Your Company System Detail - April 2011

Reference:
YC 201135
System 192.168.0.101 ( http://www.yourcompany.com )   NEW
Criticality
Scan Type Enterprise
Start Date 13-Apr-11 11:54
End Date 13-Apr-11 12:54
Customer Ref
Groups US, Unix
Contact E-mail Role
janebloggs@yourcompany.com business

Ports: 12 (High:2 Low:10)

  Port Protocol Service Details  
 NEW 7 tcp echo pingtest  
 NEW 13 tcp daytime 13 APR 2011 11:55:06 BST  
 NEW 19 tcp chargen )*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQR  
 NEW 20 tcp ftp 220 ProFTPD 1.2.1 Server [192.168.0.101]  
 NEW 25 tcp smtp 220 unhardened.example.com ESMTP Sendmail 8.12.8/8.12.8; Wed, 13 Apr 2011 11:54:20 +0100  
 NEW 80 tcp http Apache/1.3.26 (Unix) (Technologue/Linux) mod_ssl/2.8.10 OpenSSL/0.9.6 PHP/4.0.6  
 NEW 111 tcp sunrpc 9 services found  
 NEW 7 udp echo pingtest  
 NEW 13 udp daytime 13 APR 2011 11:55:06 BST  
 NEW 19 udp chargen ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh  
 NEW 111 udp portmap 9 services found  
 NEW 123 udp ntp system="Linux2.4.18-27.7.x", statum=2  

Vulnerabilities: 2 (High:1 Medium:0 Low:1)

Vulnerability 90027 High Risk Ports Open   NEW High Risk
Description The following high risk ports are open: 
PORT      SERVICE
111/udp   portmap
111/tcp   sunrpc
It is generally not recommended to expose these ports to the internet as they may be used as attack vectors. If access to these services from remote sites is required, tunnelling or a VPN would be recommended instead of exposing these ports.

Note: Even if the ports are immediately closed after being opened, this is still a security risk as packets are reaching the destination host. It is recommended to completely drop packets from untrusted sources instead. 

Solution Ensure that the ports are filtered by your router or firewall or close the ports on the affected systems. 
Category Hosting or infrastructure flaw.
CVE Reference CVE-MAP-NOMATCH CVSS2 6.4 (Medium) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
First Found 13 April 2011 Port general Last 6 Months

Vulnerability 10884 NTP Information Leakage   NEW Low Risk
Description This system is running an NTP server that responds to information requests. A remote attacker could use this to extract information about the system, e.g. operating system, upstream NTP server and detailed clock information. 
Solution Configure ntpd to ignore information requests. Alternatively, use a firewall to restrict NTP to trusted addresses. 
Category Hosting or infrastructure flaw.
CVE Reference CVE-MAP-NOMATCH CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
First Found 13 April 2011 Port 123/udp Last 6 Months


Historical Information

Scans by Westpoint Ltd