Your Company Fixed Vulnerability Descriptions - April 2011

Reference:
YC 201135
Sub-Report:
Unix
AllNewFixed [Selected] Stoplist

Show Category: 
Filter by CVE or Vulnerability Id:      

Expand / collapse allCollapse Details   Collapse Systems

Collapse   Vulnerability 90027High Risk Ports OpenCollapse  1 SystemHigh Risk
DescriptionThe following high risk ports are open: 
[For specific url or description click server link below.]
It is generally not recommended to expose these ports to the internet as they may be used as attack vectors. If access to these services from remote sites is required, tunnelling or a VPN would be recommended instead of exposing these ports.

Note: Even if the ports are immediately closed after being opened, this is still a security risk as packets are reaching the destination host. It is recommended to completely drop packets from untrusted sources instead. 

SolutionEnsure that the ports are filtered by your router or firewall or close the ports on the affected systems. 
CategoryHosting or infrastructure flaw.
CVE ReferenceCVE-MAP-NOMATCHCVSS2 6.4 (Medium) (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Systemswww.yourcompany.net (192.168.0.102)    

Collapse   Vulnerability 11793Apache < 1.3.28 Multiple flaws   SANSCollapse  1 SystemMedium Risk
DescriptionAccording to its banner, this web server is running a version of Apache older than 1.3.28. This version contains fixes for multiple minor denial of service flaws. Although these are not exploitable in all configurations, it is recommended that you upgrade to the latest version. 
SolutionUpgrade to an unaffected version. 
CategoryHosting or infrastructure flaw.
ReferencesApache Announcement   
CVE References CVE-2002-0061CVSS2 7.5 (High) (AV:N/AC:L/Au:N/C:P/I:P/A:P)
  CVE-2003-0460CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Systemswww.yourcompany.net (192.168.0.102)    

Collapse   Vulnerability 10736DCE Services EnumerationCollapse  1 SystemMedium Risk
DescriptionIt is possible for any remote user to connect to port 135 on this host and enumerate the available DCE services. The information leaked is relatively low risk, although an attacker could use it to focus their strategy. However, the vulnerability is more worrying because it shows that Windows file sharing (NetBIOS) is accessible over the internet, which is considered unwise.
[For specific url or description click server link below.]
 
SolutionUse a firewall to restrict access to Windows file sharing ports to trusted addresses. 
CategoryHosting or infrastructure flaw.
CVE ReferenceCVE-MAP-NOMATCHCVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Systemswww.yourcompany.net (192.168.0.102)    

Collapse   Vulnerability 10114ICMP Timestamp RequestCollapse  1 SystemLow Risk
DescriptionThis system responds to ICMP timestamp requests. A remote attacker could use such requests to determine the exact date and time on the system. This information could be used in attacks against time-based authentication protocols. 
SolutionEither disable timestamp replies, or filter them at your firewall. 
CVE Reference CVE-1999-0524CVSS2 .0 (Low) (AV:L/AC:L/Au:N/C:N/I:N/A:N)
Systemswww.example.com (192.168.0.112)    

Collapse   Vulnerability 12279QPopper <= 4.0.5 User Names Information LeakageCollapse  1 SystemLow Risk
DescriptionAccording to its banner, this host is running a vulnerable version of QPopper. These versions return a different error message on failed login, depending on whether the user name exists. An attacker can use this to enumerate users - the starting point for a password guessing attack. 
SolutionNo patch is currently available. You must either accept this risk or choose another POP3 server. 
ReferencesBugtraq ID 7110   
CVE Reference CVE-2001-1068CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Systemswww.yourcompany.co.uk (192.168.0.100)    

Scans by Westpoint Ltd