New ReportSave Report

April 23, 2008

1.0  Introduction

On September 8, 2006, at 3:00 PM, a heavy vulnerability assessment was conducted using the SAINT® 6.7.3 vulnerability scanner. The scan discovered a total of five live hosts, and detected 40 critical problems, 90 areas of concern, and 109 potential problems. The hosts and problems detected are discussed in greater detail in the following sections.

2.0  Summary

The following vulnerability severity levels are used to categorize the vulnerabilities:

CRITICAL PROBLEMS
Vulnerabilities which pose an immediate threat to the network by allowing a remote attacker to directly gain read or write access, execute commands on the target, or create a denial of service.

AREAS OF CONCERN
Vulnerabilities which do not directly allow remote access, but do allow privilege elevation attacks, attacks on other targets using the vulnerable host as an intermediary, or gathering of passwords or configuration information which could be used to plan an attack.

POTENTIAL PROBLEMS
Warnings which may or may not be vulnerabilities, depending upon the patch level or configuration of the target. Further investigation on the part of the system administrator may be necessary.

SERVICES
Network services which accept client connections on a given TCP or UDP port. This is simply a count of network services, and does not imply that the service is or is not vulnerable.

The following host and vulnerability status categories are used to categorize the hosts and vulnerabilities across data sets for trend analysis:

NEW
Present in the current scan but none of the previous scans.

REMOVED
Present in a previous scan but not the current scan.

PREEXISTING (or REMAINING)
Present in the current scan and also the preceding scan.

REINTRODUCED
Present in the current scan and a previous scan, but not the scan preceding the current scan.

The sections below summarize the results of the scan.

2.1  Status of Current Vulnerabilities
Includes critical problems, areas of concern, and potential problems.

2.2  Status of Old Vulnerabilities
Includes critical problems, areas of concern, and potential problems.

2.3  Status of All Vulnerabilities
Includes critical problems, areas of concern, and potential problems.

2.4  Vulnerability Status by Severity



2.5  Vulnerability History



2.6  Host History



2.7  History of Vulnerabilities by Class

This section shows the number of vulnerabilities detected per scan in each of the following classes.


Class Description
Web Vulnerabilities in web servers, CGI programs, and any other software offering an HTTP interface
Mail Vulnerabilities in SMTP, IMAP, POP, or web-based mail services
File Transfer Vulnerabilities in FTP and TFTP services
Login/Shell Vulnerabilities in ssh, telnet, rlogin, rsh, or rexec services
Print Services Vulnerabilities in lpd and other print daemons
RPC Vulnerabilities in Remote Procedure Call services
DNS Vulnerabilities in Domain Name Services
Databases Vulnerabilities in database services
Networking/SNMP Vulnerabilities in routers, switches, firewalls, or any SNMP service
Windows OS Missing hotfixes or vulnerabilities in the registry or SMB shares
Passwords Missing or easily guessed user passwords
Other Any vulnerability which does not fit into one of the above classes

Aug 28 2006

Sep 8 2006

3.0  Overview

The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained therein.

3.1  Host List

This table presents an overview of the hosts discovered on the network.


Host Name Netbios Name IP Address Host Type Critical Problems Areas of Concern Potential Problems Status
host1.domain.com HOST1 172.16.0.1 Windows 2000 SP1 21 30 36 preexisting
host2.domain.com HOST2 172.16.1.2 Windows Server 2003 8 29 31 preexisting
host3.domain.com   172.16.1.3 SunOS 5.6 11 4 17 preexisting
host4.domain.com HOST4 172.16.1.4 Windows XP SP2 0 20 19 preexisting
host5.domain.com   172.16.1.5 Linux 2.4.0 - 2.5.20 0 7 6 preexisting

3.2  Vulnerability List

This table presents an overview of the vulnerabilities detected on the network.


