New ReportSave Report

April 23, 2008

1.0  Introduction

On September 8, 2006, at 3:00 PM, a heavy vulnerability assessment was conducted using the SAINT® 6.7.3 vulnerability scanner. The scan discovered a total of five live hosts, and detected 40 critical problems, 90 areas of concern, and 109 potential problems. The hosts and problems detected are discussed in greater detail in the following sections.

2.0  Summary

The following vulnerability severity levels are used to categorize the vulnerabilities:

CRITICAL PROBLEMS
Vulnerabilities which pose an immediate threat to the network by allowing a remote attacker to directly gain read or write access, execute commands on the target, or create a denial of service.

AREAS OF CONCERN
Vulnerabilities which do not directly allow remote access, but do allow privilege elevation attacks, attacks on other targets using the vulnerable host as an intermediary, or gathering of passwords or configuration information which could be used to plan an attack.

POTENTIAL PROBLEMS
Warnings which may or may not be vulnerabilities, depending upon the patch level or configuration of the target. Further investigation on the part of the system administrator may be necessary.

SERVICES
Network services which accept client connections on a given TCP or UDP port. This is simply a count of network services, and does not imply that the service is or is not vulnerable.

The sections below summarize the results of the scan.

2.1  Vulnerabilities by Severity

This section shows the overall number of vulnerabilities and services detected at each severity level.

2.2  Hosts by Severity

This section shows the overall number of hosts detected at each severity level. The severity level of a host is defined as the highest vulnerability severity level detected on that host.

2.3  Vulnerabilities by Class

This section shows the number of vulnerabilities detected in each of the following classes.


Class Description
Web Vulnerabilities in web servers, CGI programs, and any other software offering an HTTP interface
Mail Vulnerabilities in SMTP, IMAP, POP, or web-based mail services
File Transfer Vulnerabilities in FTP and TFTP services
Login/Shell Vulnerabilities in ssh, telnet, rlogin, rsh, or rexec services
Print Services Vulnerabilities in lpd and other print daemons
RPC Vulnerabilities in Remote Procedure Call services
DNS Vulnerabilities in Domain Name Services
Databases Vulnerabilities in database services
Networking/SNMP Vulnerabilities in routers, switches, firewalls, or any SNMP service
Windows OS Missing hotfixes or vulnerabilities in the registry or SMB shares
Passwords Missing or easily guessed user passwords
Other Any vulnerability which does not fit into one of the above classes


2.4  Vulnerabilities by Subnet

This section shows the number of vulnerabilities detected at each severity level for each subnet that was scanned.




2.5  Hosts by Subnet

This section shows the overall number of hosts detected at each severity level for each subnet that was scanned. The severity level of a host is defined as the highest vulnerability severity level detected on that host.




2.6  Vulnerabilities per Class by Subnet

This section shows the overall number of vulnerabilities detected in each vulnerability class for each subnet that was scanned.

172.16.0

172.16.1

3.0  Overview

The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained therein.

3.1  Host List

This table presents an overview of the hosts discovered on the network.


Host Name Netbios Name IP Address Host Type Critical Problems Areas of Concern Potential Problems
host1.domain.com HOST1 172.16.0.1 Windows 2000 SP1 21 30 36
host2.domain.com HOST2 172.16.1.2 Windows Server 2003 8 29 31
host3.domain.com   172.16.1.3 SunOS 5.6 11 4 17
host4.domain.com HOST4 172.16.1.4 Windows XP SP2 0 20 19
host5.domain.com   172.16.1.5 Linux 2.4.0 - 2.5.20 0 7 6

3.2  Vulnerability List

This table presents an overview of the vulnerabilities detected on the network.


