|
 | 作者: guzhu [guzhu]
 论坛用户 |
登录 |
| 安全漏洞及解决方案: xx.xxx.xxx.xx 类型 端口/服务 安全漏洞及解决方案 "提示 unknown (1433/tcp) Maybe the ""Microsoft-SQL-Server"" service running on this port." NESSUS_ID : 10330 提示 unknown (1433/tcp) Microsoft SQL server is running on this port. You should never let any unauthorized users establish connections to this service. Solution: Block this port from outside communication Risk factor : Medium CVE_ID : CAN-1999-0652 NESSUS_ID : 10144 漏洞 www (80/tcp) The remote WebDAV server may be vulnerable to a buffer overflow when it receives a too long request. An attacker may use this flaw to execute arbitrary code within the LocalSystem security context. "*** As safe checks are enabled, Nessus did not actually test for this" "*** flaw, so this might be a false positive" Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx Risk Factor : High CVE_ID : CAN-2003-0109 BUGTRAQ_ID : 7116 NESSUS_ID : 11412 Other references : IAVA:2003-A-0005 警告 www (80/tcp) CGI漏洞: http://xx.xxx.xxx.xx/_vti_pvt 输入查看反回:您无权查看该网页 HTTP 错误 403 - 禁止访问 警告 www (80/tcp) CGI漏洞: http://xx.xxx.xxx.xx/scripts 输入查看反回:您无权查看该网页 HTTP 错误 403 - 禁止访问 提示 www (80/tcp) A web server is running on this port NESSUS_ID : 10330 提示 www (80/tcp) The remote web server type is : Microsoft-IIS/5.0 Solution : You can use urlscan to change reported server for IIS. NESSUS_ID : 10107 "提示 unknown (443/tcp) Maybe the ""HttpS, Secure HTTP"" service running on this port." NESSUS_ID : 10330 "提示 ftp (21/tcp) Maybe the ""ftp"" service running on this port." NESSUS_ID : 10330 "提示 unknown (3389/tcp) Maybe the ""Windows Terminal Services"" service running on this port." NESSUS_ID : 10330 警告 unknown (135/tcp) Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Solution : filter incoming traffic to this port. Risk factor : Low NESSUS_ID : 10736 "提示 unknown (135/tcp) Maybe the ""Location Service"" service running on this port." NESSUS_ID : 10330 "提示 unknown (445/tcp) Maybe the ""Microsoft-DS"" service running on this port." NESSUS_ID : 10330 警告 cifs (445/tcp) The host Security Identifier (SID) can be obtained remotely. Its value is : QT2353WG-SA2ASJ : 5-21-448539723-362288127-1801674531 An attacker can use it to obtain the list of the local users of this host Solution : filter the ports 137-139 and 445 Risk factor : Low CVE_ID : CVE-2000-1200 BUGTRAQ_ID : 959 NESSUS_ID : 10859 警告 cifs (445/tcp) The host SID could be used to enumerate the names of the local users of this host. (we only enumerated users name whose ID is between 1000 and 1200 for performance reasons) "This gives extra knowledge to an attacker, which" is not a good thing : - Administrator account name : Administrator (id 500) - Guest account name : Guest (id 501) - TsInternetUser (id 1000) - IUSR_QT2353WG-SA2ASJ (id 1001) - IWAM_QT2353WG-SA2ASJ (id 1002) - ASPNET (id 1003) - pptplayer (id 1004) Risk factor : Medium Solution : filter incoming connections this port CVE_ID : CVE-2000-1200 BUGTRAQ_ID : 959 NESSUS_ID : 10860 警告 cifs (445/tcp) The following local accounts have never changed their password : Guest TsInternetUser IUSR_QT2353WG-SA2ASJ IWAM_QT2353WG-SA2ASJ ASPNET pptplayer "To minimize the risk of break-in, users should" change their password regularly NESSUS_ID : 10914 提示 cifs (445/tcp) A CIFS server is running on this port NESSUS_ID : 11011 提示 cifs (445/tcp) It was possible to log into the remote host using a NULL session. The concept of a NULL session is to provide a null username and "a null password, which grants the user the 'guest' access" "To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and" Q246261 (Windows 2000). "Note that this won't completely disable null sessions, but will " prevent them from connecting to IPC$ Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html All the smb tests will be done as ''/'' "CVE_ID : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222, CAN-1999-0505, CAN-2002-1117" "BUGTRAQ_ID : 494, 990" NESSUS_ID : 10394 提示 DCE/1ff70682-0a51-30e8-076d-740be8cee98b (1028/tcp) Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Here is the list of DCE services running on this port: "UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1" Endpoint: ncacn_ip_tcp:xx.xxx.xxx.xx[1028] "UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1" Endpoint: ncacn_ip_tcp:xx.xxx.xxx.xx[1028] Solution : filter incoming traffic to this port. Risk Factor : Low NESSUS_ID : 10736 提示 DCE/82ad4280-036b-11cf-972c-00aa006887b0 (1030/tcp) Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Here is the list of DCE services running on this port: "UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2" Endpoint: ncacn_ip_tcp:xx.xxx.xxx.xx[1030] Solution : filter incoming traffic to this port. Risk Factor : Low NESSUS_ID : 10736 提示 unknown (1025/udp) Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Here is the list of DCE services running on this port: "UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1" Endpoint: ncadg_ip_udp:xx.xxx.xxx.xx[1025] Annotation: Messenger Service Solution : filter incoming traffic to this port. Risk Factor : Low NESSUS_ID : 10736 提示 tcp The remote host is running Microsoft Windows 2000 Server NESSUS_ID : 11936 漏洞 mssql (1433/tcp) The remote MS SQL server is vulnerable to the Hello overflow. An attacker may use this flaw to execute commands against "the remote host as LOCAL/SYSTEM, as well as read your database content. " *** This alert might be a false positive. Solution : Install Microsoft Patch Q316333 at http://support.microsoft.com/default.aspx?scid=kb en-us Q316333 sd=tech or disable the Microsoft SQL Server service or use a firewall to protect the MS SQL port (1433). Risk factor : High CVE_ID : CAN-2002-1123 BUGTRAQ_ID : 5411 NESSUS_ID : 11067 Other references : IAVA:2002-B-0007 在一个没有联入INTERNET的LAN内扫的,()扫描工具是X-SCAN的命令行版我的机器是ME,因为没有NET USER所以我想溢出应该也没有什么利用的办法(本机无法用HTTP访问,所以iget.vbs也没办法利用了),我试着溢出过几个SERV-U FTP但都没有成功,难道M也无法进行溢出? 有没有什么办法可以使ME也可以用NET USER命令? 根据以上的漏洞,如果我想得到对方机控制权限,怎样做最简单?如果你是我你会怎么做? |
| 地主 发表时间: 04-04-09 14:56 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 菜鸟乐园 标题: 一份详尽的扫描报告!