Nelly 24zwym

Nessus ReportNessus Scan Report

29/May/2014:13:15:52

Nessus Home: Commercial use of the report is prohibitedAny time Nessus is used in a commercial environment you MUST maintain an activesubscription to the Nessus Feed in order to be compliant with our license agreement:http://www.tenable.com/products/nessus

Table Of ContentsHosts Summary (Executive).................................................................................................3

172.30.34.145..............................................................................................................................................................4

Vulnerabilities By Host......................................................................................................... 5172.30.34.145..............................................................................................................................................................6

Vulnerabilities By Plugin.....................................................................................................1570658 (1) - SSH Server CBC Mode Ciphers Enabled............................................................................................. 1671049 (1) - SSH Weak MAC Algorithms Enabled....................................................................................................1710114 (1) - ICMP Timestamp Request Remote Date Disclosure.............................................................................1810267 (1) - SSH Server Type and Version Information........................................................................................... 1910287 (1) - Traceroute Information...........................................................................................................................2010881 (1) - SSH Protocol Versions Supported.........................................................................................................2111219 (1) - Nessus SYN scanner.............................................................................................................................2211936 (1) - OS Identification.....................................................................................................................................2319506 (1) - Nessus Scan Information.......................................................................................................................2422964 (1) - Service Detection...................................................................................................................................2525220 (1) - TCP/IP Timestamps Supported............................................................................................................. 2635716 (1) - Ethernet Card Manufacturer Detection.................................................................................................. 2739520 (1) - Backported Security Patch Detection (SSH)......................................................................................... 2845590 (1) - Common Platform Enumeration (CPE)..................................................................................................2954615 (1) - Device Type...........................................................................................................................................3070657 (1) - SSH Algorithms and Languages Supported..........................................................................................31

Hosts Summary (Executive)

4172.30.34.145Summary

Critical High Medium Low Info Total

0 0 0 2 14 16

DetailsSeverity Plugin Id Name

Low (2.6) 70658 SSH Server CBC Mode Ciphers Enabled

Low (2.6) 71049 SSH Weak MAC Algorithms Enabled

Info 10114 ICMP Timestamp Request Remote Date Disclosure

Info 10267 SSH Server Type and Version Information

Info 10287 Traceroute Information

Info 10881 SSH Protocol Versions Supported

Info 11219 Nessus SYN scanner

Info 11936 OS Identification

Info 19506 Nessus Scan Information

Info 22964 Service Detection

Info 25220 TCP/IP Timestamps Supported

Info 35716 Ethernet Card Manufacturer Detection

Info 39520 Backported Security Patch Detection (SSH)

Info 45590 Common Platform Enumeration (CPE)

Info 54615 Device Type

Info 70657 SSH Algorithms and Languages Supported

Vulnerabilities By Host

6172.30.34.145Scan Information

Start time: Thu May 29 13:11:47 2014

End time: Thu May 29 13:15:51 2014

Host InformationIP: 172.30.34.145

MAC Address: ac:16:2d:02:a8:12

OS: Linux Kernel 3.2, Linux Kernel 3.3

Results SummaryCritical High Medium Low Info Total

0 0 0 2 14 16

Results Details0/icmp10114 - ICMP Timestamp Request Remote Date DisclosureSynopsis

It is possible to determine the exact time set on the remote host.Description

The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set onthe targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authenticationprotocols.Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, butusually within 1000 seconds of the actual system time.

SolutionFilter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Risk FactorNone

ReferencesCVE CVE-1999-0524

XREF OSVDB:94

XREF CWE:200

Plugin Information:Publication date: 1999/08/01, Modification date: 2012/06/18

Portsicmp/0

The difference between the local and remote clocks is -2 seconds.

0/tcp25220 - TCP/IP Timestamps SupportedSynopsis

The remote service implements TCP timestamps.Description

The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptimeof the remote host can sometimes be computed.

See Alsohttp://www.ietf.org/rfc/rfc1323.txt

7Solutionn/a

Risk FactorNone


Portstcp/035716 - Ethernet Card Manufacturer DetectionSynopsis

The manufacturer can be deduced from the Ethernet OUI.Description

Each ethernet MAC address starts with a 24-bit 'Organizationally Unique Identifier'.These OUI are registered by IEEE.

