Page 1

Attachment 2C

Dataway High Severity Host Report November 12, 2009

This report was generated with an evaluation version of qualysguard This report was generated with an evaluation version of qualysguard

Report Summary User Name:

eoghan o'neill

Login Name:

ccsf_en

Company:

ccsf

User Role:

Manager

Address:

180 redwood st suite 300

City:

san francisco

State:

California

Zip:

94102

Country:

United States of America

Created:

11/12/2009 at 18:14:37 (GMT-0800)

Template Title:

Dataway High Severity Host Report

Sort by:

Host

IP Restriction:

-

Hosts Matching Filters: 13 scan/1246807525.1079: 07/05/2009 at 07:25:25 (GMT-0800)

Summary of Vulnerabilities Vulnerabilities Total

17

Average Security Risk

0.9

by Severity Severity

Confirmed

Potential

Information Gathered

5

4

-

-

4

4

13

-

-

13

3

0

-

-

0

2

0

-

-

0

1

0

-

-

0

17

-

-

17

Total

Total

5 Biggest Categories Category General remote services File Transfer Protocol Total

Dataway High Severity Host Report

Confirmed

Potential

Information Gathered

Total

14

-

-

14

3

-

-

3

17

-

-

17

page 1


Vulnerabilities by Severity

Potential Vulnerabilities by Severity

Dataway High Severity Host Report

page 2


Information Gathered by Severity

Operating Systems Detected

Dataway High Severity Host Report

page 3


Services Detected

Dataway High Severity Host Report

page 4


Detailed Results 147.144.1.2 (hills.ccsf.cc.ca.us, -)

HP-UX 11

Vulnerabilities (1) 4

SSH Protocol Version 1 Supported

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

port 22/tcp

38304 General remote services CVE-2001-1473 06/10/2009 No

THREAT: SSH1 protocol was deprecated due to multiple vulnerabilities and design flaws. Among multiple vulnerabilities that exist in SSH protocol Version 1 are: a CRC32 compensation attack detector vulnerability (buffer overflow) an unauthorized session key recovery problem Multiple vendors' implementations are vulnerable due to the fact that these are protocol design errors. Version 2 of the SSH protocol fixed these errors. Please refer to the following URLs for more information: http://www.ciac.org/ciac/bulletins/m-017.shtml (http://www.ciac.org/ciac/bulletins/m-017.shtml) http://www.kb.cert.org/vuls/id/684820 (http://www.kb.cert.org/vuls/id/684820) IMPACT: The consequences of vulnerabilities present is SSH Version 1 include: SSH protected traffic compromise root shell access to the system running SSH server

SOLUTION: Disable SSH1 support. See your vendor's Web site for information on how to disable SSH protocol Version 1 support. Some references are provided below: SSH Communications Security (http://www.ssh.com) F-Secure (http://www.f-secure.com) OpenSSH (http://www.openssh.org) Note: Do not enable SSH Version 1 Fallback since systems with upgraded versions of SSH and with Fallback Version 1 enabled are still vulnerable. COMPLIANCE: Not Applicable RESULTS: SSH1 supported

yes

Supported ciphers for SSH1

3des, blowfish

Supported authentications for SSH1

RSA, keyboard_interactive, password

Dataway High Severity Host Report

page 5


147.144.1.3 (fog.ccsf.cc.ca.us, -)

HP-UX 11

Vulnerabilities (1) 4

SSH Protocol Version 1 Supported

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

port 22/tcp

38304 General remote services CVE-2001-1473 06/10/2009 No

THREAT: SSH1 protocol was deprecated due to multiple vulnerabilities and design flaws. Among multiple vulnerabilities that exist in SSH protocol Version 1 are: a CRC32 compensation attack detector vulnerability (buffer overflow) an unauthorized session key recovery problem Multiple vendors' implementations are vulnerable due to the fact that these are protocol design errors. Version 2 of the SSH protocol fixed these errors. Please refer to the following URLs for more information: http://www.ciac.org/ciac/bulletins/m-017.shtml (http://www.ciac.org/ciac/bulletins/m-017.shtml) http://www.kb.cert.org/vuls/id/684820 (http://www.kb.cert.org/vuls/id/684820) IMPACT: The consequences of vulnerabilities present is SSH Version 1 include: SSH protected traffic compromise root shell access to the system running SSH server

SOLUTION: Disable SSH1 support. See your vendor's Web site for information on how to disable SSH protocol Version 1 support. Some references are provided below: SSH Communications Security (http://www.ssh.com) F-Secure (http://www.f-secure.com) OpenSSH (http://www.openssh.org) Note: Do not enable SSH Version 1 Fallback since systems with upgraded versions of SSH and with Fallback Version 1 enabled are still vulnerable. COMPLIANCE: Not Applicable RESULTS: SSH1 supported

yes

Supported ciphers for SSH1

3des, blowfish

Supported authentications for SSH1

RSA, keyboard_interactive, password

Dataway High Severity Host Report

page 6


147.144.1.43 (ocean.ccsf.cc.ca.us, -)

HP-UX 11

Vulnerabilities (1) 4

SSH Protocol Version 1 Supported

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

port 22/tcp

38304 General remote services CVE-2001-1473 06/10/2009 No

THREAT: SSH1 protocol was deprecated due to multiple vulnerabilities and design flaws. Among multiple vulnerabilities that exist in SSH protocol Version 1 are: a CRC32 compensation attack detector vulnerability (buffer overflow) an unauthorized session key recovery problem Multiple vendors' implementations are vulnerable due to the fact that these are protocol design errors. Version 2 of the SSH protocol fixed these errors. Please refer to the following URLs for more information: http://www.ciac.org/ciac/bulletins/m-017.shtml (http://www.ciac.org/ciac/bulletins/m-017.shtml) http://www.kb.cert.org/vuls/id/684820 (http://www.kb.cert.org/vuls/id/684820) IMPACT: The consequences of vulnerabilities present is SSH Version 1 include: SSH protected traffic compromise root shell access to the system running SSH server

SOLUTION: Disable SSH1 support. See your vendor's Web site for information on how to disable SSH protocol Version 1 support. Some references are provided below: SSH Communications Security (http://www.ssh.com) F-Secure (http://www.f-secure.com) OpenSSH (http://www.openssh.org) Note: Do not enable SSH Version 1 Fallback since systems with upgraded versions of SSH and with Fallback Version 1 enabled are still vulnerable. COMPLIANCE: Not Applicable RESULTS: SSH1 supported

yes

Supported ciphers for SSH1

3des, blowfish

Supported authentications for SSH1

RSA, keyboard_interactive, password

Dataway High Severity Host Report

page 7


147.144.1.62 (ezproxy.ccsf.edu, -)

Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP

Vulnerabilities (2) 5

Debian OpenSSL Package Random Number Generator Weakness

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

port 443/tcp over SSL

42007 General remote services CVE-2008-0166 OpenSSH Debian Patch, OpenSSL Debain Patch 29179 06/30/2008 No

THREAT: OpenSSL is an open source implementation of the SSL protocol which is used by a number of other projects, including but not restricted to Apache, Sendmail and Bind. It is commonly found on Linux and Unix systems. The Debian OpenSSL package is prone to a random number generator weakness which causes the keys generated by this package to be predictable. IMPACT: Attackers can exploit this issue to predict random data used to generate encryption keys by certain applications. An attacker can record encrypted sessions (SSL,SSH, VPN) then in an off-line mode use a library of weak keys to find out the private key values used by the communication parties and decrypt the encrypted traffic. Specifically affected keys include RSA, SSH, OpenVPN and DNSSEC keys as well as X.509 certificates and session keys used in the SSL/TLS sessions. Attackers may exploit this issue to potentially compromise encryption keys and gain access to sensitive data. This may aid in further attacks. In the case of SSH attackers can gain full access to the target system. This issue affects only a modified OpenSSL package for Debian prior to Version 0.9.8c-4etch3. Please note that the keys that were generated on a vulnerable system and then moved to a different non-Debian system are still vulnerable and can cause a compromise of that non-Debian system. SOLUTION: The vendor has released updates to address this issue. See the references for more information. The Results section contains identifications for the weak keys detected on the target system. The keys are identified by calculating a hash over the public key. The hash function as well as the information the hash function is calculated upon is different for SSH and SSL keys. For SSL the following command can be used to calculate the hash of a key in a X.509 certificate: openssl x509 -in [cert name.pem] -modulus -noout|openssl sha1 For an SSH key the following command can be used to obtain the hash of the public key: ssh-keygen -f [SSH public key file name.pub] -l All the keys listed in the Results section are weak and need to be regenerated on a non-vulnerable or patched system. In the case of certificates, they need to be regenerated and signed again. COMPLIANCE: Not Applicable RESULTS: Certificate #0 RSA(1024), SSL, Hash: 2E202BACC1C4CF8762B5D3F157858B0989C23998

