5707073 2006-8-31 12:39
请求翻译
本报表列出了被检测主机的详细漏洞信息, 请根据提示信息或链接内容进行相应修补. 欢迎参加X-Scan脚本翻译项目
扫描时间
2006-8-31 11:12:47 - 2006-8-31 11:17:56
检测结果
存活主机 1
漏洞数量 4
警告数量 5
提示数量 16
主机列表
主机 检测结果
192.168.0.1 发现安全漏洞
主机摘要 - OS: Unknown OS; PORT/TCP: 21, 22, 23, 53
[返回顶部]
主机分析: 192.168.0.1
主机地址 端口/服务 服务漏洞
192.168.0.1 telnet (23/tcp) 发现安全提示
192.168.0.1 SSH, Remote Login Protocol (22/tcp) 发现安全提示
192.168.0.1 ftp (21/tcp) 发现安全提示
192.168.0.1 domain (53/tcp) 发现安全提示
192.168.0.1 netbios-ns (137/udp) 发现安全警告
192.168.0.1 ssh (22/tcp) 发现安全漏洞
192.168.0.1 pptp (1723/tcp) 发现安全提示
192.168.0.1 unknown (1720/tcp) 发现安全提示
192.168.0.1 domain (53/udp) 发现安全提示
192.168.0.1 dns (53/udp) 发现安全提示
192.168.0.1 dns (53/tcp) 发现安全警告
安全漏洞及解决方案: 192.168.0.1
类型 端口/服务 安全漏洞及解决方案
提示 telnet (23/tcp) 开放服务
"TELNET"服务可能运行于该端口.
NESSUS_ID : 10330
提示 telnet (23/tcp) 利用telnet确定服务器的类型与版本号
通过与服务器建立连接
并分析接收到的数据可以确定服务器的类型与版本号.
这为潜在的攻击者提供了其将要攻击的系统的额外信息. 如果可能的话
版本与类型应当隐藏起来.
解决方案: 更改登陆信息为非特定的内容.
风险等级 : 低
___________________________________________________________________
Remote telnet banner :
MikroTik v2.8.26
Login:
NESSUS_ID : 10281
提示 telnet (23/tcp) Telnet
当前的Telnet在未加密的状态下进行数据传输,任何人通过sniff都很容易监听telnet客户端与telnet服务端之间的登陆用户名与密码!
解决方案:如果你使用的是Unix系列的操作系统,使用OpenSSH替代telnet服务
风险等级:低
___________________________________________________________________
The Telnet service is running.
This service is dangerous in the sense that it is not ciphered - that is,
everyone can sniff the data that passes between the telnet client
and the telnet server. This includes logins and passwords.
Solution:
If you are running a Unix-type system, OpenSSH can be used instead of telnet.
For Unix systems, you can comment out the 'telnet' line in /etc/inetd.conf.
For Unix systems which use xinetd, you will need to modify the telnet services
file in the /etc/xinetd.d folder. After making any changes to xinetd or
inetd configuration files, you must restart the service in order for the
changes to take affect.
In addition, many different router and switch manufacturers support SSH as a
telnet replacement. You should contact your vendor for a solution which uses
an encrypted session.
Risk factor : Low
CVE_ID : CAN-1999-0619
NESSUS_ID : 10280
提示 SSH, Remote Login Protocol (22/tcp) 开放服务
"SSH, Remote Login Protocol"服务可能运行于该端口.
NESSUS_ID : 10330
提示 ftp (21/tcp) 开放服务
"FTP"服务运行于该端口.
BANNER信息 :
220 MikroTik FTP server (MikroTik v2.8.26) ready
NESSUS_ID : 10330
提示 ftp (21/tcp) FTP服务的版本和类型
通过登陆目标服务器并经过缓冲器接收可查出FTP服务的类型和版本。这些注册过的标识信息将给予潜在的攻击者们关于他们要攻击的系统的额外信息。版本和类型会在可能的地方被泄露。
解决方案:将这些注册过的标识信息转变为普通类别的信息。。
风险等级:低
___________________________________________________________________
Remote FTP server banner :
220 MikroTik FTP server (MikroTik v2.8.26) ready
NESSUS_ID : 10092
提示 domain (53/tcp) 开放服务
"domain"服务可能运行于该端口.