See Alsohttp://standards.ieee.org/faqs/OUI.html

http://standards.ieee.org/regauth/oui/index.shtml

Solutionn/a

Risk FactorNone


Portstcp/0

The following card manufacturers were identified :

ac:16:2d:02:a8:12 : Hewlett Packard

11936 - OS IdentificationSynopsis

It is possible to guess the remote operating system.Description

Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name ofthe remote operating system in use. It is also sometimes possible to guess the version of the operating system.

Solutionn/a

Risk FactorNone


Portstcp/0

Remote operating system : Linux Kernel 3.2Linux Kernel 3.3Confidence Level : 59Method : SinFP

8The remote host is running one of these operating systems : Linux Kernel 3.2Linux Kernel 3.3

45590 - Common Platform Enumeration (CPE)Synopsis

It is possible to enumerate CPE names that matched on the remote system.Description

By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matchesfor various hardware and software products found on a host.Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on theinformation available from the scan.

See Alsohttp://cpe.mitre.org/

Solutionn/a

Risk FactorNone


Portstcp/0

The remote operating system matched the following CPE's :

cpe:/o:linux:linux_kernel:3.2 cpe:/o:linux:linux_kernel:3.3

Following application CPE matched on the remote system :

cpe:/a:openbsd:openssh:5.3 -> OpenBSD OpenSSH 5.3

54615 - Device TypeSynopsis

It is possible to guess the remote device type.Description

Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,router, general-purpose computer, etc).

Solutionn/a

Risk FactorNone


Portstcp/0

Remote device type : general-purposeConfidence level : 59

19506 - Nessus Scan InformationSynopsis

Information about the Nessus scan.

DescriptionThis script displays, for each tested host, information about the scan itself :- The version of the plugin set

9- The type of scanner (Nessus or Nessus Home)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel

Solutionn/a

Risk FactorNone


Portstcp/0

Information about this scan :

Nessus version : 5.2.6Plugin feed version : 201405291715Scanner edition used : Nessus HomeScan policy used : davidScanner IP : 172.30.34.184Port scanner(s) : nessus_syn_scanner Port range : defaultThorough tests : noExperimental tests : noParanoia level : 1Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : disabledWeb application tests : disabledMax hosts : 80Max checks : 5Recv timeout : 5Backports : DetectedAllow post-scan editing: YesScan Start Date : 2014/5/29 13:11Scan duration : 244 sec

0/udp10287 - Traceroute InformationSynopsis

It was possible to obtain traceroute information.Description

Makes a traceroute to the remote host.

Solutionn/a

Risk FactorNone


Portsudp/0

For your information, here is the traceroute from 172.30.34.184 to 172.30.34.145 : 172.30.34.184

10

172.30.34.145

22/tcp71049 - SSH Weak MAC Algorithms EnabledSynopsis

SSH is configured to allow MD5 and 96-bit MAC algorithms.Description

The SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.Note that this plugin only checks for the options of the SSH server and does not check for vulnerable softwareversions.

SolutionContact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.

Risk FactorLow

CVSS Base Score2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)


Portstcp/22

The following client-to-server Method Authentication Code (MAC) algorithmsare supported :

hmac-md5 hmac-md5-96 hmac-sha1-96

The following server-to-client Method Authentication Code (MAC) algorithmsare supported :


70658 - SSH Server CBC Mode Ciphers EnabledSynopsis

The SSH server is configured to use Cipher Block Chaining.Description

The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker torecover the plaintext message from the ciphertext.Note that this plugin only checks for the options of the SSH server and does not check for vulnerable softwareversions.

SolutionContact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR orGCM cipher mode encryption.