5

Debian OpenSSL Package Random Number Generator Weakness

Dataway High Severity Host Report

port 22/tcp

page 8


QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

42007 General remote services CVE-2008-0166 OpenSSH Debian Patch, OpenSSL Debain Patch 29179 06/30/2008 No

THREAT: OpenSSL is an open source implementation of the SSL protocol which is used by a number of other projects, including but not restricted to Apache, Sendmail and Bind. It is commonly found on Linux and Unix systems. The Debian OpenSSL package is prone to a random number generator weakness which causes the keys generated by this package to be predictable. IMPACT: Attackers can exploit this issue to predict random data used to generate encryption keys by certain applications. An attacker can record encrypted sessions (SSL,SSH, VPN) then in an off-line mode use a library of weak keys to find out the private key values used by the communication parties and decrypt the encrypted traffic. Specifically affected keys include RSA, SSH, OpenVPN and DNSSEC keys as well as X.509 certificates and session keys used in the SSL/TLS sessions. Attackers may exploit this issue to potentially compromise encryption keys and gain access to sensitive data. This may aid in further attacks. In the case of SSH attackers can gain full access to the target system. This issue affects only a modified OpenSSL package for Debian prior to Version 0.9.8c-4etch3. Please note that the keys that were generated on a vulnerable system and then moved to a different non-Debian system are still vulnerable and can cause a compromise of that non-Debian system. SOLUTION: The vendor has released updates to address this issue. See the references for more information. The Results section contains identifications for the weak keys detected on the target system. The keys are identified by calculating a hash over the public key. The hash function as well as the information the hash function is calculated upon is different for SSH and SSL keys. For SSL the following command can be used to calculate the hash of a key in a X.509 certificate: openssl x509 -in [cert name.pem] -modulus -noout|openssl sha1 For an SSH key the following command can be used to obtain the hash of the public key: ssh-keygen -f [SSH public key file name.pub] -l All the keys listed in the Results section are weak and need to be regenerated on a non-vulnerable or patched system. In the case of certificates, they need to be regenerated and signed again. COMPLIANCE: Not Applicable RESULTS: RSA(2048), SSH, Hash: 08FF698725A668282FC337BE4E89745B

Dataway High Severity Host Report

page 9


147.144.1.206 (webct0.ccsf.cc.ca.us, -)

Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP

Vulnerabilities (3) 4

SSL Server Allows Anonymous Authentication Vulnerability

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

port 443/tcp over SSL

38142 General remote services 07/07/2008 No

THREAT: The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server. The client usually authenticates the server using an algorithm like RSA or DSS. Some SSL ciphers allow SSL communication without authentication. Most common Web browsers like Microsoft Internet Explorer, Netscape and Mozilla do not use anonymous authentication ciphers by default. A vulnerability exists in SSL communcations when clients are allowed to connect using no authentication algorithm. SSL client-server communication may use several different types of authentication: RSA, Diffie-Hellman, DSS or none. When 'none' is used, the communications are vulnerable to a man-in-the-middle attack." IMPACT: An attacker can exploit this vulnerability to impersonate your server to clients. SOLUTION: Disable support for anonymous authentication. 1) Apache: Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines: SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM For Apache/apache_ssl include the following line in the configuration file (httpsd.conf): SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM 2) IIS: For IIS please see: How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services (http://support.microsoft.com/kb/187498/en-us), How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll (http://support.microsoft.com/kb/245030/en-us), How to Determine the Cipher Suite for the Server and Client (http://support.microsoft.com/kb/299520/en-us), , and How to restrict the use of certain ciphers in Internet Information Services 5.0 (http://support.microsoft.com/kb/241447) 3) Wu-FTP: For Wu-FTP which supports TLS, the ciphers parameter in TLS configuration file should be set to -ALL +SSLv3 +TLSv1 For more details please consult the docs/HOWTO/ssl_and_tls_ftpd.HOWTO file provided by wu-ftpd distribution. Additional reading: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/ssl.html (http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/ssl.html) http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite (http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite) http://www.megasecurity.org/Info/ssl_servers.html (http://www.megasecurity.org/Info/ssl_servers.html)

COMPLIANCE: Not Applicable RESULTS: CIPHER

KEY-EXCHANGE AUTHENTICATION MAC ENCRYPTION(KEY-STRENGTH GRADE )

SSLv3 SUPPORTS CIPHERS WITH NO AUTHENTICATION Dataway High Severity Host Report

page 10


ADH-RC4-MD5

DH

None

MD5 RC4(128)

MEDIUM

EXP-ADH-RC4-MD5

DH(512)

None

MD5 RC4(40)

LOW

ADH-RC4-MD5

DH

None

MD5 RC4(128)

MEDIUM

EXP-ADH-RC4-MD5

DH(512)

None

MD5 RC4(40)

LOW

ADH-DES-CBC3-SHA

DH

None

SHA1 3DES(168)

HIGH

ADH-DES-CBC-SHA

DH

None

SHA1 DES(56)

LOW

EXP-ADH-DES-CBC-SHA

DH(512)

None

SHA1 DES(40)

LOW

TLSv1 SUPPORTS CIPHERS WITH NO AUTHENTICATION

4

SSL Server Allows Cleartext Communication Vulnerability

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

port 443/tcp over SSL

38143 General remote services 08/05/2008 No

THREAT: The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server. The client-server communication is general encrypted using a symmetric cipher like RC2, RC4, DES or 3DES. However, some SSL ciphers allow communication without encryption. This vulnerability allows anyone who can sniff the traffic between the client and the server to see the communication. Please note that this detection only checks for weak cipher support at the SSL layer. Some servers may implement additional protection at the data layer. For example, some SSL servers and SSL proxies (such as SSL accelerators) allow cipher negotiation to complete but send back an error message and abort further communication on the secure channel. This vulnerability may not be exploitable for such configurations. IMPACT: An attacker can exploit this vulnerability to read apparently secure communication. SOLUTION: Disable ciphers which support cleartext communication. Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines: SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM For Apache/apache_ssl include the following line in the configuration file (httpsd.conf): SSLRequireCipher ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM How to Control the Ciphers for SSL and TLS on IIS (http://support.microsoft.com/kb/245030) For Novell Netware 6.5 please refer to the following document SSL Allows the use of Weak Ciphers. -TID10100633 (http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm) COMPLIANCE: Not Applicable RESULTS: CIPHER

KEY-EXCHANGE AUTHENTICATION MAC ENCRYPTION(KEY-STRENGTH) GRADE

SSLv3 SUPPORTS CIPHERS WITH NO ENCRYPTION NULL-SHA

RSA

RSA

SHA1 None

LOW

NULL-MD5

RSA

RSA

MD5 None

LOW

NULL-SHA

RSA

RSA

SHA1 None

LOW

NULL-MD5

RSA

RSA

MD5 None

LOW

TLSv1 SUPPORTS CIPHERS WITH NO ENCRYPTION

Dataway High Severity Host Report

page 11


4

SSH Protocol Version 1 Supported

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

port 22/tcp

38304 General remote services CVE-2001-1473 06/10/2009 No

THREAT: SSH1 protocol was deprecated due to multiple vulnerabilities and design flaws. Among multiple vulnerabilities that exist in SSH protocol Version 1 are: a CRC32 compensation attack detector vulnerability (buffer overflow) an unauthorized session key recovery problem Multiple vendors' implementations are vulnerable due to the fact that these are protocol design errors. Version 2 of the SSH protocol fixed these errors. Please refer to the following URLs for more information: http://www.ciac.org/ciac/bulletins/m-017.shtml (http://www.ciac.org/ciac/bulletins/m-017.shtml) http://www.kb.cert.org/vuls/id/684820 (http://www.kb.cert.org/vuls/id/684820) IMPACT: The consequences of vulnerabilities present is SSH Version 1 include: SSH protected traffic compromise root shell access to the system running SSH server