Host Name Severity Vulnerability / Service Class CVE Exploit Available?
host1.domain.com critical Download.Ject detected on web server Other   no
host1.domain.com critical Guessed password to windows account (foobar:foobar) Passwords   no
host1.domain.com critical MS FrontPage Server Extension Vulnerability: /_vti_bin/shtml.dll Web CVE-2003-0824 no
host1.domain.com critical MS FrontPage Server Extension Vulnerability: remote debug Web CVE-2003-0822 yes
host1.domain.com critical Folder traversal in IIS (Double Decoding) Web CVE-2001-0333 yes
host1.domain.com critical Folder traversal in IIS (Unicode Translation) Web CVE-2000-0884 yes
host1.domain.com critical vulnerabilities in IIS 5 Web CVE-2000-0770 CVE-2001-0151 CVE-2001-0241 CVE-2001-0500 CVE-2001-0507 CVE-2002-0869 CVE-2002-1180 CVE-2002-1181 CVE-2002-1182 CVE-2003-0223 CVE-2003-0224 CVE-2003-0225 CVE-2003-0226 yes
host1.domain.com critical MailEnable HTTPMail vulnerability Mail CVE-2005-1348 CVE-2005-2222 CVE-2006-1338 yes
host1.domain.com critical MS Site Server default account Other CVE-2002-1769 CVE-2002-2073 CVE-2002-2081 no
host1.domain.com critical vulnerability in Windows Media Services (nsiislog.dll) Web CVE-2003-0227 CVE-2003-0349 no
host1.domain.com critical Windows Plug and Play vulnerability Windows OS CVE-2005-1983 yes
host1.domain.com critical RPC runtime library vulnerability Windows OS CVE-2003-0807 CVE-2003-0813 CVE-2004-0116 CVE-2004-0124 no
host1.domain.com critical Windows 2000 ASN1 buffer overflow Windows OS CVE-2003-0818 no
host1.domain.com critical Windows 2000 RPC buffer overflow Windows OS CVE-2003-0352 yes
host1.domain.com critical Windows COM+ command execution vulnerability Windows OS CVE-2005-1978 CVE-2005-1979 CVE-2005-1980 CVE-2005-2119 no
host1.domain.com critical Windows SMB Transaction response buffer overflow Windows OS CVE-2005-0045 no
host1.domain.com critical Windows SMB input validation vulnerability Windows OS CVE-2005-1206 no
host1.domain.com critical Windows TCP/IP vulnerabilities Windows OS CVE-2004-0230 CVE-2004-0790 CVE-2004-1060 CVE-2005-0048 CVE-2005-0688 no
host1.domain.com critical Windows WMF gdi32.dll vulnerability Windows OS CVE-2005-4560 yes
host1.domain.com critical pointer corruption vulnerability in WINS replication service Windows OS CVE-2004-0567 CVE-2004-1080 yes
host1.domain.com critical Worm detected (Code Red II) Other   no
host1.domain.com concern Web server allows cross-site tracing Web   no
host1.domain.com concern Windows DNS server allows cache poisoning DNS CVE-2001-1452 no
host1.domain.com concern Internet Explorer COM object memory corruption Windows OS CVE-2005-2127 no
host1.domain.com concern Internet Explorer Create Text Range code injection Windows OS CVE-2006-1185 CVE-2006-1186 CVE-2006-1188 CVE-2006-1189 CVE-2006-1190 CVE-2006-1191 CVE-2006-1192 CVE-2006-1245 CVE-2006-1359 CVE-2006-1388 yes
host1.domain.com concern Internet Explorer JPEG buffer overflow Windows OS CVE-2005-1988 CVE-2005-1989 CVE-2005-1990 yes
host1.domain.com concern Internet Explorer JS stack overflow Windows OS CVE-2006-0753 CVE-2006-0830 no
host1.domain.com concern Internet Explorer JavaScript vulnerability Windows OS CVE-2005-1790 CVE-2005-2829 CVE-2005-2830 CVE-2005-2831 yes
host1.domain.com concern Internet Explorer PNG buffer overflow Windows OS CVE-2002-0648 CVE-2005-1211 no
host1.domain.com concern Internet Explorer URL parsing buffer overflow Windows OS CVE-2005-0553 CVE-2005-0554 CVE-2005-0555 yes
host1.domain.com concern Internet Explorer WMF handling vulnerability Windows OS CVE-2006-0020 no
host1.domain.com concern vulnerability in License Logging Service Windows OS CVE-2005-0050 no