Host Name Severity Vulnerability / Service Status CVE Exploit Available?
host1.domain.com critical Download.Ject detected on web server preexisting   no
host1.domain.com critical Guessed password to windows account (foobar:foobar) preexisting   no
host1.domain.com critical MS FrontPage Server Extension Vulnerability: /_vti_bin/shtml.dll preexisting CVE-2003-0824 no
host1.domain.com critical MS FrontPage Server Extension Vulnerability: remote debug preexisting CVE-2003-0822 yes
host1.domain.com critical Folder traversal in IIS (Double Decoding) preexisting CVE-2001-0333 yes
host1.domain.com critical Folder traversal in IIS (Unicode Translation) preexisting CVE-2000-0884 yes
host1.domain.com critical vulnerabilities in IIS 5 preexisting CVE-2000-0770 CVE-2001-0151 CVE-2001-0241 CVE-2001-0500 CVE-2001-0507 CVE-2002-0869 CVE-2002-1180 CVE-2002-1181 CVE-2002-1182 CVE-2003-0223 CVE-2003-0224 CVE-2003-0225 CVE-2003-0226 yes
host1.domain.com critical MailEnable HTTPMail vulnerability preexisting CVE-2005-1348 CVE-2005-2222 CVE-2006-1338 yes
host1.domain.com critical MS Site Server default account preexisting CVE-2002-1769 CVE-2002-2073 CVE-2002-2081 no
host1.domain.com critical vulnerability in Windows Media Services (nsiislog.dll) preexisting CVE-2003-0227 CVE-2003-0349 no
host1.domain.com critical Windows Plug and Play vulnerability preexisting CVE-2005-1983 yes
host1.domain.com critical Windows print spooler vulnerability removed CVE-2005-1984 no
host1.domain.com critical RPC runtime library vulnerability preexisting CVE-2003-0807 CVE-2003-0813 CVE-2004-0116 CVE-2004-0124 no
host1.domain.com critical Windows 2000 ASN1 buffer overflow preexisting CVE-2003-0818 no
host1.domain.com critical Windows 2000 RPC buffer overflow preexisting CVE-2003-0352 yes
host1.domain.com critical Windows COM+ command execution vulnerability preexisting CVE-2005-1978 CVE-2005-1979 CVE-2005-1980 CVE-2005-2119 no
host1.domain.com critical Windows SMB Transaction response buffer overflow preexisting CVE-2005-0045 no
host1.domain.com critical Windows SMB input validation vulnerability preexisting CVE-2005-1206 no
host1.domain.com critical Windows TCP/IP vulnerabilities preexisting CVE-2004-0230 CVE-2004-0790 CVE-2004-1060 CVE-2005-0048 CVE-2005-0688 no
host1.domain.com critical Windows WMF gdi32.dll vulnerability preexisting CVE-2005-4560 yes
host1.domain.com critical pointer corruption vulnerability in WINS replication service preexisting CVE-2004-0567 CVE-2004-1080 yes
host1.domain.com critical Worm detected (Code Red II) preexisting   no
host1.domain.com concern Web server allows cross-site tracing preexisting   no
host1.domain.com concern Windows DNS server allows cache poisoning preexisting CVE-2001-1452 no
host1.domain.com concern Internet Explorer COM object memory corruption preexisting CVE-2005-2127 no
host1.domain.com concern Internet Explorer Create Text Range code injection new CVE-2006-1185 CVE-2006-1186 CVE-2006-1188 CVE-2006-1189 CVE-2006-1190 CVE-2006-1191 CVE-2006-1192 CVE-2006-1245 CVE-2006-1359 CVE-2006-1388 yes
host1.domain.com concern Internet Explorer JPEG buffer overflow preexisting CVE-2005-1988 CVE-2005-1989 CVE-2005-1990 yes
host1.domain.com concern Internet Explorer JS stack overflow preexisting CVE-2006-0753 CVE-2006-0830 no
host1.domain.com concern Internet Explorer JavaScript vulnerability preexisting CVE-2005-1790 CVE-2005-2829 CVE-2005-2830 CVE-2005-2831 yes
