Summary

This document reports on the results of an automatic security scan. The report first summarises the results found. Then, for each host, the report describes every issue found. Please consider the advice given in each description, in order to rectify the issue.

Vendor security updates are not trusted.

Overrides are on. When a result has an override, this report uses the threat of the override.

Notes are included in the report.

This report might not show details of all issues that were found. It only lists hosts that produced issues. Issues with the threat level "Debug" are not shown. Issues with the threat level "False Positive" are not shown.

This report contains all 22 results selected by the filtering described above. Before filtering there were 22 results.

Scan started: Tue Apr 21 16:22:35 2015
Scan ended: Tue Apr 21 16:33:50 2015

Host Summary

Host Start End High Medium Low Log False Positive
10.0.0.138 Apr 21, 16:22:42 Apr 21, 16:33:50 0 0 1 21 0
Total: 1 0 0 1 21 0

Results per Host

Host 10.0.0.138

Scanning of this host started at: 2015-04-21T16:22:42Z
Number of results: 22

Port Summary for Host 10.0.0.138

Service (Port) Threat Level
53/tcp Low
general/tcp Log
general/SMBClient Log
general/CPE-T Log
80/tcp Log
53/udp Log
23/tcp Log
22/tcp Log
21/tcp Log
1900/udp Log
139/tcp Log

Security Issues for Host 10.0.0.138

53/tcp
Low (CVSS: 3.3)
NVT: DNS Server on UDP and TCP (OID: 1.3.6.1.4.1.25623.1.0.18356)
Summary

A DNS server is running on this port but it only answers to UDP requests. This means that TCP requests are blocked by a firewall.

This configuration is incorrect: TCP might be used by any request, it is not restricted to zone transfers. Read RFC1035 or STD0013 for more information.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Vulnerability Detection Method

Details: DNS Server on UDP and TCP (OID: 1.3.6.1.4.1.25623.1.0.18356)

Version used: $Revision: 1048 $

general/CPE-T
Log (CVSS: 0.0)
NVT: CPE Inventory (OID: 1.3.6.1.4.1.25623.1.0.810002)
Summary

This routine uses information collected by other routines about CPE identities (http://cpe.mitre.org/) of operating systems, services and applications detected during the scan.

Vulnerability Detection Result
10.0.0.138|cpe:/a:matt_johnston:dropbear_ssh_server:0.46
10.0.0.138|cpe:/h:hp:jetdirect
Log Method

Details: CPE Inventory (OID: 1.3.6.1.4.1.25623.1.0.810002)

Version used: $Revision: 314 $

general/SMBClient
Log (CVSS: 0.0)
NVT: SMB Test (OID: 1.3.6.1.4.1.25623.1.0.90011)
Summary

Test remote host SMB Functions

Vulnerability Detection Result
OS Version = UNIX
Domain = WORKGROUP
SMB Serverversion = SAMBA 3.0.37
Log Method

Details: SMB Test (OID: 1.3.6.1.4.1.25623.1.0.90011)

Version used: $Revision: 16 $

general/tcp
Log (CVSS: 0.0)
NVT: OS fingerprinting (OID: 1.3.6.1.4.1.25623.1.0.102002)
Summary

This script performs ICMP based OS fingerprinting (as described by Ofir Arkin and Fyodor Yarochkin in Phrack #57). It can be used to determine remote operating system version.

Vulnerability Detection Result
ICMP based OS fingerprint results: (70% confidence)
HP JetDirect
Log Method

Details: OS fingerprinting (OID: 1.3.6.1.4.1.25623.1.0.102002)

Version used: $Revision: 43 $

References

Other: http://www.phrack.org/issues.html?issue=57&id=7#article

general/tcp
Log (CVSS: 0.0)
NVT: Traceroute (OID: 1.3.6.1.4.1.25623.1.0.51662)
Summary

A traceroute from the scanning server to the target system was conducted. This traceroute is provided primarily for informational value only. In the vast majority of cases, it does not represent a vulnerability. However, if the displayed traceroute contains any private addresses that should not have been publicly visible, then you have an issue you need to correct.

Vulnerability Detection Result
Here is the route from 192.168.237.130 to 10.0.0.138:
192.168.237.130
10.0.0.138
Solution

Block unwanted packets from escaping your network.

