:DA:A3:14
X509v3 Authority Key Identifier:
keyid:9A:38:DC:9B:09:89:55:65:9A:73:D7:CB:A8:04:65:B4:89:DA:A3:14
DirName:/C=MY/ST=Kuala Lumpur/L=Malaysia/O=Mercu Maya Enterprise/CN=secure.mercumaya.net/emailAddress=sales@mercumaya.net
serial:00
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
2e:2c:7a:0c:0d:62:6d:db:a4:01:14:36:97:7b:22:3a:19:d1:
f4:20:c9:4e:56:45:2f:20:b5:ae:51:e1:f2:ef:4c:e8:3b:0c:
af:62:65:f0:81:29:e8:12:7f:c3:e8:cf:2d:c1:69:35:09:0f:
9f:af:00:21:86:3a:1a:f6:86:f4:19:fd:96:a4:e0:1c:5f:99:
c8:0e:0b:d0:52:50:40:8a:ee:94:f4:c3:8b:a6:a4:48:45:f7:
b2:4f:bb:d0:12:cf:d4:02:a5:51:2f:19:5e:06:80:05:d9:0c:
db:63:a6:ef:b9:9b:8e:66:41:4e:25:42:7f:f8:87:67:db:36:
20:6c
Nessus ID : 10863 |
| Informational |
https-alt (8443/tcp) |
Here is the list of available SSLv2 ciphers:
RC4-MD5
EXP-RC4-MD5
RC2-CBC-MD5
EXP-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC3-MD5
RC4-64-MD5
Nessus ID : 10863 |
| Informational |
https-alt (8443/tcp) |
This SSLv2 server also accepts SSLv3 connections.
This SSLv2 server also accepts TLSv1 connections.
Nessus ID : 10863 |
| Informational |
https-alt (8443/tcp) |
An unknown server is running on this port.
If you know what it is, please send this banner to the Nessus team:
00: 3c 62 6f 64 79 20 6f 6e 4c 6f 61 64 3d 22 74 6f <body onLoad="to
10: 70 2e 6c 6f 63 61 74 69 6f 6e 3d 27 2f 6c 6f 67 p.location='/log
20: 69 6e 2e 70 68 70 33 27 22 3e 3c 2f 62 6f 64 79 in.php3'"></body
30: 3e >
Nessus ID : 11154 |
| Informational |
domain (53/udp) |
A DNS server is running on this port. If you do not use it, disable it.
Risk factor : Low
Nessus ID : 11002 |
| Informational |
general/udp |
For your information, here is the traceroute to 202.157.182.101 :
219.95.10.97
219.93.218.177
219.93.217.113
210.187.132.98
203.106.206.173
202.188.126.137
203.106.205.38
202.75.32.2
202.157.182.101
Nessus ID : 10287 |
| Warning |
general/tcp |
The remote host does not discard TCP SYN packets which
have the FIN flag set.
Depending on the kind of firewall you are using, an
attacker may use this flaw to bypass its rules.
See also : http://archives.neohapsis.com/archives/bugtraq/2002-10/0266.html
http://www.kb.cert.org/vuls/id/464113
Solution : Contact your vendor for a patch
Risk factor : Medium
BID : 7487
Nessus ID : 11618 |
| Warning |
general/icmp |
The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based authentication protocols.
Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
Nessus ID : 10114 |