host1.domain.com concern Internet Explorer PNG buffer overflow preexisting CVE-2002-0648 CVE-2005-1211 no
host1.domain.com concern Internet Explorer URL parsing buffer overflow preexisting CVE-2005-0553 CVE-2005-0554 CVE-2005-0555 yes
host1.domain.com concern Internet Explorer WMF handling vulnerability preexisting CVE-2006-0020 no
host1.domain.com concern vulnerability in License Logging Service preexisting CVE-2005-0050 no
host1.domain.com concern AxWebRemoveCtrl ActiveX control enabled preexisting CVE-2005-3693 no
host1.domain.com concern CodeSupport ActiveX control enabled preexisting CVE-2005-3650 no
host1.domain.com concern null session access using alternate pipes preexisting CVE-2005-2150 no
host1.domain.com concern Windows Plug and Play privilege elevation preexisting CVE-2005-2120 no
host1.domain.com concern Run key allows write access preexisting CVE-1999-0589 no
host1.domain.com concern Uninstall key allows write access preexisting CVE-1999-0589 no
host1.domain.com concern Windows telephony service vulnerability preexisting CVE-2005-0058 yes
host1.domain.com concern DirectShow buffer overflow preexisting CVE-2005-2128 no
host1.domain.com concern HTML Application Host vulnerability in Windows shell preexisting CVE-2005-0063 no
host1.domain.com concern Microsoft Color Management Module buffer overflow preexisting CVE-2005-1219 yes
host1.domain.com concern Microsoft Data Access Component vulnerability new CVE-2006-0003 yes
host1.domain.com concern Windows DHTML Editing Component vulnerability preexisting CVE-2004-1319 no
host1.domain.com concern Windows EMF/WMF image file vulnerability removed CVE-2005-0803 CVE-2005-2123 CVE-2005-2124 no
host1.domain.com concern Windows Explorer COM object command execution new CVE-2004-2289 CVE-2006-0012 no
host1.domain.com concern Windows Explorer Web View command execution removed CVE-2005-1191 no
host1.domain.com concern Windows HTML Help integer overflow removed CVE-2005-1208 no
host1.domain.com concern Windows Hyperlink Object Library buffer overflow preexisting CVE-2005-0057 no
host1.domain.com concern Windows Kernel privilege elevation vulnerability preexisting CVE-2005-2827 no
host1.domain.com concern Windows Media Player plug-in EMBED vulnerability preexisting CVE-2006-0005 yes
host1.domain.com concern Windows Web Fonts vulnerability preexisting CVE-2006-0010 no
host1.domain.com concern Windows shortcut file command execution preexisting CVE-2005-2117 CVE-2005-2118 CVE-2005-2122 no
host1.domain.com concern vulnerable WinZip version: 8.0 preexisting CVE-2001-0449 CVE-2004-1465 no
host1.domain.com potential guessable read community string preexisting CVE-1999-0516 CVE-1999-0517 no
host1.domain.com potential Internet Explorer Shell.Explorer object enabled preexisting CVE-2004-0985 no
host1.domain.com potential Javaprxy.dll access through Internet Explorer preexisting CVE-2005-2087 yes
host1.domain.com potential last user name shown in login box preexisting CVE-1999-0592 no
host1.domain.com potential MailEnable Enterprise 1.04 may be vulnerable preexisting CVE-2005-1013 CVE-2005-1781 CVE-2005-2223 yes
host1.domain.com potential possible vulnerability in MailEnable Enterprise IMAP 1.04 preexisting CVE-2005-1014 CVE-2005-1015 CVE-2005-2278 CVE-2005-3155 CVE-2005-3690 CVE-2005-3691 CVE-2005-3813 CVE-2005-3993 CVE-2005-4402 CVE-2005-4456 CVE-2005-4457 CVE-2006-0504 yes
host1.domain.com potential possible vulnerability in MailEnable Enterprise POP3 1.04 preexisting CVE-2006-1337 no