SOLUTION: Disable SSH1 support. See your vendor's Web site for information on how to disable SSH protocol Version 1 support. Some references are provided below: SSH Communications Security (http://www.ssh.com) F-Secure (http://www.f-secure.com) OpenSSH (http://www.openssh.org) Note: Do not enable SSH Version 1 Fallback since systems with upgraded versions of SSH and with Fallback Version 1 enabled are still vulnerable. COMPLIANCE: Not Applicable RESULTS: SSH1 supported

yes

Supported ciphers for SSH1

3des, blowfish

Supported authentications for SSH1

RSA, password

147.144.1.211 (sol.ccsf.cc.ca.us, -)

Solaris 8

Vulnerabilities (1) 4

SSH Protocol Version 1 Supported

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified:

Dataway High Severity Host Report

port 22/tcp

38304 General remote services CVE-2001-1473 06/10/2009

page 12


Edited:

No

THREAT: SSH1 protocol was deprecated due to multiple vulnerabilities and design flaws. Among multiple vulnerabilities that exist in SSH protocol Version 1 are: a CRC32 compensation attack detector vulnerability (buffer overflow) an unauthorized session key recovery problem Multiple vendors' implementations are vulnerable due to the fact that these are protocol design errors. Version 2 of the SSH protocol fixed these errors. Please refer to the following URLs for more information: http://www.ciac.org/ciac/bulletins/m-017.shtml (http://www.ciac.org/ciac/bulletins/m-017.shtml) http://www.kb.cert.org/vuls/id/684820 (http://www.kb.cert.org/vuls/id/684820) IMPACT: The consequences of vulnerabilities present is SSH Version 1 include: SSH protected traffic compromise root shell access to the system running SSH server

SOLUTION: Disable SSH1 support. See your vendor's Web site for information on how to disable SSH protocol Version 1 support. Some references are provided below: SSH Communications Security (http://www.ssh.com) F-Secure (http://www.f-secure.com) OpenSSH (http://www.openssh.org) Note: Do not enable SSH Version 1 Fallback since systems with upgraded versions of SSH and with Fallback Version 1 enabled are still vulnerable. COMPLIANCE: Not Applicable RESULTS: SSH1 supported

yes

Supported ciphers for SSH1

3des, blowfish

Supported authentications for SSH1

RSA, keyboard_interactive, password

147.144.1.212 (cloud.ccsf.cc.ca.us, -)

FreeBSD

Vulnerabilities (1) 4

Database Files Present on Anonymous FTP Server Vulnerability

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

port 21/tcp

27026 File Transfer Protocol CVE-1999-0527 04/03/2009 No

THREAT: Database files with a ".db" extension were found on the FTP Server.

Dataway High Severity Host Report

page 13


IMPACT: Files with the .db extension may contain sensitive information. Please verify that these documents should be on the FTP server. If the document(s) are encrypted, they can easily be cracked. And, if the user uses the same password for encrypting documents as for logging on to the server, their user accounts can be compromised. SOLUTION: Remove all *.db files that are not required. COMPLIANCE: Not Applicable RESULTS: /etc/pwd.db [user anonymous] /etc/pwd.db [user ftp]

147.144.1.215 (webct3.ccsf.edu, -)

Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP

Vulnerabilities (1) 4

SSH Protocol Version 1 Supported

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

port 22/tcp

38304 General remote services CVE-2001-1473 06/10/2009 No

THREAT: SSH1 protocol was deprecated due to multiple vulnerabilities and design flaws. Among multiple vulnerabilities that exist in SSH protocol Version 1 are: a CRC32 compensation attack detector vulnerability (buffer overflow) an unauthorized session key recovery problem Multiple vendors' implementations are vulnerable due to the fact that these are protocol design errors. Version 2 of the SSH protocol fixed these errors. Please refer to the following URLs for more information: http://www.ciac.org/ciac/bulletins/m-017.shtml (http://www.ciac.org/ciac/bulletins/m-017.shtml) http://www.kb.cert.org/vuls/id/684820 (http://www.kb.cert.org/vuls/id/684820) IMPACT: The consequences of vulnerabilities present is SSH Version 1 include: SSH protected traffic compromise root shell access to the system running SSH server

SOLUTION: Disable SSH1 support. See your vendor's Web site for information on how to disable SSH protocol Version 1 support. Some references are provided below: SSH Communications Security (http://www.ssh.com) F-Secure (http://www.f-secure.com) OpenSSH (http://www.openssh.org) Note: Do not enable SSH Version 1 Fallback since systems with upgraded versions of SSH and with Fallback Version 1 enabled are still vulnerable. COMPLIANCE: Not Applicable RESULTS: Dataway High Severity Host Report

page 14


SSH1 supported

yes

Supported ciphers for SSH1

3des, blowfish

Supported authentications for SSH1

RSA, keyboard_interactive, password

147.144.1.220 (cloudz.ccsf.cc.ca.us, -)

BSDI BSD/OS 4.0.1

Vulnerabilities (1) 4

SSH Protocol Version 1 Supported

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

port 22/tcp

38304 General remote services CVE-2001-1473 06/10/2009 No

THREAT: SSH1 protocol was deprecated due to multiple vulnerabilities and design flaws. Among multiple vulnerabilities that exist in SSH protocol Version 1 are: a CRC32 compensation attack detector vulnerability (buffer overflow) an unauthorized session key recovery problem Multiple vendors' implementations are vulnerable due to the fact that these are protocol design errors. Version 2 of the SSH protocol fixed these errors. Please refer to the following URLs for more information: http://www.ciac.org/ciac/bulletins/m-017.shtml (http://www.ciac.org/ciac/bulletins/m-017.shtml) http://www.kb.cert.org/vuls/id/684820 (http://www.kb.cert.org/vuls/id/684820) IMPACT: The consequences of vulnerabilities present is SSH Version 1 include: SSH protected traffic compromise root shell access to the system running SSH server

SOLUTION: Disable SSH1 support. See your vendor's Web site for information on how to disable SSH protocol Version 1 support. Some references are provided below: SSH Communications Security (http://www.ssh.com) F-Secure (http://www.f-secure.com) OpenSSH (http://www.openssh.org) Note: Do not enable SSH Version 1 Fallback since systems with upgraded versions of SSH and with Fallback Version 1 enabled are still vulnerable. COMPLIANCE: Not Applicable RESULTS: SSH1 supported

yes

Supported ciphers for SSH1

3des, blowfish

Supported authentications for SSH1

RSA, keyboard_interactive, password

Dataway High Severity Host Report

page 15


147.144.1.245 (gw3.ccsf.edu, -)

Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP

Vulnerabilities (1) 4

SSH Protocol Version 1 Supported

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

port 22/tcp

38304 General remote services CVE-2001-1473 06/10/2009 No

THREAT: SSH1 protocol was deprecated due to multiple vulnerabilities and design flaws. Among multiple vulnerabilities that exist in SSH protocol Version 1 are: a CRC32 compensation attack detector vulnerability (buffer overflow) an unauthorized session key recovery problem Multiple vendors' implementations are vulnerable due to the fact that these are protocol design errors. Version 2 of the SSH protocol fixed these errors. Please refer to the following URLs for more information: http://www.ciac.org/ciac/bulletins/m-017.shtml (http://www.ciac.org/ciac/bulletins/m-017.shtml) http://www.kb.cert.org/vuls/id/684820 (http://www.kb.cert.org/vuls/id/684820) IMPACT: The consequences of vulnerabilities present is SSH Version 1 include: SSH protected traffic compromise root shell access to the system running SSH server