host1.domain.com concern AxWebRemoveCtrl ActiveX control enabled Web CVE-2005-3693 no
host1.domain.com concern CodeSupport ActiveX control enabled Web CVE-2005-3650 no
host1.domain.com concern null session access using alternate pipes Windows OS CVE-2005-2150 no
host1.domain.com concern Windows Plug and Play privilege elevation Windows OS CVE-2005-2120 no
host1.domain.com concern Run key allows write access Windows OS CVE-1999-0589 no
host1.domain.com concern Uninstall key allows write access Windows OS CVE-1999-0589 no
host1.domain.com concern Windows telephony service vulnerability Windows OS CVE-2005-0058 yes
host1.domain.com concern DirectShow buffer overflow Windows OS CVE-2005-2128 no
host1.domain.com concern HTML Application Host vulnerability in Windows shell Windows OS CVE-2005-0063 no
host1.domain.com concern Microsoft Color Management Module buffer overflow Windows OS CVE-2005-1219 yes
host1.domain.com concern Microsoft Data Access Component vulnerability Windows OS CVE-2006-0003 yes
host1.domain.com concern Windows DHTML Editing Component vulnerability Windows OS CVE-2004-1319 no
host1.domain.com concern Windows Explorer COM object command execution Windows OS CVE-2004-2289 CVE-2006-0012 no
host1.domain.com concern Windows Hyperlink Object Library buffer overflow Windows OS CVE-2005-0057 no
host1.domain.com concern Windows Kernel privilege elevation vulnerability Windows OS CVE-2005-2827 no
host1.domain.com concern Windows Media Player plug-in EMBED vulnerability Windows OS CVE-2006-0005 yes
host1.domain.com concern Windows Web Fonts vulnerability Windows OS CVE-2006-0010 no
host1.domain.com concern Windows shortcut file command execution Windows OS CVE-2005-2117 CVE-2005-2118 CVE-2005-2122 no
host1.domain.com concern vulnerable WinZip version: 8.0 Other CVE-2001-0449 CVE-2004-1465 no
host1.domain.com potential guessable read community string Networking/SNMP CVE-1999-0516 CVE-1999-0517 no
host1.domain.com potential Internet Explorer Shell.Explorer object enabled Windows OS CVE-2004-0985 no
host1.domain.com potential Javaprxy.dll access through Internet Explorer Windows OS CVE-2005-2087 yes
host1.domain.com potential last user name shown in login box Windows OS CVE-1999-0592 no
host1.domain.com potential MailEnable Enterprise 1.04 may be vulnerable Mail CVE-2005-1013 CVE-2005-1781 CVE-2005-2223 yes
host1.domain.com potential possible vulnerability in MailEnable Enterprise IMAP 1.04 Mail CVE-2005-1014 CVE-2005-1015 CVE-2005-2278 CVE-2005-3155 CVE-2005-3690 CVE-2005-3691 CVE-2005-3813 CVE-2005-3993 CVE-2005-4402 CVE-2005-4456 CVE-2005-4457 CVE-2006-0504 yes
host1.domain.com potential possible vulnerability in MailEnable Enterprise POP3 1.04 Mail CVE-2006-1337 no
host1.domain.com potential possible vulnerability in MailEnable POP3 0 Mail   no
host1.domain.com potential excessive null session access Windows OS CVE-2000-1200 no
host1.domain.com potential Possible ODBC RDS Vulnerability Web CVE-1999-1011 CVE-2002-1142 no
host1.domain.com potential chargen could be used in UDP bomb Networking/SNMP CVE-1999-0103 no
host1.domain.com potential pop receives password in clear Mail   no
host1.domain.com potential possible vulnerability in PPTP service Other CVE-2002-1214 no
host1.domain.com potential SNMP is enabled and may be vulnerable Networking/SNMP CVE-1999-0615 CVE-2002-0012 CVE-2002-0013 CVE-2002-0053 CVE-2002-0796 CVE-2002-0797 no
host1.domain.com potential TCP reset using approximate sequence number Other CVE-2004-0230 no
host1.domain.com potential password complexity policy disabled Windows OS CVE-1999-0535 no