Log Method

Details: Traceroute (OID: 1.3.6.1.4.1.25623.1.0.51662)

Version used: $Revision: 975 $

21/tcp
Log (CVSS: 0.0)
NVT: FTP Banner Detection (OID: 1.3.6.1.4.1.25623.1.0.10092)
Summary

This Plugin detects the FTP Server Banner

Vulnerability Detection Result
Remote FTP server banner :
220 Welcome to the FTP utility
Log Method

Details: FTP Banner Detection (OID: 1.3.6.1.4.1.25623.1.0.10092)

Version used: $Revision: 563 $

21/tcp
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

Vulnerability Detection Result
An FTP server is running on this port.
Here is its banner : 
220 Welcome to the FTP utility
Log Method

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

22/tcp
Log (CVSS: 0.0)
NVT: SSH Protocol Versions Supported (OID: 1.3.6.1.4.1.25623.1.0.100259)
Summary

Identification of SSH protocol versions supported by the remote SSH Server. Also reads the corresponding fingerprints from the service.

The following versions are tried: 1.33, 1.5, 1.99 and 2.0

Vulnerability Detection Result
The remote SSH Server supports the following SSH Protocol Versions:
1.99
1.5
2.0
1.33
SSHv1 Fingerprint: 17:05:dd:72:ad:e3:e3:cc:af:31:44:72:ed:cf:a5:e5
Log Method

Details: SSH Protocol Versions Supported (OID: 1.3.6.1.4.1.25623.1.0.100259)

Version used: $Revision: 43 $

22/tcp
Log (CVSS: 0.0)
NVT: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)
Summary

This detects the SSH Server's type and version by connecting to the server and processing the buffer received. This information gives potential attackers additional information about the system they are attacking. Versions and Types should be omitted where possible.

Vulnerability Detection Result
Detected SSH server version: SSH-2.0-dropbear_0.46
Remote SSH supported authentication: password,publickey
Remote SSH banner: 
(not available)
CPE: 
Concluded from remote connection attempt with credentials:
  Login: OpenVAS
  Password: OpenVAS
Solution

Apply filtering to disallow access to this port from untrusted hosts

Log Method

Details: SSH Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10267)

Version used: $Revision: 971 $

22/tcp
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

Vulnerability Detection Result
An ssh server is running on this port
Log Method

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

22/tcp
Log (CVSS: 0.0)
NVT: Dropbear SSH Detection (OID: 1.3.6.1.4.1.25623.1.0.105112)
Summary

The script sends a connection request to the server and attempts to extract the version number from the reply.

Vulnerability Detection Result
Detected Dropbear
Version: 0.46
Location: 22/tcp
CPE: cpe:/a:matt_johnston:dropbear_ssh_server:0.46
Concluded from version identification result:
SSH-2.0-dropbear_0.46
Log Method

Details: Dropbear SSH Detection (OID: 1.3.6.1.4.1.25623.1.0.105112)

Version used: $Revision: 942 $

23/tcp
Log (CVSS: 0.0)
NVT: Check for Telnet Server (OID: 1.3.6.1.4.1.25623.1.0.100074)
Summary

A telnet Server is running at this host.

Experts in computer security, such as SANS Institute, and the members of the comp.os.linux.security newsgroup recommend that the use of Telnet for remote logins should be discontinued under all normal circumstances, for the following reasons:

* Telnet, by default, does not encrypt any data sent over the connection (including passwords), and so it is often practical to eavesdrop on the communications and use the password later for malicious purposes anybody who has access to a router, switch, hub or gateway located on the network between the two hosts where Telnet is being used can intercept the packets passing by and obtain login and password information (and whatever else is typed) with any of several common utilities like tcpdump and Wireshark. * Most implementations of Telnet have no authentication that would ensure communication is carried out between the two desired hosts and not intercepted in the middle.

* Commonly used Telnet daemons have several vulnerabilities discovered over the years.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Log Method

Details: Check for Telnet Server (OID: 1.3.6.1.4.1.25623.1.0.100074)

Version used: $Revision: 43 $

23/tcp
Log (CVSS: 0.0)
NVT: Detect Server type and version via Telnet (OID: 1.3.6.1.4.1.25623.1.0.10281)
Summary

This detects the Telnet Server's type and version by connecting to the server and processing the buffer received. This information gives potential attackers additional information about the system they are attacking. Versions and Types should be omitted where possible.

Vulnerability Detection Result
Remote telnet banner :
BCM96368 Broadband Router
Login: 
Solution

Change the login banner to something generic.

Log Method

Details: Detect Server type and version via Telnet (OID: 1.3.6.1.4.1.25623.1.0.10281)

Version used: $Revision: 464 $

23/tcp
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

Vulnerability Detection Result
A telnet server seems to be running on this port
Log Method

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

53/udp
Log (CVSS: 0.0)
NVT: DNS Server Detection (OID: 1.3.6.1.4.1.25623.1.0.100069)
Summary

A DNS Server is running at this Host. A Name Server translates domain names into IP addresses. This makes it possible for a user to access a website by typing in the domain name instead of the website's actual IP address.