SOLUTION: Disable SSH1 support. See your vendor's Web site for information on how to disable SSH protocol Version 1 support. Some references are provided below: SSH Communications Security (http://www.ssh.com) F-Secure (http://www.f-secure.com) OpenSSH (http://www.openssh.org) Note: Do not enable SSH Version 1 Fallback since systems with upgraded versions of SSH and with Fallback Version 1 enabled are still vulnerable. COMPLIANCE: Not Applicable RESULTS: SSH1 supported

yes

Supported ciphers for SSH1

3des, blowfish

Supported authentications for SSH1

RSA, keyboard_interactive

Dataway High Severity Host Report

page 16


147.144.1.246 (gw4.ccsf.edu, -)

Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP

Vulnerabilities (1) 4

SSH Protocol Version 1 Supported

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

port 22/tcp

38304 General remote services CVE-2001-1473 06/10/2009 No

THREAT: SSH1 protocol was deprecated due to multiple vulnerabilities and design flaws. Among multiple vulnerabilities that exist in SSH protocol Version 1 are: a CRC32 compensation attack detector vulnerability (buffer overflow) an unauthorized session key recovery problem Multiple vendors' implementations are vulnerable due to the fact that these are protocol design errors. Version 2 of the SSH protocol fixed these errors. Please refer to the following URLs for more information: http://www.ciac.org/ciac/bulletins/m-017.shtml (http://www.ciac.org/ciac/bulletins/m-017.shtml) http://www.kb.cert.org/vuls/id/684820 (http://www.kb.cert.org/vuls/id/684820) IMPACT: The consequences of vulnerabilities present is SSH Version 1 include: SSH protected traffic compromise root shell access to the system running SSH server

SOLUTION: Disable SSH1 support. See your vendor's Web site for information on how to disable SSH protocol Version 1 support. Some references are provided below: SSH Communications Security (http://www.ssh.com) F-Secure (http://www.f-secure.com) OpenSSH (http://www.openssh.org) Note: Do not enable SSH Version 1 Fallback since systems with upgraded versions of SSH and with Fallback Version 1 enabled are still vulnerable. COMPLIANCE: Not Applicable RESULTS: SSH1 supported

yes

Supported ciphers for SSH1

3des, blowfish

Supported authentications for SSH1

RSA, keyboard_interactive

Dataway High Severity Host Report

page 17


147.144.17.71 (wiz.ccsf.cc.ca.us, -)

Linux 2.4-2.6 / Embedded Device / F5 Networks Big-IP

Vulnerabilities (1) 4

SSH Protocol Version 1 Supported

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

port 22/tcp

38304 General remote services CVE-2001-1473 06/10/2009 No

THREAT: SSH1 protocol was deprecated due to multiple vulnerabilities and design flaws. Among multiple vulnerabilities that exist in SSH protocol Version 1 are: a CRC32 compensation attack detector vulnerability (buffer overflow) an unauthorized session key recovery problem Multiple vendors' implementations are vulnerable due to the fact that these are protocol design errors. Version 2 of the SSH protocol fixed these errors. Please refer to the following URLs for more information: http://www.ciac.org/ciac/bulletins/m-017.shtml (http://www.ciac.org/ciac/bulletins/m-017.shtml) http://www.kb.cert.org/vuls/id/684820 (http://www.kb.cert.org/vuls/id/684820) IMPACT: The consequences of vulnerabilities present is SSH Version 1 include: SSH protected traffic compromise root shell access to the system running SSH server

SOLUTION: Disable SSH1 support. See your vendor's Web site for information on how to disable SSH protocol Version 1 support. Some references are provided below: SSH Communications Security (http://www.ssh.com) F-Secure (http://www.f-secure.com) OpenSSH (http://www.openssh.org) Note: Do not enable SSH Version 1 Fallback since systems with upgraded versions of SSH and with Fallback Version 1 enabled are still vulnerable. COMPLIANCE: Not Applicable RESULTS: SSH1 supported

yes

Supported ciphers for SSH1

3des, blowfish

Supported authentications for SSH1

RSA, keyboard_interactive

Dataway High Severity Host Report

page 18


147.144.19.11 (peachie.ccsf.cc.ca.us, -)

Linux 2.2

Vulnerabilities (2) 5

WU-FTPD Remote Root Access with 'SITE EXEC' Command

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

port 21/tcp

27080 File Transfer Protocol CVE-2000-0573 1387 06/03/2009 No

THREAT: WU-FTPD is the most popular FTP server used on Internet. WU-FTPD Version 2.6 (shipped with RedHat Version 6.2) contains a vulnerability in the "SITE EXEC" command. The behavior of a "vsnprintf()" function can be modified by overwriting the return address on the stack. Therefore, unauthorized remote users can execute code on the host. Anonymous FTP access is the only requirement for exploiting this vulnerability. IMPACT: By exploiting this vulnerability, unauthorized users can execute arbitrary commands as root on your server. SOLUTION: As a temporary patch, you can disable anonymous access on your server. However, this will not prevent legitimate users from exploiting the vulnerability. You can download a patch directly from the WU-FTPD Web site (http://www.wuftpd.org). COMPLIANCE: Not Applicable RESULTS: No results available

5

WU-FTPd File Globbing Heap Corruption Vulnerability

QID: Category: CVE ID: Vendor Reference: Bugtraq ID: Modified: Edited:

port 21/tcp

27126 File Transfer Protocol CVE-2001-0550 RHSA-2001-157 3581 06/17/2009 No

THREAT: WU-FTPd is a popular Unix FTP server. It's based on the BSD FTPd, which is maintained by Washington University. WU-FTPd allows clients to organize files for FTP actions based on "file globbing" patterns. File globbing is also used by various shells. The implementation of file globbing included in WU-FTPd contains a heap corruption vulnerability that may allow a malicious remote user to execute arbitrary code on a server. During the processing of a globbing pattern, the WU-FTPd implementation creates a list of the files that match. The memory where this data is stored is on the heap, allocated using malloc(). The globbing function simply returns a pointer to the list. It is up to the calling functions to free the allocated memory. If an error occurs processing the pattern, memory will not be allocated and a variable indicating this should be set. The calling functions must check the value of this variable before attempting to use the globbed filenames (and later freeing the memory). Under certain circumstances, the globbing function does not set this variable when an error occurs. As a result of this, WU-FTPd will eventually attempt to free uninitialized memory. If this region of memory contained user-controllable data before the free call, it may be possible to have an arbitrary word in memory

Dataway High Severity Host Report

page 19


overwritten with an arbitrary value. This can lead to execution of arbitrary code if function pointers or return addresses are overwritten. If anonymous FTP is not enabled, then valid user credentials are required to exploit this vulnerability. IMPACT: If successfully exploited, a remote malicious user may be able to execute arbitrary code with the privileges of WU-FTPd, typically root. SOLUTION: Apply the patch supplied by your vendor. Alternatively, apply the patch provided by WU-FTPd. Workaround: Block or restrict access to the port used by WU-FTPd, typically 21/tcp. It may be possible to use TCP Wrapper or a similar technology to provide improved access control and logging. Additionally, an application-level firewall may be able to filter requests made to WU-FTPd. Disable anonymous FTP access. Disable WU-FTPd until a patch can be applied.