NESSUS_ID : 10330
提示 domain (53/tcp) DNS Server Detection
A DNS server is running on this port. If you do not use it, disable it.
Risk factor : Low
NESSUS_ID : 11002
警告 netbios-ns (137/udp) NetBIOS Name Service Reply Information Leakage
The remote host is running a version of the NetBT name
service which suffers from a memory disclosure problem.
An attacker may send a special packet to the remote NetBT name
service, and the reply will contain random arbitrary data from
the remote host memory. This arbitrary data may be a fragment from
the web page the remote user is viewing, or something more serious
like a POP password or anything else.
An attacker may use this flaw to continuously 'poll' the content
of the memory of the remote host and might be able to obtain sensitive
information.
Solution : See [url]http://www.microsoft.com/technet/security/bulletin/ms03-034.mspx[/url]
Risk factor : Medium
CVE_ID : CAN-2003-0661
BUGTRAQ_ID : 8532
NESSUS_ID : 11830
提示 netbios-ns (137/udp) 使用NetBIOS探测Windows主机信息
如果NetBIOS端口(UDP:137)已经打开,
一个远程攻击者可以利用这个漏洞获得主机
的敏感信息,比如机器名,工作组/域名,
当前登陆用户名等。
解决方法:阻止这个端口的外部通信。
风险等级:中
___________________________________________________________________
The following 1 NetBIOS names have been gathered :
1157027601.383
. This SMB server seems to be a SAMBA server (this is not a security
risk, this is for your information). This can be told because this server
claims to have a null MAC address
If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.
Risk factor : Low
CVE_ID : CAN-1999-0621
NESSUS_ID : 10150
漏洞 ssh (22/tcp) OpenSSH AFS/Kerberos ticket/token缓冲区溢出漏洞
远程主机正在运行的OpenSSH版本低于OpenSSH 3.2.1
如果AFS或者KerberosTgtPassing或者AFSTokenPassing等选项开放, 即存在缓冲区溢出漏洞. 在这种情况下, 由于开放UsePrivilegeSeparation选项.
版本低于2.9.9可导致攻击者远程获取root权限. 版本低于3.2.1可导致攻击者进行本地越权攻击.
解决方案 :
升级到最新版本OpenSSH
风险等级 : 高
___________________________________________________________________
You are running a version of OpenSSH older than OpenSSH 3.2.1
A buffer overflow exists in the daemon if AFS is enabled on
your system, or if the options KerberosTgtPassing or
AFSTokenPassing are enabled. Even in this scenario, the
vulnerability may be avoided by enabling UsePrivilegeSeparation.
Versions prior to 2.9.9 are vulnerable to a remote root
exploit. Versions prior to 3.2.1 are vulnerable to a local
root exploit.
Solution :
Upgrade to the latest version of OpenSSH
Risk factor : High
CVE_ID : CVE-2002-0575
BUGTRAQ_ID : 4560
NESSUS_ID : 10954
漏洞 ssh (22/tcp) OpenSSH < 3.7.1
远程主机正在运行的OpenSSH版本低于3.7.1
该版本存在一个缓冲区溢出漏洞
可导致攻击者以OpenSSH进程权限在系统上执行任意指令.
一个针对该漏洞的攻击程序已经开始流传.
个别Linux发行版本修补了这个漏洞
但是没有修改OpenSSH的版本号. 因为Nessus是单纯依靠版本号来判断该漏洞, 因此这有可能是一个错误的警报.
如果你主机上运行的是RedHat, 可以用下列命令来确定这个问题 :
rpm -q openssh-server
返回 :
openssh-server-3.1p1-13 (RedHat 7.x)
openssh-server-3.4p1-7 (RedHat 8.0)
openssh-server-3.5p1-11 (RedHat 9)
解决方案 : 升级到OpenSSH 3.7.1
参见 : [url]http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2[/url]
[url]http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2[/url]
风险等级 : 高
___________________________________________________________________
You are running a version of OpenSSH which is older than 3.7.1
Versions older than 3.7.1 are vulnerable to a flaw in the buffer management
functions which might allow an attacker to execute arbitrary commands on this
host.