Risk FactorLow


CVSS Temporal Score2.3 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

ReferencesBID 32319

11

CVE CVE-2008-5161

XREF OSVDB:50035

XREF OSVDB:50036

XREF CERT:958563

XREF CWE:200


Portstcp/22

The following client-to-server Cipher Block Chaining (CBC) algorithmsare supported :

3des-cbc aes128-cbc aes192-cbc aes256-cbc blowfish-cbc cast128-cbc [email protected]

The following server-to-client Cipher Block Chaining (CBC) algorithmsare supported :


11219 - Nessus SYN scannerSynopsis

It is possible to determine which TCP ports are open.Description

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

SolutionProtect your target with an IP filter.

Risk FactorNone


Portstcp/22

Port 22/tcp was found to be open

22964 - Service DetectionSynopsis

The remote service could be identified.

DescriptionIt was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.

12

Solutionn/a

Risk FactorNone


Portstcp/22

An SSH server is running on this port.

10267 - SSH Server Type and Version InformationSynopsis

An SSH server is listening on this port.Description

It is possible to obtain information about the remote SSH server by sending an empty authentication request.Solution

n/aRisk Factor

None


Portstcp/22

SSH version : SSH-2.0-OpenSSH_5.3SSH supported authentication : publickey,gssapi-keyex,gssapi-with-mic,password

70657 - SSH Algorithms and Languages SupportedSynopsis


This script detects which algorithms and languages are supported by the remote service for encryptingcommunications.

Solutionn/a

Risk FactorNone


Portstcp/22

Nessus negotiated the following encryption algorithm with the server : aes128-cbc

The server supports the following options for kex_algorithms :

diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1

The server supports the following options for server_host_key_algorithms :

ssh-dss

13

ssh-rsa

The server supports the following options for encryption_algorithms_client_to_server :

3des-cbc aes128-cbc aes128-ctr aes192-cbc aes192-ctr aes256-cbc aes256-ctr arcfour arcfour128 arcfour256 blowfish-cbc cast128-cbc [email protected]

The server supports the following options for encryption_algorithms_server_to_client :


The server supports the following options for mac_algorithms_client_to_server :

hmac-md5 hmac-md5-96 hmac-ripemd160 [email protected] hmac-sha1 hmac-sha1-96 [email protected]

The server supports the following options for mac_algorithms_server_to_client :


The server supports the following options for compression_algorithms_client_to_server :

none

[email protected]

The server supports the following options for compression_algorithms_server_to_client :

none

[email protected]

10881 - SSH Protocol Versions SupportedSynopsis

A SSH server is running on the remote host.Description

This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.Solution

n/a

14

Risk FactorNone


Portstcp/22

The remote SSH daemon supports the following versions of theSSH protocol :

- 1.99 - 2.0

SSHv2 host key fingerprint : 3f:a8:cf:b6:0b:55:f1:90:cb:be:b5:16:e7:d5:b3:36

39520 - Backported Security Patch Detection (SSH)Synopsis

Security patches are backported.Description

Security patches may have been 'backported' to the remote SSH server without changing its version number.Banner-based checks have been disabled to avoid false positives.Note that this test is informational only and does not denote any security problem.

See Alsohttp://www.nessus.org/u?d636c8c7

Solutionn/a

Risk FactorNone


Portstcp/22

Give Nessus credentials to perform local checks.

Vulnerabilities By Plugin

16

70658 (1) - SSH Server CBC Mode Ciphers EnabledSynopsis

The SSH server is configured to use Cipher Block Chaining.Description

The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker torecover the plaintext message from the ciphertext.Note that this plugin only checks for the options of the SSH server and does not check for vulnerable softwareversions.

SolutionContact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR orGCM cipher mode encryption.

Risk FactorLow


CVSS Temporal Score2.3 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

ReferencesBID 32319

CVE CVE-2008-5161

XREF OSVDB:50035

XREF OSVDB:50036

XREF CERT:958563

XREF CWE:200


Hosts172.30.34.145 (tcp/22)

The following client-to-server Cipher Block Chaining (CBC) algorithmsare supported :


The following server-to-client Cipher Block Chaining (CBC) algorithmsare supported :


17

71049 (1) - SSH Weak MAC Algorithms EnabledSynopsis

SSH is configured to allow MD5 and 96-bit MAC algorithms.Description

The SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.Note that this plugin only checks for the options of the SSH server and does not check for vulnerable softwareversions.