host1.domain.com potential possible vulnerability in MailEnable POP3 0 preexisting   no
host1.domain.com potential excessive null session access preexisting CVE-2000-1200 no
host1.domain.com potential Possible ODBC RDS Vulnerability preexisting CVE-1999-1011 CVE-2002-1142 no
host1.domain.com potential chargen could be used in UDP bomb preexisting CVE-1999-0103 no
host1.domain.com potential pop receives password in clear preexisting   no
host1.domain.com potential possible vulnerability in PPTP service preexisting CVE-2002-1214 no
host1.domain.com potential SNMP is enabled and may be vulnerable preexisting CVE-1999-0615 CVE-2002-0012 CVE-2002-0013 CVE-2002-0053 CVE-2002-0796 CVE-2002-0797 no
host1.domain.com potential TCP reset using approximate sequence number preexisting CVE-2004-0230 no
host1.domain.com potential password complexity policy disabled preexisting CVE-1999-0535 no
host1.domain.com potential weak account lockout policy (0) preexisting CVE-1999-0582 no
host1.domain.com potential weak minimum password age policy (0 days) preexisting CVE-1999-0535 no
host1.domain.com potential weak minimum password length policy (0) preexisting CVE-1999-0535 no
host1.domain.com potential weak password history policy (0) preexisting CVE-1999-0535 no
host1.domain.com potential non-administrative users can act as part of the operating system preexisting CVE-1999-0534 no
host1.domain.com potential non-administrative users can bypass traverse checking preexisting CVE-1999-0534 no
host1.domain.com potential non-administrative users can create token object preexisting CVE-1999-0534 no
host1.domain.com potential auditing is disabled preexisting CVE-1999-0575 no
host1.domain.com potential Password never expires for user LDAP_Anonymous preexisting   no
host1.domain.com potential Password never expires for user foobar preexisting   no
host1.domain.com potential Client Service for Netware vulnerability preexisting CVE-2005-1985 no
host1.domain.com potential Collaboration Data Objects vulnerability preexisting CVE-2005-1987 no
host1.domain.com potential FTP Client vulnerability preexisting CVE-2005-2126 no
host1.domain.com potential Jet Database Engine input validation problems preexisting CVE-2005-0944 yes
host1.domain.com potential Microsoft Agent spoofing vulnerability preexisting CVE-2005-1214 no
host1.domain.com potential Network Connection Manager vulnerability preexisting CVE-2005-2307 no
host1.domain.com potential Win2000 SP2 Security Rollup 1 not installed preexisting CVE-1999-0662 no
host1.domain.com potential Windows 2000 SP4 Update Rollup 1 not applied preexisting CVE-2005-3168 CVE-2005-3169 CVE-2005-3170 CVE-2005-3171 CVE-2005-3172 CVE-2005-3173 CVE-2005-3174 CVE-2005-3175 CVE-2005-3176 CVE-2005-3177 no
host1.domain.com potential Windows Media Player URL script execution preexisting CVE-2003-1107 no
host1.domain.com potential potential vulnerability in WINS preexisting CVE-2003-0825 no
host2.domain.com critical Guessed password to windows account (foobar:foobar) preexisting   no
host2.domain.com critical Windows print spooler vulnerability preexisting CVE-2005-1984 no
host2.domain.com critical RPC runtime library vulnerability preexisting CVE-2003-0807 CVE-2003-0813 CVE-2004-0116 CVE-2004-0124 no
host2.domain.com critical Win2003 RPC buffer overflow preexisting CVE-2003-0352 yes
host2.domain.com critical Windows SMB Transaction response buffer overflow preexisting CVE-2005-0045 no