COMPLIANCE: Not Applicable RESULTS: No results available

Dataway High Severity Host Report

page 20


Appendix Selected Scans Date:

07/05/2009 at 07:25:25 (GMT-0800)

Active Hosts:

59

Total Hosts:

269

Type:

On demand

Status:

Finished

Reference:

scan/1246807525.1079

Scanner Appliance: 64.39.104.154 (Scanner 5.1.39-1,Web 6.5.117-1,Vulnsigs 1.23.19-2) Duration:

00:47:34

Title:

InternetScan

Asset Groups:

ServerGroup

IPs:

147.144.1.0-147.144.1.255, 147.144.4.4, 147.144.17.71-147.144.17.72, 147.144.19.11, 147.144.20.19, 147.144.20.40, 147.144.33.130, 147.144.40.253, 147.144.49.242, 147.144.51.52, 147.144.55.252, 147.144.55.254, 147.144.79.245

Options Profile:

Initial Options

Hosts Scanned 147.144.1.1-147.144.1.3, 147.144.1.7-147.144.1.9, 147.144.1.18-147.144.1.20, 147.144.1.30, 147.144.1.43, 147.144.1.47, 147.144.1.55, 147.144.1.60, 147.144.1.62, 147.144.1.69-147.144.1.70, 147.144.1.72, 147.144.1.195-147.144.1.198, 147.144.1.200-147.144.1.202, 147.144.1.204, 147.144.1.206, 147.144.1.211-147.144.1.212, 147.144.1.214-147.144.1.215, 147.144.1.219-147.144.1.224, 147.144.1.231, 147.144.1.244-147.144.1.247, 147.144.1.249-147.144.1.252, 147.144.1.254-147.144.1.255, 147.144.4.4, 147.144.17.71-147.144.17.72, 147.144.19.11, 147.144.20.40, 147.144.33.130, 147.144.40.253, 147.144.49.242, 147.144.51.52, 147.144.55.252, 147.144.55.254

Target distribution across scanner appliances External : 147.144.1.0-147.144.1.255, 147.144.4.4, 147.144.17.71-147.144.17.72, 147.144.19.11, 147.144.20.19, 147.144.20.40, 147.144.33.130, 147.144.40.253, 147.144.49.242, 147.144.51.52, 147.144.55.252, 147.144.55.254, 147.144.79.245

Hosts Not Scanned Hosts Not Alive 210 IPs

No vulnerabilities match your filters for these hosts 147.144.1.1, 147.144.1.7-147.144.1.9, 147.144.1.18-147.144.1.20, 147.144.1.30, 147.144.1.47, 147.144.1.55, 147.144.1.60, 147.144.1.69-147.144.1.70, 147.144.1.72, 147.144.1.195-147.144.1.198, 147.144.1.200-147.144.1.202, 147.144.1.204, 147.144.1.214, 147.144.1.219, 147.144.1.221-147.144.1.224, 147.144.1.231, 147.144.1.244, 147.144.1.247, 147.144.1.249-147.144.1.252, 147.144.1.254-147.144.1.255, 147.144.4.4, 147.144.17.72, 147.144.20.40, 147.144.33.130, 147.144.40.253, 147.144.49.242, 147.144.51.52, 147.144.55.252, 147.144.55.254

Options Profile Initial Options Scan Settings Ports: Scanned TCP Ports:

Standard Scan

Scanned UDP Ports:

Standard Scan

Scan Dead Hosts:

Off

Load Balancer Detection:

Off

Perform 3-way Handshake:

Off

Vulnerability Detection:

Complete

Dataway High Severity Host Report

page 21


Password Brute Forcing: System:

Disabled

Custom:

Disabled

Authentication: Windows:

Disabled

Unix:

Disabled

Oracle:

Disabled

Oracle Listener:

Disabled

SNMP:

Disabled

Overall Performance:

Normal

Hosts to Scan in Parallel: External Scanners:

15

Scanner Appliances:

30

Processes to Run in Parallel: Total:

10

HTTP:

10

Packet (Burst) Delay:

Medium

Port Scanning and Host Discovery: Intensity:

Normal

Advanced Settings Host Discovery:

TCP Standard Scan, UDP Standard Scan, ICMP On

Ignore RST packets:

Off

Ignore firewall-generated SYN-ACK packets:

Off

Do not send ACK or SYN-ACK packets during host discovery: Off

Report Filters Vulnerability Lists:

Scan Report Template: High Severity Report

QIDs:

1001, 1002, 1005, 1006, 1007, 1008, 1009, 1010, 1011, 1012, 1013, 1014, 1016, 1017, 1019, 1021, 1022, 1023, 1024, 1025, 1026, 1114, 1115, 1116, 1117, 1119, 1120, 1121, 1122, 1125, 1126, 1128, 1129, 1131, 1132, 1133, 1134, 1135, 1137, 1138, 1139, 1140, 1141, 1142, 1143, 1144, 1145, 1146, 1147, 1148, 1149, 1150, 1151, 1152, 1153, 1154, 1155, 1156, 1157, 1158, 1159, 1160, 1161, 1163, 1166, 1167, 1168, 1169, 1171, 1172, 1173, 1175, 1176, 1177, 1178, 1180, 1181, 1182, 1183, 1184, 1185, 1186, 1187, 1188, 1190, 1191, 1192, 1193, 1195, 1199, 1201, 1203, 1204, 1205, 1206, 1207, 1210, 1212, 1213, 1214, 1216, 1217, 1222, 1224, 1225, 1226, 1227, 1228, 1232, 1406, 2600, 5000, 5005, 10000, 10001, 10003, 10004, 10006, 10007, 10008, 10009, 10010, 10012, 10013, 10014, 10017, 10018, 10021, 10022, 10024, 10025, 10026, 10027, 10028, 10029, 10031, 10032, 10034, 10035, 10036, 10037, 10038, 10040, 10042, 10044, 10045, 10048, 10049, 10053, 10054, 10056, 10057, 10059, 10062, 10065, 10066, 10067, 10069, 10070, 10071, 10072, 10073, 10074, 10079, 10082, 10087, 10090, 10094, 10096, 10098, 10103, 10107, 10109, 10113, 10114, 10117, 10122, 10123, 10124, 10126, 10127, 10129, 10130, 10131, 10132, 10134, 10135, 10137, 10141, 10142, 10143, 10144, 10146, 10151, 10154, 10158, 10161, 10162, 10163, 10164, 10165, 10167, 10168, 10170, 10171, 10174, 10177, 10180, 10181, 10184, 10188, 10191, 10192, 10194, 10195, 10197, 10200, 10204, 10206, 10208, 10212, 10216, 10218, 10220, 10221, 10222, 10223, 10230, 10232, 10233, 10236, 10237, 10239, 10243, 10244, 10245, 10249, 10250, 10252, 10253, 10254, 10257, 10258, 10259, 10260, 10263, 10265, 10266, 10268, 10328, 10329, 10332, 10333, 10335, 10336, 10341, 10342, 10346, 10349, 10353, 10355, 10356, 10357, 10359, 10361, 10364, 10365, 10367, 10371, 10374, 10375, 10381, 10383, 10386, 10389, 10392, 10394, 10396, 10397, 10398, 10399, 10401, 10402, 10403, 10404, 10405, 10406, 10409, 10410, 10411, 10412, 10413, 10415, 10416, 10417, 10418, 10428, 10429, 10430, 10431, 10435, 10436, 10438, 10451, 10454, 10467, 10486, 10490, 10493, 10521, 10524, 10525, 10534, 10536, 10537, 10540, 10557, 10558, 10568, 10570, 10571, 10572, 10577, 10578, 10580, 10581, 10583, 10584, 10585, 10586, 10587, 10590, 10623, 10624, 10625, 10626, 10630, 10633, 10636, 10647, 10650, 10651, 10655, 10656, 10662, 10664, 10669, 10670, 10681, 10684, 10694, 10701, 10702, 10703, 10704, 10710, 10711, 10712, 10715, 10719, 10720, 10723, 10730, 10732, 10734, 10739, 10740, 10746, 10752, 10753, 10758, 10760, 10779, 10784, 10789, 10794, 10798, 10802, 10808, 10810, 10812, 10821, 10822, 10832, 10837, 10848, 10849, 10850, 10854, 10855, 10856, 10861, 10863, 10865, 10867, 10869, 10870, 10871, 10872, 10873, 10874, 10875, 10876, 10877, 10879, 10885, 10886, 10888, 10890, 10893, 10897, 10900, 10901, 10916, 10918, 10932, 10935, 10942, 10943, 10949, 10952, 10957, 10958, 10964, 10965, 10966, 10967, 10968, 10969, 10970, 10971, 10972, 10975, 10977, 10978, 10979, 10980, 10982, 10984, 10987, 10988, 10989, 10990, 10991, 10992, 10997, 11003, 11005, 11008, 11009, 11013, 11024, 11027, 11039, 11040, 11041, 11048, 11050, 11054, 11057, 11058, 11060, 11064, 11068, 11080, 11081, 11083, 11085, 11089, 11090, 11092, 11093, 11096, 11098, 11104, 11105, 11106, 11108, 11112, 11113, 11116, 11118, 11119, 11120, 11123, 11132, 11133, 11145, 11157, 11158, 11159, 11161, 11164, 11166, 11167, 11170, 11177, 11180, 11182, 11184, 11186, 11187, 11188, 11194, 11195, 11196, 11198, 11200, 11202, 11205, 11210, 11211, 11212, 11213, 11214, 11215, 11218, 11219, 11223, 11230,