host1.domain.com potential weak account lockout policy (0) Windows OS CVE-1999-0582 no
host1.domain.com potential weak minimum password age policy (0 days) Windows OS CVE-1999-0535 no
host1.domain.com potential weak minimum password length policy (0) Windows OS CVE-1999-0535 no
host1.domain.com potential weak password history policy (0) Windows OS CVE-1999-0535 no
host1.domain.com potential non-administrative users can act as part of the operating system Windows OS CVE-1999-0534 no
host1.domain.com potential non-administrative users can bypass traverse checking Windows OS CVE-1999-0534 no
host1.domain.com potential non-administrative users can create token object Windows OS CVE-1999-0534 no
host1.domain.com potential auditing is disabled Windows OS CVE-1999-0575 no
host1.domain.com potential Password never expires for user LDAP_Anonymous Windows OS   no
host1.domain.com potential Password never expires for user foobar Windows OS   no
host1.domain.com potential Client Service for Netware vulnerability Windows OS CVE-2005-1985 no
host1.domain.com potential Collaboration Data Objects vulnerability Windows OS CVE-2005-1987 no
host1.domain.com potential FTP Client vulnerability Windows OS CVE-2005-2126 no
host1.domain.com potential Jet Database Engine input validation problems Windows OS CVE-2005-0944 yes
host1.domain.com potential Microsoft Agent spoofing vulnerability Windows OS CVE-2005-1214 no
host1.domain.com potential Network Connection Manager vulnerability Windows OS CVE-2005-2307 no
host1.domain.com potential Win2000 SP2 Security Rollup 1 not installed Windows OS CVE-1999-0662 no
host1.domain.com potential Windows 2000 SP4 Update Rollup 1 not applied Windows OS CVE-2005-3168 CVE-2005-3169 CVE-2005-3170 CVE-2005-3171 CVE-2005-3172 CVE-2005-3173 CVE-2005-3174 CVE-2005-3175 CVE-2005-3176 CVE-2005-3177 no
host1.domain.com potential Windows Media Player URL script execution Windows OS CVE-2003-1107 no
host1.domain.com potential potential vulnerability in WINS Windows OS CVE-2003-0825 no
host2.domain.com critical Guessed password to windows account (foobar:foobar) Passwords   no
host2.domain.com critical Windows print spooler vulnerability Print Services CVE-2005-1984 no
host2.domain.com critical RPC runtime library vulnerability Windows OS CVE-2003-0807 CVE-2003-0813 CVE-2004-0116 CVE-2004-0124 no
host2.domain.com critical Win2003 RPC buffer overflow Windows OS CVE-2003-0352 yes
host2.domain.com critical Windows SMB Transaction response buffer overflow Windows OS CVE-2005-0045 no
host2.domain.com critical Windows SMB input validation vulnerability Windows OS CVE-2005-1206 no
host2.domain.com critical Windows TCP/IP vulnerabilities Windows OS CVE-2004-0230 CVE-2004-0790 CVE-2004-1060 CVE-2005-0048 CVE-2005-0688 no
host2.domain.com critical Windows WMF gdi32.dll vulnerability Windows OS CVE-2005-4560 yes
host2.domain.com concern Internet Explorer COM object memory corruption Windows OS CVE-2005-2127 no
host2.domain.com concern Internet Explorer Create Text Range code injection Windows OS CVE-2006-1185 CVE-2006-1186 CVE-2006-1188 CVE-2006-1189 CVE-2006-1190 CVE-2006-1191 CVE-2006-1192 CVE-2006-1245 CVE-2006-1359 CVE-2006-1388 yes
host2.domain.com concern Internet Explorer JPEG buffer overflow Windows OS CVE-2005-1988 CVE-2005-1989 CVE-2005-1990 yes
host2.domain.com concern Internet Explorer JS stack overflow Windows OS CVE-2006-0753 CVE-2006-0830 no
host2.domain.com concern Internet Explorer JavaScript vulnerability Windows OS CVE-2005-1790 CVE-2005-2829 CVE-2005-2830 CVE-2005-2831 yes
host2.domain.com concern Internet Explorer PNG buffer overflow Windows OS CVE-2002-0648 CVE-2005-1211 no