Vulnerability Detection Result

Vulnerability was detected according to the Vulnerability Detection Method.

Log Method

Details: DNS Server Detection (OID: 1.3.6.1.4.1.25623.1.0.100069)

Version used: $Revision: 488 $

53/udp
Log (CVSS: 0.0)
NVT: Nominum Vantio Detection (OID: 1.3.6.1.4.1.25623.1.0.100675)
Summary

Nominum Vantio, a recursive caching server from Nominumat, is running at this host.

Vulnerability Detection Result
 Summary:
 Nominum Vantio, a recursive caching server from Nominumat, is running
at this host.
Log Method

Details: Nominum Vantio Detection (OID: 1.3.6.1.4.1.25623.1.0.100675)

Version used: $Revision: 14 $

References

Other: http://www.nominum.com/

80/tcp
Log (CVSS: 0.0)
NVT: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)
Summary

This detects the HTTP Server's type and version.

Vulnerability Detection Result
The remote web server type is :
micro_httpd
Solution

Configure your server to use an alternate name like 'Wintendo httpD w/Dotmatrix display' Be sure to remove common logos like apache_pb.gif. With Apache, you can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers.

Log Method

Details: HTTP Server type and version (OID: 1.3.6.1.4.1.25623.1.0.10107)

Version used: $Revision: 229 $

80/tcp
Log (CVSS: 0.0)
NVT: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)
Summary

This plugin attempts to guess which service is running on the remote ports. For instance, it searches for a web server which could listen on another port than 80 and set the results in the plugins knowledge base.

Vulnerability Detection Result
A web server is running on this port
Log Method

Details: Services (OID: 1.3.6.1.4.1.25623.1.0.10330)

Version used: $Revision: 69 $

139/tcp
Log (CVSS: 0.0)
NVT: SMB log in (OID: 1.3.6.1.4.1.25623.1.0.10394)
Summary

This script attempts to logon into the remote host using login/password credentials.

Vulnerability Detection Result
It was possible to log into the remote host using the SMB protocol.
Log Method

Details: SMB log in (OID: 1.3.6.1.4.1.25623.1.0.10394)

Version used: $Revision: 1032 $

139/tcp
Log (CVSS: 0.0)
NVT: SMB on port 445 (OID: 1.3.6.1.4.1.25623.1.0.11011)
Summary

This script detects wether port 445 and 139 are open and if thet are running SMB servers.

Vulnerability Detection Result
An SMB server is running on this port
Log Method

Details: SMB on port 445 (OID: 1.3.6.1.4.1.25623.1.0.11011)

Version used: $Revision: 41 $

139/tcp
Log (CVSS: 0.0)
NVT: Microsoft Windows SMB Accessible Shares (OID: 1.3.6.1.4.1.25623.1.0.902425)
Summary

The script detects the Windows SMB Accessible Shares and sets the result into KB.

Vulnerability Detection Result
The following shares where found
IPC$
Log Method

Details: Microsoft Windows SMB Accessible Shares (OID: 1.3.6.1.4.1.25623.1.0.902425)

Version used: $Revision: 977 $

1900/udp
Log (CVSS: 0.0)
NVT: MiniUPnPd Detection (OID: 1.3.6.1.4.1.25623.1.0.103652)
Summary

Detection of the UPnP protocol.

The script sends a UPnP discovery request and attempts to determine if the remote host supports the UPnP protocol

Vulnerability Detection Result
The remote Host supports the UPnP protocol. You should restrict access
to port 1900/udp. The remote Host answers the following to a SSDP M-SEARCH request
HTTP/1.1 200 OK
Cache-Control: max-age=300
Date: Tue, 21 Apr 2015 18:29:43 GMT
Ext: 
Location: http://10.0.0.138:1780/WFADevice.xml
Server: POSIX UPnP/1.0 UPnP Stack/estimation 1.00
ST: urn:schemas-wifialliance-org:device:WFADevice:1
USN: uuid:39fc7555-b8f8-d660-d1fa-65f0838c2c02::urn:schemas-wifialliance-org:device:WFADev↵
ice:1
Log Method

Details: MiniUPnPd Detection (OID: 1.3.6.1.4.1.25623.1.0.103652)

Version used: $Revision: 18 $

This file was automatically generated.