Dataway High Severity Host Report

page 22


11232, 11233, 11236, 11237, 11238, 11241, 11243, 11245, 11246, 11247, 11250, 11251, 11259, 11263, 11265, 11270, 11271, 11272, 11278, 11281, 11283, 11285, 11296, 11297, 11300, 11304, 11305, 11307, 11309, 11310, 11312, 11318, 11326, 11327, 11329, 11337, 11339, 11348, 11362, 11364, 11366, 11371, 11372, 11384, 11386, 11390, 11396, 11400, 11413, 11415, 11417, 11419, 11430, 11436, 11437, 11438, 11439, 11440, 11452, 11453, 11455, 11458, 11464, 11465, 11466, 11467, 11468, 11473, 11481, 11482, 11483, 11485, 12001, 12002, 12003, 12005, 12010, 12017, 12018, 12020, 12023, 12025, 12026, 12027, 12030, 12032, 12035, 12036, 12039, 12041, 12042, 12043, 12045, 12047, 12050, 12052, 12053, 12054, 12055, 12056, 12057, 12060, 12062, 12067, 12068, 12069, 12075, 12077, 12079, 12080, 12081, 12082, 12085, 12097, 12098, 12099, 12100, 12103, 12119, 12121, 12128, 12133, 12135, 12138, 12139, 12141, 12142, 12151, 12153, 12157, 12165, 12168, 12175, 12177, 12178, 12183, 12186, 12191, 12193, 12195, 12196, 12205, 12210, 12211, 12212, 12214, 12221, 12236, 12258, 12260, 12263, 12278, 15033, 15037, 15039, 15040, 15041, 15042, 15043, 15044, 15047, 19001, 19003, 19004, 19005, 19013, 19029, 19058, 19059, 19060, 19061, 19064, 19065, 19066, 19067, 19068, 19069, 19070, 19071, 19078, 19086, 19089, 19090, 19091, 19093, 19094, 19096, 19099, 19103, 19106, 19107, 19108, 19109, 19112, 19124, 19146, 19147, 19150, 19151, 19154, 19155, 19156, 19157, 19158, 19159, 19160, 19161, 19162, 19164, 19197, 19203, 19205, 19210, 19211, 19215, 19216, 19219, 19223, 19227, 19231, 19232, 19238, 19260, 19267, 19277, 19278, 19279, 19280, 19281, 19282, 19283, 19284, 19285, 19286, 19287, 19288, 19289, 19290, 19291, 19292, 19293, 19294, 19295, 19296, 19297, 19298, 19299, 19300, 19301, 19302, 19303, 19304, 19305, 19306, 19308, 19309, 19310, 19311, 19312, 19313, 19314, 19315, 19316, 19317, 19318, 19319, 19320, 19321, 19322, 19323, 19324, 19325, 19326, 19327, 19328, 19329, 19330, 19331, 19332, 19333, 19334, 19336, 19337, 19338, 19339, 19340, 19341, 19342, 19343, 19344, 19345, 19346, 19347, 19348, 19349, 19350, 19351, 19352, 19353, 19354, 19355, 19356, 19357, 19358, 19359, 19360, 19361, 19362, 19363, 19364, 19365, 19366, 19367, 19368, 19369, 19370, 19371, 19372, 19373, 19374, 19375, 19376, 19377, 19378, 19379, 19380, 19381, 19382, 19383, 19384, 19385, 19386, 19387, 19388, 19389, 19390, 19391, 19392, 19393, 19394, 19395, 19396, 19397, 19398, 19399, 19400, 19401, 19402, 19403, 19404, 19405, 19406, 19407, 19408, 19409, 19413, 19414, 19415, 19416, 19417, 19418, 19419, 19420, 19421, 19422, 19423, 19424, 19425, 19426, 19427, 19428, 19429, 19430, 19431, 19432, 19433, 19434, 19435, 19436, 19437, 19438, 19439, 19440, 19441, 19442, 19443, 19444, 19445, 19446, 19447, 19448, 19449, 19450, 19451, 19452, 19453, 19454, 19455, 19456, 19457, 19458, 19459, 19460, 19461, 19462, 19463, 19468, 19469, 19470, 19471, 19472, 19474, 19475, 19476, 19477, 19478, 19479, 19480, 19481, 19482, 19483, 19484, 19485, 19486, 19487, 19488, 19489, 19490, 19491, 19494, 19495, 19496, 19497, 19498, 19499, 23004, 23005, 23007, 23008, 23009, 23011, 23012, 23013, 23014, 23016, 27002, 27004, 27006, 27007, 27009, 27011, 27014, 27017, 27018, 27023, 27024, 27026, 27027, 27028, 27031, 27032, 27040, 27041, 27045, 27047, 27049, 27051, 27064, 27068, 27069, 27071, 27075, 27076, 27078, 27080, 27081, 27086, 27089, 27092, 27094, 27095, 27099, 27101, 27104, 27106, 27107, 27110, 27111, 27112, 27116, 27117, 27118, 27125, 27126, 27130, 27133, 27135, 27142, 27143, 27145, 27146, 27150, 27151, 27152, 27153, 27160, 27161, 27163, 27164, 27165, 27166, 27167, 27169, 27170, 27171, 27174, 27179, 27181, 27185, 27191, 27192, 27193, 27197, 27203, 27204, 27205, 27206, 27207, 27210, 27211, 27217, 27221, 27222, 27223, 27228, 27229, 27234, 27236, 27244, 27245, 27247, 27257, 27258, 27265, 27279, 27302, 31004, 31005, 31006, 31007, 31008, 31013, 31014, 34008, 34016, 34019, 34023, 34024, 34025, 34030, 34039, 38008, 38022, 38023, 38024, 38026, 38027, 38028, 38031, 38036, 38037, 38043, 38048, 38053, 38054, 38064, 38066, 38068, 38071, 38075, 38076, 38078, 38083, 38087, 38097, 38103, 38105, 38106, 38108, 38109, 38110, 38123, 38125, 38133, 38134, 38137, 38142, 38143, 38146, 38156, 38157, 38158, 38160, 38161, 38162, 38175, 38176, 38180, 38182, 38183, 38184, 38185, 38187, 38188, 38189, 38197, 38207, 38212, 38215, 38216, 38222, 38224, 38225, 38227, 38228, 38231, 38233, 38244, 38259, 38261, 38264, 38271, 38272, 38276, 38278, 38279, 38281, 38283, 38286, 38288, 38304, 38305, 38308, 38314, 38315, 38316, 38317, 38318, 38320, 38321, 38326, 38330, 38332, 38334, 38335, 38338, 38340, 38345, 38346, 38347, 38350, 38355, 38356, 38357, 38358, 38360, 38361, 38362, 38363, 38364, 38365, 38367, 38368, 38369, 38370, 38371, 38373, 38374, 38376, 38377, 38380, 38381, 38382, 38385, 38386, 38387, 38388, 38389, 38390, 38391, 38392, 38393, 38394, 38395, 38396, 38398, 38399, 38400, 38403, 38405, 38406, 38410, 38412, 38415, 38417, 38419, 38423, 38446, 38455, 38461, 38469, 38473, 38475, 38482, 38483, 38484, 38486, 38490, 38504, 38506, 38511, 38516, 38531, 38535, 38545, 38546, 38553, 38554, 38555, 38560, 38561, 38562, 38565, 38566, 38569, 38570, 38571, 38574, 38575, 38576, 38578, 38583, 38586, 38590, 38595, 42005, 42006, 42007, 42008, 42020, 43001, 43002, 43005, 43008, 43010, 43014, 43016, 43017, 43018, 43021, 43023, 43057, 43061, 43064, 43065, 43066, 43067, 43068, 43069, 43070, 43072, 43076, 43088, 43090, 43117, 43119, 43122, 43123, 43124, 43125, 43126, 43127, 43128, 43129, 45003, 50001, 50002, 50007, 50008, 50014, 50015, 50023, 50025, 50027, 50029, 50034, 50035, 50036, 50037, 50039, 50044, 50051, 50054, 50062, 50066, 50067, 50068, 50071, 50073, 50074, 50076, 50077, 50080, 50081, 50083, 50085, 50086, 50088, 54000, 54001, 54002, 54003, 54010, 62004, 62005, 62013, 62024, 62025, 62029, 62030, 62033, 62034, 62036, 62037, 62040, 62042, 62043, 62045, 62046, 62052, 62054, 62059, 66001, 66010, 66011, 66031, 66034, 66038, 66049, 68504, 68507, 68517, 68518, 68520, 68522, 68524, 68528, 68530, 68531, 68532, 68533, 70002, 70003, 70005, 70006, 70014, 70016, 70017, 70023, 70024, 70029, 70032, 70034, 70036, 70037, 70042, 70043, 70044, 70046, 70050, 74016, 74024, 74027, 74030, 74031, 74047, 74048, 74049, 74051, 74052, 74054, 74057, 74059, 74062, 74063, 74064, 74065, 74066, 74070, 74071, 74072, 74074, 74075, 74080, 74081, 74086, 74106, 74111, 74112, 74121, 74129, 74131, 74133, 74135, 74138, 74139, 74140, 74143, 74146, 74149, 74151, 74152, 74154, 74155, 74156, 74157, 74162, 74164, 74167, 74168, 74169, 74170, 74172, 74174, 74175, 74177, 74178, 74179, 74180, 74181, 74182, 74185, 74198, 74206, 74213, 74214, 74219, 74228, 74232, 78029, 78031, 78035, 78039, 78041, 78043, 78044, 82043, 82051, 82060, 86011, 86019, 86020, 86021, 86026, 86027, 86028, 86030, 86034, 86036, 86038, 86040, 86042, 86043, 86052, 86053, 86056, 86059, 86060, 86061, 86067, 86070, 86073, 86075, 86083, 86084, 86088, 86092, 86109, 86112, 86114, 86135, 86140, 86164, 86168, 86169, 86170, 86182, 86183, 86185, 86187, 86188, 86195, 86211, 86212, 86213, 86215, 86217, 86218, 86219, 86220, 86224, 86225, 86227, 86228, 86231, 86235, 86236, 86237, 86238, 86239, 86242, 86243, 86250, 86255, 86260, 86261, 86266, 86271, 86276, 86281, 86294, 86300, 86305, 86328, 86329, 86352, 86353, 86355, 86368, 86372, 86375, 86385, 86389, 86398, 86401, 86403, 86411, 86418, 86426, 86427, 86430, 86440, 86441, 86443, 86446, 86447, Dataway High Severity Host Report