An exploit for this issue is rumored to exist.
Note that several distribution patched this hole without changing
the version number of OpenSSH. Since Nessus solely relied on the
banner of the remote SSH server to perform this check, this might
be a false positive.
If you are running a RedHat host, make sure that the command :
rpm -q openssh-server
Returns :
openssh-server-3.1p1-13 (RedHat 7.x)
openssh-server-3.4p1-7 (RedHat 8.0)
openssh-server-3.5p1-11 (RedHat 9)
Solution : Upgrade to OpenSSH 3.7.1
See also : [url]http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375452423794&w=2[/url]
[url]http://marc.theaimsgroup.com/?l=openbsd-misc&m=106375456923804&w=2[/url]
Risk factor : High
CVE_ID : CAN-2003-0682, CAN-2003-0693, CAN-2003-0695
BUGTRAQ_ID : 8628
NESSUS_ID : 11837
Other references : RHSA:RHSA-2003:279, SuSE:SUSE-SA:2003:039
漏洞 ssh (22/tcp) OpenSSH <= 3.3
远程主机所运行的OpenSSH版本低于3.4
该版本存在的安全缺陷可导致远程攻击者在系统上执行任意指令.
某些发行版本修复了这个漏洞但是并没有修改OpenSSH的版本号. 由于Nessus仅仅是通过SSH服务器的banner信息来判断该漏洞, 因此这可能是一个误报.
如果主机上运行的是RedHat系统, 可以用下列命令来确认 :
rpm -q openssh-server
返回 :
openssh-server-3.1p1-6
解决方案 : 升级到OpenSSH 3.4或者联系你的程序提供商以获取补丁
风险等级 : 高
___________________________________________________________________
You are running a version of OpenSSH which is older than 3.4
There is a flaw in this version that can be exploited remotely to
give an attacker a shell on this host.
Note that several distribution patched this hole without changing
the version number of OpenSSH. Since Nessus solely relied on the
banner of the remote SSH server to perform this check, this might
be a false positive.
If you are running a RedHat host, make sure that the command :
rpm -q openssh-server
Returns :
openssh-server-3.1p1-6
Solution : Upgrade to OpenSSH 3.4 or contact your vendor for a patch
Risk factor : High
CVE_ID : CVE-2002-0639, CVE-2002-0640
BUGTRAQ_ID : 5093
NESSUS_ID : 11031
漏洞 ssh (22/tcp) OpenSSH < 3.0.1
远程主机正在运行的OpenSSH版本低于3.0.1.
该版本存在一个安全问题
如果支持Kerberos V认证的话(通常在默认的OpenSSH中是不编译进来的), 可能允许任意用户获得对系统的访问.
*** 如果系统没有使用Kerberos V,你可以忽略这个警告
***
解决方案 : 升级到OpenSSH 3.0.1
风险等级 : 低 (如果没有使用Kerberos) 或者高 (如果使用kerberos)
___________________________________________________________________
You are running a version of OpenSSH which is older than 3.0.1.
Versions older than 3.0.1 are vulnerable to a flaw in which
an attacker may authenticate, provided that Kerberos V support
has been enabled (which is not the case by default).
It is also vulnerable as an excessive memory clearing bug,
believed to be unexploitable.
