|
 | 作者: seing [seing]
 论坛用户 |
登录 |
| 安全漏洞及解决方案: 217.23.32.13 类型 端口/服务 安全漏洞及解决方案 提示 www (80/tcp) 开放服务 "WEB"服务运行于该端口 BANNER信息 : HTTP/1.1 404 Object Not Found Server: Microsoft-IIS/5.0 Date: Sun, 29 Oct 2006 07:26:19 GMT Content-Type: text/html Content-Length: 111 <html><head><title>Site Not Found</title></head> <body>No web site is configured at this address.</body></html> NESSUS_ID : 10330 提示 www (80/tcp) HTTP 服务器类型及版本 发现 HTTP 服务器的类型及版本号. 解决方案: 配置服务器经常更改名称,如:'Wintendo httpD w/Dotmatrix display' 确保移除类似 apache_pb.gif 带有 Apache 的通用标志, 可以设定 'ServerTokens Prod' 为受限 该信息来源于服务器本身的响应首部. 风险等级 : 低 ___________________________________________________________________ The remote web server type is : Microsoft-IIS/5.0 NESSUS_ID : 10107 提示 Windows Terminal Services (3389/tcp) Windows Terminal Service Enabled The Terminal Services are enabled on the remote host. Terminal Services allow a Windows user to remotely obtain a graphical login (and therefore act as a local user on the remote host). If an attacker gains a valid login and password, he may be able to use this service to gain further access on the remote host. An attacker may also use this service to mount a dictionnary attack against the remote host to try to log in remotely. Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackers to steal the credentials of legitimates users by impersonating the Windows server. Solution : Disable the Terminal Services if you do not use them, and do not allow this service to run across the internet Risk factor : Low BUGTRAQ_ID : 3099, 7258 NESSUS_ID : 10940 提示 unknown (3000/tcp) 检测MDaemon Server的WorldClient 我们检测到远程web服务器上正在运行MDaemon的WorldClient。该web服务端使得拥有合适用户名和密码的攻击者可以进入本地的邮件箱。 另外,WorldClient早先的版本存在缓冲区溢出漏洞和web遍历的问题(如果存在这些漏洞,风险等级会更高)。 解决方案: 确保所有的用户名和密码都足够长,同时只允许被授权的网络访问该web服务器的端口(使用防火墙屏蔽web服务器端口)。 风险等级:低 更多信息请参考: http://www.securiteam.com/cgi-bin/htsearch?config=htdigSecuriTeam&words=WorldClient ___________________________________________________________________ We detected the remote web server is running WorldClient for MDaemon. This web server enables attackers with the proper username and password combination to access locally stored mailboxes. In addition, earlier versions of WorldClient suffer from buffer overflow vulnerabilities, and web traversal problems (if those are found the Risk factor is higher). Solution: Make sure all usernames and passwords are adequately long and that only authorized networks have access to this web server's port number (block the web server's port number on your firewall). Risk factor : Low For more information see: http://www.securiteam.com/cgi-bin/htsearch?config=htdigSecuriTeam&words=WorldClient BUGTRAQ_ID : 1462, 2478, 4687, 4689, 823 NESSUS_ID : 10745 提示 smtp (25/tcp) SMTP 服务端类型和版本 通过连接服务器并处理缓冲区里接收到的数据,当前脚本检测了SMTP 服务端类型和版本。 该信息向攻击者提供了更多系统信息。应该适当隐藏服务程序的版本和类型。 解决方案: 修改登陆banner不包含相关标识信息 风险等级: 低 ___________________________________________________________________ Remote SMTP server banner : 220 accessme.net ESMTP MDaemon 7.2.2 Sun, 29 Oct 2006 09:32:51 +0200 NESSUS_ID : 10263 提示 pop3 (110/tcp) POP3 Server type and version The remote POP3 servers leak information about the software it is running, through the login banner. This may assist an attacker in choosing an attack strategy. Versions and types should be omitted where possible. The version of the remote POP3 server is : +OK accessme.net POP MDaemon 7.2.2 ready Solution : Change the login banner to something generic. Risk factor : Low NESSUS_ID : 10185 提示 imap (143/tcp) IMAP Banner The remote imap server banner is : * OK accessme.net IMAP4rev1 MDaemon 7.2.2 ready Versions and types should be omitted where possible. Change the imap banner to something generic. NESSUS_ID : 11414 |
| 地主 发表时间: 06-10-29 16:47 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 菜鸟乐园 标题: 最新漏洞