page 23


86450, 86451, 86452, 86453, 86458, 86459, 86460, 86461, 86464, 86465, 86466, 86467, 86468, 86470, 86479, 86504, 86505, 86507, 86508, 86510, 86512, 86514, 86515, 86518, 86520, 86522, 86525, 86526, 86527, 86530, 86531, 86536, 86537, 86546, 86547, 86548, 86551, 86553, 86555, 86560, 86561, 86566, 86568, 86571, 86574, 86582, 86588, 86596, 86598, 86603, 86604, 86607, 86614, 86620, 86631, 86634, 86635, 86644, 86651, 86652, 86654, 86655, 86661, 86663, 86668, 86669, 86673, 86674, 86675, 86678, 86682, 86684, 86686, 86689, 86690, 86691, 86702, 86707, 86832, 86837, 90005, 90028, 90032, 90049, 90050, 90051, 90054, 90056, 90064, 90070, 90071, 90072, 90073, 90075, 90078, 90079, 90085, 90086, 90089, 90102, 90103, 90104, 90108, 90109, 90110, 90111, 90112, 90113, 90115, 90122, 90123, 90125, 90131, 90132, 90133, 90134, 90135, 90137, 90140, 90141, 90153, 90155, 90158, 90160, 90161, 90162, 90164, 90166, 90167, 90168, 90169, 90171, 90172, 90176, 90178, 90180, 90182, 90183, 90184, 90185, 90186, 90187, 90188, 90189, 90190, 90192, 90193, 90198, 90199, 90200, 90201, 90202, 90203, 90204, 90205, 90207, 90211, 90212, 90215, 90216, 90217, 90221, 90222, 90223, 90225, 90227, 90228, 90229, 90230, 90231, 90233, 90234, 90237, 90240, 90241, 90242, 90243, 90247, 90249, 90252, 90253, 90256, 90261, 90262, 90267, 90268, 90270, 90271, 90273, 90274, 90275, 90276, 90278, 90280, 90282, 90283, 90284, 90286, 90289, 90291, 90292, 90296, 90297, 90301, 90303, 90305, 90307, 90308, 90309, 90311, 90312, 90314, 90316, 90318, 90319, 90327, 90328, 90329, 90336, 90337, 90338, 90339, 90340, 90341, 90342, 90343, 90345, 90351, 90352, 90355, 90356, 90361, 90363, 90364, 90365, 90367, 90368, 90370, 90371, 90372, 90377, 90378, 90379, 90380, 90381, 90382, 90383, 90385, 90388, 90389, 90390, 90392, 90393, 90394, 90395, 90397, 90398, 90401, 90403, 90404, 90405, 90406, 90407, 90408, 90409, 90414, 90417, 90418, 90419, 90420, 90423, 90425, 90427, 90428, 90430, 90431, 90432, 90433, 90434, 90435, 90437, 90438, 90439, 90441, 90444, 90445, 90448, 90449, 90450, 90452, 90453, 90455, 90457, 90458, 90459, 90460, 90461, 90462, 90463, 90464, 90466, 90467, 90469, 90470, 90471, 90472, 90473, 90474, 90475, 90477, 90478, 90479, 90481, 90482, 90483, 90484, 90488, 90490, 90493, 90495, 90499, 90501, 90502, 90503, 90504, 90506, 90510, 90511, 90512, 90513, 90514, 90515, 90516, 90517, 90518, 90519, 90521, 90522, 90523, 90524, 90525, 90526, 90527, 90528, 90529, 90530, 90531, 90535, 90537, 90543, 90544, 90545, 90546, 90547, 90549, 90550, 90551, 90552, 90554, 90565, 90566, 90567, 90568, 95001, 95005, 95006, 95007, 100000, 100001, 100002, 100003, 100004, 100006, 100007, 100008, 100018, 100022, 100024, 100025, 100026, 100028, 100029, 100030, 100031, 100032, 100033, 100034, 100035, 100036, 100037, 100038, 100039, 100045, 100046, 100047, 100050, 100051, 100052, 100053, 100054, 100055, 100056, 100057, 100058, 100059, 100063, 100064, 100065, 100067, 100070, 100071, 100073, 105007, 105010, 105012, 105029, 105030, 105081, 105082, 105095, 105096, 110001, 110002, 110003, 110004, 110006, 110007, 110008, 110009, 110010, 110011, 110012, 110014, 110015, 110017, 110018, 110019, 110020, 110023, 110025, 110026, 110027, 110028, 110029, 110031, 110032, 110033, 110034, 110035, 110036, 110038, 110041, 110042, 110043, 110044, 110045, 110046, 110048, 110049, 110050, 110051, 110052, 110053, 110054, 110055, 110056, 110057, 110059, 110060, 110062, 110063, 110064, 110065, 110066, 110067, 110069, 110070, 110071, 110072, 110073, 110074, 110075, 110076, 110077, 110078, 110079, 110080, 110081, 110082, 110083, 110084, 110085, 110086, 110088, 110090, 110092, 110093, 110094, 110095, 110096, 110097, 110098, 110099, 110100, 110101, 110111, 115000, 115001, 115002, 115003, 115005, 115006, 115007, 115013, 115014, 115015, 115016, 115018, 115020, 115021, 115022, 115024, 115025, 115028, 115036, 115037, 115038, 115039, 115043, 115047, 115053, 115060, 115260, 115270, 115272, 115280, 115281, 115289, 115292, 115293, 115297, 115299, 115301, 115302, 115304, 115306, 115312, 115341, 115345, 115346, 115354, 115359, 115361, 115363, 115372, 115373, 115375, 115376, 115382, 115383, 115384, 115385, 115388, 115395, 115398, 115400, 115403, 115406, 115409, 115411, 115413, 115414, 115416, 115417, 115419, 115422, 115425, 115427, 115429, 115431, 115436, 115437, 115440, 115441, 115445, 115446, 115447, 115448, 115449, 115454, 115461, 115462, 115466, 115470, 115471, 115475, 115478, 115479, 115480, 115483, 115486, 115488, 115492, 115493, 115499, 115500, 115501, 115512, 115515, 115516, 115517, 115520, 115521, 115523, 115527, 115532, 115533, 115535, 115539, 115540, 115541, 115544, 115545, 115550, 115551, 115557, 115560, 115564, 115568, 115571, 115574, 115578, 115579, 115581, 115582, 115586, 115589, 115592, 115593, 115595, 115596, 115597, 115598, 115599, 115601, 115603, 115604, 115620, 115622, 115629, 115631, 115634, 115640, 115641, 115647, 115648, 115649, 115650, 115656, 115658, 115659, 115661, 115665, 115666, 115668, 115670, 115673, 115674, 115675, 115676, 115678, 115679, 115681, 115683, 115687, 115688, 115689, 115690, 115694, 115695, 115698, 115701, 115707, 115708, 115709, 115710, 115711, 115722, 115725, 115732, 115739, 115740, 115746, 115748, 115752, 115753, 115754, 115763, 115764, 115765, 115772, 115775, 115778, 115779, 115781, 115785, 115790, 115793, 115796, 115802, 115803, 115807, 115808, 115809, 115811, 115812, 115816, 115817, 115818, 115819, 115823, 115824, 115828, 115829, 115836, 115838, 115842, 115847, 115848, 115851, 115852, 115855, 115859, 115860, 115862, 115865, 115866, 115870, 115872, 115876, 115879, 115885, 115894, 115901, 115903, 115908, 115918, 115921, 115924, 115925, 115926, 115928, 115932, 115935, 115937, 115940, 115943, 115944, 115949, 115955, 115959, 115960, 115963, 115967, 115969, 115978, 115979, 115983, 115987, 115989, 115991, 115992, 115995, 115996, 116003, 116007, 116011, 116012, 116017, 116025, 116027, 116031, 116032, 116035, 116039, 116044, 116046, 116063, 116068, 116069, 116081, 116086, 116088, 116089, 116091, 116109, 116114, 116134, 116136, 116137, 116139, 116142, 116143, 116145, 116148, 116149, 116151, 116155, 116164, 116170, 116172, 116173, 116174, 116178, 116179, 116180, 116181, 116182, 116184, 116185, 116194, 116195, 116196, 116197, 116205, 116215, 116219, 116220, 116232, 116234, 116238, 116244, 116247, 116255, 116257, 116258, 116261, 116263, 116264, 116273, 116275, 116281, 116311, 116318, 116328, 116333, 116334, 116339, 116345, 116348, 116351, 116353, 116358, 116360, 116363, 116367, 116369, 116374, 116384, 116385, 116387, 116389, 116390, 116391, 116393, 116395, 116396, 116399, 116400, 116403, 116407, 116408, 116416, 116420, 116423, 116424, 116428, 116429, 116431, 116437, 116440, 116443, 116453, 116455, 116459, 116461, 116463, 116471, 116473, 116474, 116477, 116484, 116496, 116509, 116510, 116517, 116521, 116528, 116529, 116530, 116535, 116536, 116539, 116542, 116547, 116548, 116552, 116553, 116556, 116602, 116603, 116607, 116608, 116609, 116624, 116635, 116637, 116645, 116650, 116660, 116672, 116677, 150000, 150001, 150003, 150012, 150013, 150046, 150047, 150048, 150049, 155358, 175000, 175001, 175002, 175003 Dataway High Severity Host Report