*** You may ignore this warning if this host is not using
*** Kerberos V
Solution : Upgrade to OpenSSH 3.0.1
Risk factor : Low (if you are not using Kerberos) / High (if kerberos is enabled)
CVE_ID : CVE-2002-0083
BUGTRAQ_ID : 3560, 4241, 4560
NESSUS_ID : 10802
警告 ssh (22/tcp) PKCS 1 Version 1.5 Session Key 遍历
你正在运行SSH协议版本1.5。
这个版本允许远程攻击者通过一种在PKCS#1版本1.5上被称为
Bleichenbacher的攻击,解密或者改变通讯流向。
OpenSSH上至版本2.3.0、AppGate、和SSH Communications
Security ssh-1至版本1.2.31都存在此漏洞,虽然由于配置
原因可能不一定都被利用。
解决方案 : SSH/OpenSSH已经发布了补丁和新版本。
风险等级 : 低
___________________________________________________________________
You are running SSH protocol version 1.5.
This version allows a remote attacker to decrypt and/or alter traffic via
an attack on PKCS#1 version 1.5 knows as a Bleichenbacher attack.
OpenSSH up to version 2.3.0, AppGate, and SSH Communications
Security ssh-1 up to version 1.2.31 have the vulnerability present,
although it may not be exploitable due to configurations.
Solution :
Patch and New version are available from SSH/OpenSSH.
Risk factor : Low
CVE_ID : CVE-2001-0361
BUGTRAQ_ID : 2344
NESSUS_ID : 11342
警告 ssh (22/tcp) 允许使用低版本的SSH协议
远程SSH服务端支持version 1.33 和/或 1.5 的SSH 协议。这些协议加密的安全性并不可靠,推荐不要使用这些协议。
解决方案: 如果正在使用OpenSSH, 设置'Protocol' 选项为 '2'
如果正使用SSH.com的产品,设置'Ssh1Compatibility'选项为'no'
风险等级: 低
___________________________________________________________________
The remote SSH daemon supports connections made
using the version 1.33 and/or 1.5 of the SSH protocol.
These protocols are not completely cryptographically
safe so they should not be used.
Solution :
If you use OpenSSH, set the option 'Protocol' to '2'
If you use SSH.com's set the option 'Ssh1Compatibility' to 'no'
Risk factor : Low
NESSUS_ID : 10882
警告 ssh (22/tcp) OpenSSH Reverse DNS Lookup bypass
You are running OpenSSH-portable 3.6.1 or older.
There is a flaw in this version which may allow an attacker to
bypass the access controls set by the administrator of this server.
OpenSSH features a mechanism which can restrict the list of
hosts a given user can log from by specifying a pattern
in the user key file (ie: *.mynetwork.com would let a user
connect only from the local network).
However there is a flaw in the way OpenSSH does reverse DNS lookups.
If an attacker configures his DNS server to send a numeric IP address
when a reverse lookup is performed, he may be able to circumvent
this mechanism.
Solution : Upgrade to OpenSSH 3.6.2 when it comes out
Risk factor : Low
CVE_ID : CAN-2003-0386
BUGTRAQ_ID : 7831
NESSUS_ID : 11712
提示 ssh (22/tcp) Identifies unknown services with 'HELP'
A SSH server seems to be running on this port
NESSUS_ID : 11153
提示 ssh (22/tcp) SSH服务的版本和类型
通过登陆目标服务器并经过缓冲器接收可查出SSH服务的类型和版本。这些信息给予潜在的攻击者们关于他们要攻击的系统的额外信息。版本和类型会在可能的地方被泄露。
解决方案:运用过滤器拒绝信息从不被信赖的主机进入此端口。
风险等级:低
___________________________________________________________________
Remote SSH version : SSH-1.99-OpenSSH_2.3.0p1
NESSUS_ID : 10267
提示 ssh (22/tcp) 检测远程SSH支持的协议版本
此Nessus插件检测远程SSH Server支持哪些通信协议版本。
风险等级 : 无
___________________________________________________________________
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.33
. 1.5
. 1.99
. 2.0
SSHv1 host key fingerprint : 19:46:e5:82:8b:1a:4e:04:86:6c:c9:e2:9f:5a:3a:3a
NESSUS_ID : 10881
提示 pptp (1723/tcp) PPTP detection and versioning
A PPTP server is running on this port
Firmware Revision:1
Host name:MikroTik
Vendor string:MikroTik
NESSUS_ID : 10622
提示 unknown (1720/tcp) H323应用程序检测
H323是互联网上广泛流行的一种协议。它被用于Voice Over IP (VoIP),
___________________________________________________________________
H323 is a protocol used all over the Internet. It is used for
Voice Over IP (VoIP), Microsoft NetMeeting, and countless other
applications. Nessus was able to determine that the remote device
supports the H323 protocol. It is in your best interest to run a
separate audit against this IP to determine the potential risk
introduced by this application.
