****.**.**.** :
. 开放端口列表 :
o smtp (25/tcp) (发现安全警告)
o domain (53/tcp) (发现安全提示)
o www (80/tcp) (发现安全漏洞)
o https (443/tcp) (发现安全提示)
o ftp (21/tcp) (发现安全提示)
. 端口"smtp (25/tcp)"发现安全警告 :
SMTP服务器不支持用户身份验证,允许匿名用户使用
. 端口"smtp (25/tcp)"发现安全提示 :
A SMTP server is running on this port
Here is its banner :
220 altsyz-web Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966 ready at
Wed, 20 Oct 2004 06:28:38 +0800
NESSUS_ID : 10330
The remote Microsoft Frontpage server seems vulnerable to a remote
buffer overflow. Exploitation of this bug could give an unauthorized
user access to the machine.
The following systems are known to be vulnerable:
Microsoft Windows 2000 Service Pack 2, Service Pack 3
Microsoft Windows XP, Microsoft Windows XP Service Pack 1
Microsoft Office XP, Microsoft Office XP Service Release 1
Solution: Install relevant service pack or hotfix from URL below.
See als
http://www.microsoft.com/technet/security/bulletin/ms03-051.mspx
Risk factor : High
CVE_ID : CAN-2003-0822, CAN-2003-0824
NESSUS_ID : 11923
Other references : IAVA:2003-A-0033
. 端口"www (80/tcp)"发现安全漏洞 :
There's a buffer overflow in the remote web server through
the ISAPI filter.
It is possible to overflow the remote web server and execute
commands as user SYSTEM.
The IIS server appears to have the .HTR ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .HTR
filter. This is detailed in Microsoft Advisory
MS02-018, and gives remote SYSTEM level access to the web server.
It is recommended that, even if you have patched this vulnerability,
you unmap the .HTR extension and any other unused ISAPI extensions
if they are not required for the operation of your site.
Solution :
To unmap the .HTR extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .htr from the list.
In addition, you may wish to download and install URLSCAN from the
Microsoft Technet Website. URLSCAN, by default, blocks all requests
for .htr files.
Risk factor : High
CVE_ID : CVE-2002-0071
BUGTRAQ_ID : 4474
NESSUS_ID : 10932
Other references : IAVA:2002-A-0002
. 端口"www (80/tcp)"发现安全漏洞 :
The remote server is vulnerable to a buffer overflow in the .HTR
filter.
An attacker may use this flaw to execute arbitrary code on
this host (although the exploitation of this flaw is considered
as being difficult).
Solution:
To unmap the .HTR extension:
1.Open Internet Services Manager.
2.Right-click the Web server choose Properties from the context menu.
3.Master Properties
4.Select WWW Service -> Edit -> HomeDirectory -> Configuration
and remove the reference to .htr from the list.
See MS bulletin MS02-028 for a patch
Risk factor : High
CVE_ID : CVE-2002-0364, CVE-2002-0071
BUGTRAQ_ID : 4855
NESSUS_ID : 11028
Other references : IAVA:2002-A-0002
. 端口"www (80/tcp)"发现安全漏洞 :
The remote WebDAV server may be vulnerable to a buffer overflow when
it receives a too long request.
An attacker may use this flaw to execute arbitrary code within the
LocalSystem security context.
*** As safe checks are enabled, Nessus did not actually test for this
*** flaw, so this might be a false positive
Solution : See
http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx
Risk Factor : High
CVE_ID : CAN-2003-0109
BUGTRAQ_ID : 7116
NESSUS_ID : 11412
Other references : IAVA:2003-A-0005
. 端口"www (80/tcp)"发现安全漏洞 :
When IIS receives a user request to run a script, it renders
the request in a decoded canonical form, then performs
security checks on the decoded request. A vulnerability
results because a second, superfluous decoding pass is
performed after the initial security checks are completed.
Thus, a specially crafted request could allow an attacker to
execute arbitrary commands on the IIS Server.
Solution: See MS advisory MS01-026(Superseded by ms01-044)
See http://www.microsoft.com/technet/security/bulletin/ms01-044.mspx
网站建设