page 24


Vulnerabilities:

State:Active

Included Operating Systems: All Operating Systems

Report Legend Vulnerability Levels A Vulnerability is a design flaw or mis-configuration which makes your network (or a host on your network) susceptible to malicious attacks from local or remote users. Vulnerabilities can exist in several areas of your network, such as in your firewalls, FTP servers, Web servers, operating systems or CGI bins. Depending on the level of the security risk, the successful exploitation of a vulnerability can vary from the disclosure of information about the host to a complete compromise of the host. Severity

Level

Description

1

Minimal

Intruders can collect information about the host (open ports, services, etc.) and may be able to use this information to find other vulnerabilities.

2

Medium

Intruders may be able to collect sensitive information from the host, such as the precise version of software installed. With this information, intruders can easily exploit known vulnerabilities specific to software versions.

3

Serious

Intruders may be able to gain access to specific information stored on the host, including security settings. This could result in potential misuse of the host by intruders. For example, vulnerabilities at this level may include partial disclosure of file contents, access to certain files on the host, directory browsing, disclosure of filtering rules and security mechanisms, denial of service attacks, and unauthorized use of services, such as mail-relaying.

4

Critical

Intruders can possibly gain control of the host, or there may be potential leakage of highly sensitive information. For example, vulnerabilities at this level may include full read access to files, potential backdoors, or a listing of all the users on the host.

5

Urgent

Intruders can easily gain control of the host, which can lead to the compromise of your entire network security. For example, vulnerabilities at this level may include full read and write access to files, remote execution of commands, and the presence of backdoors.

Potential Vulnerability Levels A potential vulnerability is one which we cannot confirm exists. The only way to verify the existence of such vulnerabilities on your network would be to perform an intrusive scan, which could result in a denial of service. This is strictly against our policy. Instead, we urge you to investigate these potential vulnerabilities further. Severity

Level

Description

1

Minimal

If this vulnerability exists on your system, intruders can collect information about the host (open ports, services, etc.) and may be able to use this information to find other vulnerabilities.

2

Medium

If this vulnerability exists on your system, intruders may be able to collect sensitive information from the host, such as the precise version of software installed. With this information, intruders can easily exploit known vulnerabilities specific to software versions.

3

Serious

If this vulnerability exists on your system, intruders may be able to gain access to specific information stored on the host, including security settings. This could result in potential misuse of the host by intruders. For example, vulnerabilities at this level may include partial disclosure of file contents, access to certain files on the host, directory browsing, disclosure of filtering rules and security mechanisms, denial of service attacks, and unauthorized use of services, such as mail-relaying.

4

Critical

If this vulnerability exists on your system, intruders can possibly gain control of the host, or there may be potential leakage of highly sensitive information. For example, vulnerabilities at this level may include full read access to files, potential backdoors, or a listing of all the users on the host.

5

Urgent

If this vulnerability exists on your system, intruders can easily gain control of the host, which can lead to the compromise of your entire network security. For example, vulnerabilities at this level may include full read and write access to files, remote execution of commands, and the presence of backdoors.

Information Gathered Information Gathered includes visible information about the network related to the host, such as traceroute information, Internet Service Provider (ISP), or a list of reachable hosts. Information Gathered severity levels also include Network Mapping data, such as detected firewalls, SMTP banners, or a list of open TCP services. Severity Dataway High Severity Host Report

Level

Description page 25


Severity

Level

Description

1

Minimal

Intruders may be able to retrieve sensitive information related to the host, such as open UDP and TCP services lists, and detection of firewalls.

2

Medium

Intruders may be able to determine the operating system running on the host, and view banner versions.

3

Serious

Intruders may be able to detect highly sensitive data, such as global system user lists.

This report was generated with an evaluation version of qualysguard This report was generated with an evaluation version of qualysguard

CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the QualysGuard Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2009, Qualys, Inc.

Dataway High Severity Host Report

page 26

A2C-Dataway High Severity Host Report- InternetScan  

Dataway High Severity Host Report Attachment 2C Summary of Vulnerabilities Report Summary November 12, 2009 This report was generated with a...

Read more
Read more
Similar to
Popular now
Just for you