Your Company System Detail - April 2011

Reference:
YC 201135
System 192.168.1.53 ( http://sql2.manc.yourcompany.com )   SANS
Criticality
Scan Type Enterprise
Start Date 13-Apr-11 11:54
End Date 13-Apr-11 12:54
Customer Ref
Groups EMEA, Microsoft
Contact E-mail Role
cuthbert@yourcompany.com Systems Architect

Ports: 2 (High:2 Low:0)

  Port Protocol Service Details  
  1433 tcp ms-sql-s No banner found  
  1434 udp mssql Response Received  

Vulnerabilities: 4 (High:1 Medium:3 Low:0)

Vulnerability 90027 High Risk Ports Open High Risk
Description The following high risk ports are open: 
PORT      SERVICE
1433/tcp  ms-sql-s
1434/udp  mssql
It is generally not recommended to expose these ports to the internet as they may be used as attack vectors. If access to these services from remote sites is required, tunnelling or a VPN would be recommended instead of exposing these ports.

Note: Even if the ports are immediately closed after being opened, this is still a security risk as packets are reaching the destination host. It is recommended to completely drop packets from untrusted sources instead. 

Solution Ensure that the ports are filtered by your router or firewall or close the ports on the affected systems. 
Category Hosting or infrastructure flaw.
CVE Reference CVE-MAP-NOMATCH CVSS2 6.4 (Medium) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
First Found 13 November 2010 Port general Last 6 Months

Vulnerability 11299 MySQL < 3.23.55 Multiple Vulnerabilities   SANS Medium Risk
Description This system is running a vulnerable version of MySQL, according to its banner. Insufficient permissions checking related to the "select into outfile" SQL command allows a database user to escalate their priviliges to root. There is also a double free vulnerability that allows a database user to crash the service. A "database user" could be a remote attacker who has valid database credentials. 
Solution Upgrade to an unaffected version, or apply a patch. 
CVE References CVE-2003-0150 CVSS2 9.0 (High) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
  CVE-2003-0073 CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
First Found 13 November 2010 Port 1434/udp Last 6 Months

Vulnerability 11378 MySQL < 3.23.56 Privilege Escalation   SANS Medium Risk
Description This system is running a vulnerable version of MySQL, according to its banner. There is insufficient permissions checking in code related to the "select into outfile" SQL command. A database user could use this to overwrite configuration files and escalate privileges. 
Solution Upgrade to an unaffected version, or apply a patch. 
Category Hosting or infrastructure flaw.
References Bugtraq ID 7052   
CVE Reference CVE-2003-0150 CVSS2 9.0 (High) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
First Found 13 December 2010 Port 1434/udp Last 6 Months

Vulnerability 11842 MySQL < 3.23.58, 4.0.15 Password Overflow   SANS Medium Risk
Description This system is running a vulnerable version of MySQL, according to its banner. There is a buffer overrun vulnerability in code related to passwords. A database user could use this to crash the service and take control of the system, by changing their password to a carefully crafted value. 
Solution Upgrade to an unaffected version, or apply a patch. 
References Bugtraq ID 8590   
CVE Reference CVE-2003-0780 CVSS2 9.0 (High) (AV:N/AC:L/Au:S/C:C/I:C/A:C)
First Found 13 February 2011 Port 1434/udp Last 6 Months


Historical Information

Scans by Westpoint Ltd