host2.domain.com critical Windows SMB input validation vulnerability preexisting CVE-2005-1206 no
host2.domain.com critical Windows TCP/IP vulnerabilities preexisting CVE-2004-0230 CVE-2004-0790 CVE-2004-1060 CVE-2005-0048 CVE-2005-0688 no
host2.domain.com critical Windows WMF gdi32.dll vulnerability preexisting CVE-2005-4560 yes
host2.domain.com concern Internet Explorer COM object memory corruption preexisting CVE-2005-2127 no
host2.domain.com concern Internet Explorer Create Text Range code injection new CVE-2006-1185 CVE-2006-1186 CVE-2006-1188 CVE-2006-1189 CVE-2006-1190 CVE-2006-1191 CVE-2006-1192 CVE-2006-1245 CVE-2006-1359 CVE-2006-1388 yes
host2.domain.com concern Internet Explorer JPEG buffer overflow preexisting CVE-2005-1988 CVE-2005-1989 CVE-2005-1990 yes
host2.domain.com concern Internet Explorer JS stack overflow preexisting CVE-2006-0753 CVE-2006-0830 no
host2.domain.com concern Internet Explorer JavaScript vulnerability preexisting CVE-2005-1790 CVE-2005-2829 CVE-2005-2830 CVE-2005-2831 yes
host2.domain.com concern Internet Explorer PNG buffer overflow preexisting CVE-2002-0648 CVE-2005-1211 no
host2.domain.com concern Internet Explorer URL parsing buffer overflow preexisting CVE-2005-0553 CVE-2005-0554 CVE-2005-0555 yes
host2.domain.com concern Outlook Express Windows Address Book vulnerability new CVE-2006-0014 no
host2.domain.com concern CodeSupport ActiveX control enabled preexisting CVE-2005-3650 no
host2.domain.com concern Sunncomm ActiveX control enabled preexisting   no
host2.domain.com concern Windows Plug and Play vulnerability preexisting CVE-2005-1983 yes
host2.domain.com concern Run key allows write access preexisting CVE-1999-0589 no
host2.domain.com concern Uninstall key allows write access preexisting CVE-1999-0589 no
host2.domain.com concern DACL privilege elevation preexisting CVE-2006-0023 no
host2.domain.com concern DirectShow buffer overflow preexisting CVE-2005-2128 no
host2.domain.com concern HTML Application Host vulnerability in Windows shell removed CVE-2005-0063 no
host2.domain.com concern Microsoft Color Management Module buffer overflow preexisting CVE-2005-1219 yes
host2.domain.com concern Microsoft Data Access Component vulnerability new CVE-2006-0003 yes
host2.domain.com concern Windows COM+ command execution vulnerability preexisting CVE-2005-1978 CVE-2005-1979 CVE-2005-1980 CVE-2005-2119 no
host2.domain.com concern Windows DHTML Editing Component vulnerability removed CVE-2004-1319 no
host2.domain.com concern Windows EMF/WMF image file vulnerability preexisting CVE-2005-0803 CVE-2005-2123 CVE-2005-2124 no
host2.domain.com concern Windows Explorer COM object command execution new CVE-2004-2289 CVE-2006-0012 no
host2.domain.com concern Windows HTML Help integer overflow preexisting CVE-2005-1208 no
host2.domain.com concern Windows Hyperlink Object Library buffer overflow preexisting CVE-2005-0057 no
host2.domain.com concern Windows Media Player PNG image vulnerability preexisting CVE-2004-1244 no
host2.domain.com concern Windows Media Player bmp buffer overflow preexisting CVE-2006-0006 no
host2.domain.com concern Windows Media Player plug-in EMBED vulnerability preexisting CVE-2006-0005 yes
host2.domain.com concern Windows OLE input validation vulnerability preexisting CVE-2005-0044 CVE-2005-0047 no
host2.domain.com concern Windows Web Fonts vulnerability preexisting CVE-2006-0010 no
host2.domain.com concern Windows shortcut file command execution preexisting CVE-2005-2117 CVE-2005-2118 CVE-2005-2122