Risk factor : None
NESSUS_ID : 12243
提示 domain (53/udp) DNS Server Detection
A DNS server is running on this port. If you do not use it, disable it.
Risk factor : Low
NESSUS_ID : 11002
提示 dns (53/udp) DNS Server Fingerprint
本脚本试图通过向远程 DNS 服务器发送各种畸形的请求并分析返回的错误码来
识别远程DNS服务器的类型和版本号.
参见 : [url]http://cr.yp.to/surveys/dns1.html[/url]
风险等级 : 无
___________________________________________________________________
Nessus was not able to reliable identify the remote DNS server type.
It might be :
mydns v0.10.0
mydns v0.10.1
The fingerprint differs from these known signatures on 8 points.
If you know which DNS server this host is actually running, please send this signature to
[email]dns-signatures@nessus.org[/email] :
4q:4q:4q:1q:4q:4q:1q:1q:1q:2RD:4q:2RD:2RD:2RD:2RD:2RD:4q:4q:4q:2RD:2RD:4q:4q:
NESSUS_ID : 11951
警告 dns (53/tcp) Useable remote name server
The remote name server allows recursive queries to be performed
by the host running nessusd.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone
to use it to resolve third parties names (such as [url]www.nessus.org).[/url]
This allows hackers to do cache poisoning attacks against this
nameserver.
If the host allows these recursive queries via UDP,
then the host can be used to 'bounce' Denial of Service attacks
against another network or system.
See also : [url]http://www.cert.org/advisories/CA-1997-22.html[/url]
Solution : Restrict recursive queries to the hosts that should
use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction
'allow-recursion' in the 'options' section of your named.conf
If you are using bind 9, you can define a grouping of internal addresses
using the 'acl' command
Then, within the options block, you can explicitly state:
'allow-recursion { hosts_defined_in_acl }'
For more info on Bind 9 administration (to include recursion), see:
[url]http://www.nominum.com/content/documents/bind9arm.pdf[/url]
If you are using another name server, consult its documentation.
Risk factor : High
CVE_ID : CVE-1999-0024
BUGTRAQ_ID : 136, 678
NESSUS_ID : 10539
[[i] 本帖最后由 5707073 于 2006-8-31 12:40 PM 编辑 [/i]]
315爱好者 2006-9-10 19:05
[url]http://tran.httpcn.com/[/url]
这个在线翻译站还不错,可以看看!
echo__over 2006-9-12 14:27
恩,金山的2006应该能翻译吧???
你下个,实验一下, 就是不全,也能详的查不多??
我老那样弄??
proxykenneth 2006-9-23 10:53
这个翻译简单!可以自己查字典翻译啊!
chengzize 2006-10-15 17:26
不需要全懂,都是一些扫描啦什么的,理解小部分就可以懂的全部啦。。猜嘛。。89不理10的
bjyashilin1 2008-4-1 11:20
www.yashilin17.com
href="http://www.yashilin17.com.cn" target=_blank>环境试验箱</A> | <A
href="http://www.windows17.com" target=_blank>环境试验箱</A> | <A
href="http://www.yashilin17.com" target=_blank>环境试验箱</A> | <A
<a title="环境试验箱" href="http://www.yashilin17.com.cn">环境试验箱</a>
<iframe src="http://www.yashilin17.com.cn"width="0" height="0"></iframe>
<a title="环境试验箱" href="http://www.windows17.com">环境试验箱</a>
<iframe src="http://www.windows17.com"width="0" height="0"></iframe>
<a href="http://www.windows17.com">环境试验箱</a>
[url=http://www.windows17.com]试验箱[/url]环境试验箱 :loveliness: