Repartition of the level of the security problems :

List of open ports :

• telnet (23/tcp) (Security notes found)
• ssh (22/tcp) (Security hole found)
• ftp (21/tcp) (Security notes found)
• www (80/tcp) (Security notes found)
• finger (79/tcp) (Security warnings found)
• auth (113/tcp) (Security warnings found)
• netbios-ssn (139/tcp)
• https (443/tcp) (Security notes found)
• cfingerd (2003/tcp) (Security warnings found)
• squid-http (3128/tcp) (Security warnings found)
• general/udp (Security notes found)
• general/tcp (Security notes found)

Information found on port telnet (23/tcp)

An unknown service is running on this port.
It is usually reserved for Telnet
Nessus ID : 10330

Vulnerability found on port ssh (22/tcp)

You are running a version of OpenSSH which is older than 3.4

There is a flaw in this version that can be exploited remotely to
give an attacker a shell on this host.

Note that several distribution patched this hole without changing
the version number of OpenSSH. Since Nessus solely relied on the
banner of the remote SSH server to perform this check, this might
be a false positive.

If you are running a RedHat host, make sure that the command :
rpm -q openssh-server

Returns :
openssh-server-3.1p1-6


Solution : Upgrade to OpenSSH 3.4 or contact your vendor for a patch
Risk factor : High
CVE : CVE-2002-0639, CVE-2002-0640
BID : 5093
Nessus ID : 11031

Vulnerability found on port ssh (22/tcp)

You are running a version of OpenSSH which is older than 3.0.1.

Versions older than 3.0.1 are vulnerable to a flaw in which
an attacker may authenticate, provided that Kerberos V support
has been enabled (which is not the case by default).
It is also vulnerable as an excessive memory clearing bug,
believed to be unexploitable.

*** You may ignore this warning if this host is not using
*** Kerberos V

Solution : Upgrade to OpenSSH 3.0.1
Risk factor : Low (if you are not using Kerberos) or High (if kerberos is enabled)
CVE : CVE-2002-0083
BID : 3560, 4560, 4241
Nessus ID : 10802

Vulnerability found on port ssh (22/tcp)

You are running a version of OpenSSH which is older than 3.1.

Versions prior than 3.1 are vulnerable to an off by one error
that allows local users to gain root access, and it may be
possible for remote users to similarly compromise the daemon
for remote access.

In addition, a vulnerable SSH client may be compromised by
connecting to a malicious SSH daemon that exploits this
vulnerability in the client code, thus compromising the
client system.

Solution : Upgrade to OpenSSH 3.1 or apply the patch for
prior versions. (See: http://www.openssh.org)

Risk factor : High
CVE : CVE-2002-0083
BID : 4241
Nessus ID : 10883

Vulnerability found on port ssh (22/tcp)

You are running a version of OpenSSH which is older than 3.0.2.

Versions prior than 3.0.2 are vulnerable to an environment
variables export that can allow a local user to execute
command with root privileges.
This problem affect only versions prior than 3.0.2, and when
the UseLogin feature is enabled (usually disabled by default)

Solution : Upgrade to OpenSSH 3.0.2 or apply the patch for prior
versions. (Available at: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH)

Risk factor : High (If UseLogin is enabled, and locally)
CVE : CVE-2001-0872
BID : 3614
Nessus ID : 10823

Vulnerability found on port ssh (22/tcp)

You are running a version of OpenSSH older than OpenSSH 3.2.1

A buffer overflow exists in the daemon if AFS is enabled on
your system, or if the options KerberosTgtPassing or
AFSTokenPassing are enabled. Even in this scenario, the
vulnerability may be avoided by enabling UsePrivilegeSeparation.

Versions prior to 2.9.9 are vulnerable to a remote root
exploit. Versions prior to 3.2.1 are vulnerable to a local
root exploit.

Solution :
Upgrade to the latest version of OpenSSH

Risk factor : High
CVE : CVE-2002-0575
BID : 4560
Nessus ID : 10954

Warning found on port ssh (22/tcp)

You are running OpenSSH-portable 3.6.1p1 or older.

If PAM support is enabled, an attacker may use a flaw in this version
to determine the existence or a given login name by comparing the times
the remote sshd daemon takes to refuse a bad password for a non-existant
login compared to the time it takes to refuse a bad password for an
existant login.

An attacker may use this flaw to set up a brute force attack against
the remote host.

*** Nessus did not check whether the remote SSH daemon is actually
*** using PAM or not, so this might be a false positive

Solution : Upgrade to OpenSSH-portable 3.6.1p2 or newer
Risk Factor : Low
CVE : CAN-2003-0190
BID : 7482
Nessus ID : 11574

Warning found on port ssh (22/tcp)

The remote SSH daemon supports connections made
using the version 1.33 and/or 1.5 of the SSH protocol.

These protocols are not completely cryptographically
safe so they should not be used.

Solution :
If you use OpenSSH, set the option 'Protocol' to '2'
If you use SSH.com's set the option 'Ssh1Compatibility' to 'no'

Risk factor : Low
Nessus ID : 10882

Warning found on port ssh (22/tcp)

You are running OpenSSH-portable 3.6.1 or older.

There is a flaw in this version which may allow an attacker to
bypass the access controls set by the administrator of this server.

OpenSSH features a mecanism which can restrict the list of
hosts a given user can log from by specifying a pattern
in the user key file (ie: *.mynetwork.com would let a user
connect only from the local network).

However there is a flaw in the way OpenSSH does reverse DNS lookups.
If an attacker configures his DNS server to send a numeric IP address
when a reverse lookup is performed, he may be able to circumvent
this mecanism.

Solution : Upgrade to OpenSSH 3.6.2 when it comes out
Risk Factor : Low
CVE : CAN-2003-0386
BID : 7831
Nessus ID : 11712

Information found on port ssh (22/tcp)

An ssh server is running on this port
Nessus ID : 10330

Information found on port ssh (22/tcp)

Remote SSH version : SSH-1.99-OpenSSH_2.9p2
Nessus ID : 10267

Information found on port ssh (22/tcp)

The remote SSH daemon supports the following versions of the
SSH protocol :

. 1.33
. 1.5
. 1.99
. 2.0

Nessus ID : 10881

Information found on port ftp (21/tcp)

An unknown service is running on this port.
It is usually reserved for FTP
Nessus ID : 10330

Information found on port www (80/tcp)

An unknown service is running on this port.
It is usually reserved for HTTP
Nessus ID : 10330

Warning found on port finger (79/tcp)

The 'finger' service provides useful information to attackers, since it allows
them to gain usernames, check if a machine is being used, and so on...

Here is the output we obtained for 'root' :

Login: root Name: root
Directory: /root Shell: /bin/bash
On since Sat Aug 9 14:35 (PDT) on tty1
Mail last read Mon Aug 11 00:07 2003 (PDT)
No Plan.


Solution : comment out the 'finger' line in /etc/inetd.conf
Risk factor : Low
CVE : CVE-1999-0612
Nessus ID : 10068

Information found on port finger (79/tcp)

A finger server seems to be running on this port
Nessus ID : 10330

Warning found on port auth (113/tcp)

The 'ident' service provides sensitive information
to potential attackers. It mainly says which accounts are running which
services. This helps attackers to focus on valuable services [those
owned by root]. If you don't use this service, disable it.

Risk factor : Low

Solution : comment out the 'auth' or 'ident' line in /etc/inetd.conf
CVE : CAN-1999-0629
Nessus ID : 10021

Information found on port auth (113/tcp)

An identd server is running on this port
Nessus ID : 10330

Information found on port https (443/tcp)

An unknown service is running on this port.
It is usually reserved for HTTPS
Nessus ID : 10330

Warning found on port cfingerd (2003/tcp)

The remote SSH daemon supports connections made
using the version 1.33 and/or 1.5 of the SSH protocol.

These protocols are not completely cryptographically
safe so they should not be used.

Solution :
If you use OpenSSH, set the option 'Protocol' to '2'
If you use SSH.com's set the option 'Ssh1Compatibility' to 'no'

Risk factor : Low
Nessus ID : 10882

Information found on port cfingerd (2003/tcp)

A SSH server seems to be running on this port
Nessus ID : 11153

Information found on port cfingerd (2003/tcp)

The remote SSH daemon supports the following versions of the
SSH protocol :

. 1.33
. 1.5
. 1.99
. 2.0

Nessus ID : 10881

Warning found on port squid-http (3128/tcp)

The remote SSH daemon supports connections made
using the version 1.33 and/or 1.5 of the SSH protocol.

These protocols are not completely cryptographically
safe so they should not be used.

Solution :
If you use OpenSSH, set the option 'Protocol' to '2'
If you use SSH.com's set the option 'Ssh1Compatibility' to 'no'

Risk factor : Low
Nessus ID : 10882

Information found on port squid-http (3128/tcp)

An unknown service is running on this port.
It is usually reserved for Squid
Nessus ID : 10330

Information found on port squid-http (3128/tcp)

A SSH server seems to be running on this port
Nessus ID : 11153

Information found on port general/udp

For your information, here is the traceroute to 192.168.1.79 :
192.168.1.79

Nessus ID : 10287

Information found on port general/tcp

Remote OS guess : Linux Kernel 2.4.0 - 2.5.20

CVE : CAN-1999-0454
Nessus ID : 11268