host2.domain.com concern Internet Explorer URL parsing buffer overflow Windows OS CVE-2005-0553 CVE-2005-0554 CVE-2005-0555 yes
host2.domain.com concern Outlook Express Windows Address Book vulnerability Mail CVE-2006-0014 no
host2.domain.com concern CodeSupport ActiveX control enabled Web CVE-2005-3650 no
host2.domain.com concern Sunncomm ActiveX control enabled Web   no
host2.domain.com concern Windows Plug and Play vulnerability Windows OS CVE-2005-1983 yes
host2.domain.com concern Run key allows write access Windows OS CVE-1999-0589 no
host2.domain.com concern Uninstall key allows write access Windows OS CVE-1999-0589 no
host2.domain.com concern DACL privilege elevation Windows OS CVE-2006-0023 no
host2.domain.com concern DirectShow buffer overflow Windows OS CVE-2005-2128 no
host2.domain.com concern Microsoft Color Management Module buffer overflow Windows OS CVE-2005-1219 yes
host2.domain.com concern Microsoft Data Access Component vulnerability Windows OS CVE-2006-0003 yes
host2.domain.com concern Windows COM+ command execution vulnerability Windows OS CVE-2005-1978 CVE-2005-1979 CVE-2005-1980 CVE-2005-2119 no
host2.domain.com concern Windows EMF/WMF image file vulnerability Windows OS CVE-2005-0803 CVE-2005-2123 CVE-2005-2124 no
host2.domain.com concern Windows Explorer COM object command execution Windows OS CVE-2004-2289 CVE-2006-0012 no
host2.domain.com concern Windows HTML Help integer overflow Windows OS CVE-2005-1208 no
host2.domain.com concern Windows Hyperlink Object Library buffer overflow Windows OS CVE-2005-0057 no
host2.domain.com concern Windows Media Player PNG image vulnerability Windows OS CVE-2004-1244 no
host2.domain.com concern Windows Media Player bmp buffer overflow Windows OS CVE-2006-0006 no
host2.domain.com concern Windows Media Player plug-in EMBED vulnerability Windows OS CVE-2006-0005 yes
host2.domain.com concern Windows OLE input validation vulnerability Windows OS CVE-2005-0044 CVE-2005-0047 no
host2.domain.com concern Windows Web Fonts vulnerability Windows OS CVE-2006-0010 no
host2.domain.com concern Windows shortcut file command execution Windows OS CVE-2005-2117 CVE-2005-2118 CVE-2005-2122 no
host2.domain.com concern Windows telnet client session variable disclosure Windows OS CVE-2005-1205 no
host2.domain.com potential Internet Explorer ADODB.Stream object enabled Windows OS   no
host2.domain.com potential Internet Explorer Shell.Explorer object enabled Windows OS CVE-2004-0985 no
host2.domain.com potential Javaprxy.dll access through Internet Explorer Windows OS CVE-2005-2087 yes
host2.domain.com potential last user name shown in login box Windows OS CVE-1999-0592 no
host2.domain.com potential Outlook Express NNTP buffer overflow Mail CVE-2005-1213 yes
host2.domain.com potential User newuser has never logged in Windows OS   no
host2.domain.com potential password complexity policy disabled Windows OS CVE-1999-0535 no
host2.domain.com potential weak account lockout policy (0) Windows OS CVE-1999-0582 no
host2.domain.com potential weak minimum password age policy (0 days) Windows OS CVE-1999-0535 no
host2.domain.com potential weak minimum password length policy (0) Windows OS CVE-1999-0535 no
host2.domain.com potential weak password history policy (0) Windows OS CVE-1999-0535 no
host2.domain.com potential non-administrative users can bypass traverse checking Windows OS CVE-1999-0534 no
host2.domain.com potential non-administrative users can replace a process level token Windows OS CVE-1999-0534 no
host2.domain.com potential account management auditing disabled Windows OS CVE-1999-0575 no
host2.domain.com potential account management failure auditing disabled