SolutionContact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.

Risk FactorLow



Hosts172.30.34.145 (tcp/22)

The following client-to-server Method Authentication Code (MAC) algorithmsare supported :


The following server-to-client Method Authentication Code (MAC) algorithmsare supported :


18

10114 (1) - ICMP Timestamp Request Remote Date DisclosureSynopsis

It is possible to determine the exact time set on the remote host.Description

The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set onthe targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authenticationprotocols.Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, butusually within 1000 seconds of the actual system time.

SolutionFilter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Risk FactorNone

ReferencesCVE CVE-1999-0524

XREF OSVDB:94

XREF CWE:200


Hosts172.30.34.145 (icmp/0)

The difference between the local and remote clocks is -2 seconds.

19

10267 (1) - SSH Server Type and Version InformationSynopsis


It is possible to obtain information about the remote SSH server by sending an empty authentication request.Solution

n/aRisk Factor

None


Hosts172.30.34.145 (tcp/22)

SSH version : SSH-2.0-OpenSSH_5.3SSH supported authentication : publickey,gssapi-keyex,gssapi-with-mic,password

20

10287 (1) - Traceroute InformationSynopsis

It was possible to obtain traceroute information.Description

Makes a traceroute to the remote host.

Solutionn/a

Risk FactorNone


Hosts172.30.34.145 (udp/0)

For your information, here is the traceroute from 172.30.34.184 to 172.30.34.145 : 172.30.34.184172.30.34.145

21

10881 (1) - SSH Protocol Versions SupportedSynopsis

A SSH server is running on the remote host.Description

This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.Solution

n/aRisk Factor

None


Hosts172.30.34.145 (tcp/22)

The remote SSH daemon supports the following versions of theSSH protocol :

- 1.99 - 2.0

SSHv2 host key fingerprint : 3f:a8:cf:b6:0b:55:f1:90:cb:be:b5:16:e7:d5:b3:36

22

11219 (1) - Nessus SYN scannerSynopsis

It is possible to determine which TCP ports are open.Description

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might causeproblems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

SolutionProtect your target with an IP filter.

Risk FactorNone


Hosts172.30.34.145 (tcp/22)

Port 22/tcp was found to be open

23

11936 (1) - OS IdentificationSynopsis

It is possible to guess the remote operating system.Description

Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it is possible to guess the name ofthe remote operating system in use. It is also sometimes possible to guess the version of the operating system.

Solutionn/a

Risk FactorNone


Hosts172.30.34.145 (tcp/0)

Remote operating system : Linux Kernel 3.2Linux Kernel 3.3Confidence Level : 59Method : SinFP

The remote host is running one of these operating systems : Linux Kernel 3.2Linux Kernel 3.3

24

19506 (1) - Nessus Scan InformationSynopsis

Information about the Nessus scan.

DescriptionThis script displays, for each tested host, information about the scan itself :- The version of the plugin set- The type of scanner (Nessus or Nessus Home)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel

Solutionn/a

Risk FactorNone


Hosts172.30.34.145 (tcp/0)

Information about this scan :

Nessus version : 5.2.6Plugin feed version : 201405291715Scanner edition used : Nessus HomeScan policy used : davidScanner IP : 172.30.34.184Port scanner(s) : nessus_syn_scanner Port range : defaultThorough tests : noExperimental tests : noParanoia level : 1Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : disabledWeb application tests : disabledMax hosts : 80Max checks : 5Recv timeout : 5Backports : DetectedAllow post-scan editing: YesScan Start Date : 2014/5/29 13:11Scan duration : 244 sec

25

22964 (1) - Service DetectionSynopsis

The remote service could be identified.

DescriptionIt was possible to identify the remote service by its banner or by looking at the error message it sends when it receivesan HTTP request.

Solutionn/a

Risk FactorNone


Hosts172.30.34.145 (tcp/22)

An SSH server is running on this port.

26

25220 (1) - TCP/IP Timestamps SupportedSynopsis

The remote service implements TCP timestamps.Description

The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptimeof the remote host can sometimes be computed.

See Alsohttp://www.ietf.org/rfc/rfc1323.txt

Solutionn/a

Risk FactorNone


Hosts172.30.34.145 (tcp/0)

27

35716 (1) - Ethernet Card Manufacturer DetectionSynopsis

The manufacturer can be deduced from the Ethernet OUI.Description

Each ethernet MAC address starts with a 24-bit 'Organizationally Unique Identifier'.These OUI are registered by IEEE.

See Alsohttp://standards.ieee.org/faqs/OUI.html

http://standards.ieee.org/regauth/oui/index.shtml

Solutionn/a

Risk FactorNone


Hosts172.30.34.145 (tcp/0)

The following card manufacturers were identified :

ac:16:2d:02:a8:12 : Hewlett Packard

28

39520 (1) - Backported Security Patch Detection (SSH)Synopsis

Security patches are backported.Description

Security patches may have been 'backported' to the remote SSH server without changing its version number.Banner-based checks have been disabled to avoid false positives.Note that this test is informational only and does not denote any security problem.

See Alsohttp://www.nessus.org/u?d636c8c7

Solutionn/a

Risk FactorNone


Hosts172.30.34.145 (tcp/22)

Give Nessus credentials to perform local checks.

29

45590 (1) - Common Platform Enumeration (CPE)Synopsis

It is possible to enumerate CPE names that matched on the remote system.Description

By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matchesfor various hardware and software products found on a host.Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on theinformation available from the scan.

See Alsohttp://cpe.mitre.org/

Solutionn/a

Risk FactorNone


Hosts172.30.34.145 (tcp/0)

The remote operating system matched the following CPE's :

cpe:/o:linux:linux_kernel:3.2 cpe:/o:linux:linux_kernel:3.3

Following application CPE matched on the remote system :

cpe:/a:openbsd:openssh:5.3 -> OpenBSD OpenSSH 5.3

30

54615 (1) - Device TypeSynopsis

It is possible to guess the remote device type.Description

Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,router, general-purpose computer, etc).

Solutionn/a

Risk FactorNone


Hosts172.30.34.145 (tcp/0)

Remote device type : general-purposeConfidence level : 59

31

70657 (1) - SSH Algorithms and Languages SupportedSynopsis


This script detects which algorithms and languages are supported by the remote service for encryptingcommunications.

Solutionn/a

Risk FactorNone


Hosts172.30.34.145 (tcp/22)

Nessus negotiated the following encryption algorithm with the server : aes128-cbc

The server supports the following options for kex_algorithms :

diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1

The server supports the following options for server_host_key_algorithms :

ssh-dss ssh-rsa

The server supports the following options for encryption_algorithms_client_to_server :


The server supports the following options for encryption_algorithms_server_to_client :


The server supports the following options for mac_algorithms_client_to_server :

hmac-md5 hmac-md5-96

32

hmac-ripemd160 [email protected] hmac-sha1 hmac-sha1-96 [email protected]

The server supports the following options for mac_algorithms_server_to_client :


The server supports the following options for compression_algorithms_client_to_server :

none

[email protected]

The server supports the following options for compression_algorithms_server_to_client :

none

[email protected]

Table Of ContentsHosts Summary (Executive)172.30.34.145

Vulnerabilities By Host172.30.34.145

Vulnerabilities By Plugin70658 (1) - SSH Server CBC Mode Ciphers Enabled71049 (1) - SSH Weak MAC Algorithms Enabled10114 (1) - ICMP Timestamp Request Remote Date Disclosure10267 (1) - SSH Server Type and Version Information10287 (1) - Traceroute Information10881 (1) - SSH Protocol Versions Supported11219 (1) - Nessus SYN scanner11936 (1) - OS Identification19506 (1) - Nessus Scan Information22964 (1) - Service Detection25220 (1) - TCP/IP Timestamps Supported35716 (1) - Ethernet Card Manufacturer Detection39520 (1) - Backported Security Patch Detection (SSH)45590 (1) - Common Platform Enumeration (CPE)54615 (1) - Device Type70657 (1) - SSH Algorithms and Languages Supported

Nelly 24zwym

Documents

Transcript of Nelly 24zwym