Remote operating system : Solaris
Confidence Level : 75
Method : NTP

The remote host is running Solaris

Nessus ID : 11936

Information about this scan :
Nessus version : 4.0.2 (Build 1076) (Nessus 4.2.2 is available - consider upgrading)
Plugin feed version : 201010192234
Type of plugin feed : ProfessionalFeed (Direct)
Scanner IP : 172.25.60.70
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
CGI scanning : disabled
Web application tests : disabled
Max hosts : 40
Max checks : 5
Recv timeout : 5
Backports : None
Scan Start Date : 2010/11/16 17:53
Scan duration : 181 sec

Nessus ID : 19506

Synopsis :

The remote service implements TCP timestamps.

Description :

The remote host implements TCP timestamps, as defined by RFC1323. A
side effect of this feature is that the uptime of the remote host can
sometimes be computed.
See also :
http://www.ietf.org/rfc/rfc1323.txt

Solution :
n/a

Risk factor :

None

Nessus ID : 25220

Synopsis :

Web application tests were not enabled during the scan.

Description :

One or several web servers were detected by Nessus, but neither the
CGI tests nor the Web Application Tests were enabled.
If you want to get a more complete report, you should enable one of
these features, or both.
Please note that the scan might take significantly longer with these
tests, which is why they are disabled by default.
See also :
http://blog.tenablesecurity.com/web-app-auditing/

Solution :
To enable specific CGI tests, go to the 'Advanced' tab, select
'Global variable settings' and set 'Enable CGI scanning'.
To generic enable web application tests, go to the 'Advanced' tab,
select 'Web Application Tests Settings' and set 'Enable web
applications tests'.
You may configure other options, for example HTTP credentials in
'Login configurations', or form-based authentication in 'HTTP login
page'.

Risk factor :

None

Nessus ID : 43067

Synopsis :

It was possible to obtain traceroute information.

Description :

Makes a traceroute to the remote host.
Solution :
n/a

Risk factor :

None

Plugin output :

For your information, here is the traceroute from 172.25.60.70 to 172.31.51.24 :
172.25.60.70
172.25.60.251
172.31.51.24

Nessus ID : 10287

Synopsis :

An SSH server is listening on this port.

Description :

It is possible to obtain information about the remote SSH
server by sending an empty authentication request.
Solution :
n/a

Risk factor :

None

Plugin output :

SSH version : SSH-2.0-6.1.0.668 SSH Tectia Server
SSH supported authentication : gssapi-with-mic,password,publickey,keyboard-interactive

Nessus ID : 10267

An SSH server is running on this port.

Nessus ID : 22964

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 111 :
- program: 100000 (portmapper), version: 4
- program: 100000 (portmapper), version: 3
- program: 100000 (portmapper), version: 2

Nessus ID : 11111

Synopsis :

An ONC RPC portmapper is running on the remote host.

Description :

The RPC portmapper is running on this port.
The portmapper allows someone to get the port number of each RPC
service running on the remote host by sending either multiple lookup
requests or a DUMP request.
Solution :
n/a

Risk factor :

None

Nessus ID : 10223

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 111 :
- program: 100000 (portmapper), version: 4
- program: 100000 (portmapper), version: 3
- program: 100000 (portmapper), version: 2

Nessus ID : 11111

Synopsis :

An NTP server is listening on the remote host.

Description :

An NTP (Network Time Protocol) server is listening on this port. It
provides information about the current date and time of the remote
system and may provide system information.
Solution :
n/a

Risk factor :

None

Plugin output :

It was possible to gather the following information from the remote NTP host :
system='SunOS', leap=0, stratum=3, rootdelay=381.91,

rootdispersion=82.12, peer=14668, refid=172.31.35.9,

reftime=0xd08cd500.0a620000, poll=10, clock=0xd08cd526.0e876000,

phase=-2.975, freq=28252.81, error=10.06

Nessus ID : 10884

Synopsis :

XDMCP is running on the remote host.

Description :

XDMCP allows a Unix user to remotely obtain a graphical X11 login (and
therefore act as a local user on the remote host).
If an attacker gains a valid login and password, he may be able to use
this service to gain further access on the remote host. An attacker
may also use this service to mount a dictionary attack against the
remote host to try to log in remotely.
Note that XDMCP (the Remote Desktop Protocol) is vulnerable to
Man-in-the-middle attacks, making it easy for attackers to steal the
credentials of legitimates users by impersonating the XDMCP server.
In addition to this, XDMCP is not a ciphered protocol which make it
easy for an attacker to capture the keystrokes entered by the user.
Solution :
Disable the XDMCP if you do not use it, and do not allow this service
to run across the Internet

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Plugin output :

Using XDMCP, it was possible to obtain the following information
about the remote host :
Hostname : m2urbre01
Status : 1 user, load: 0.0, 0.0, 0.0

Nessus ID : 10891

An SNMP Multiplexer (smux) is running on this port.

Nessus ID : 22964

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

Nessus ID : 22964

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 4045 :
- program: 100021 (nlockmgr), version: 1
- program: 100021 (nlockmgr), version: 2
- program: 100021 (nlockmgr), version: 3
- program: 100021 (nlockmgr), version: 4

Nessus ID : 11111

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 4045 :
- program: 100021 (nlockmgr), version: 1
- program: 100021 (nlockmgr), version: 2
- program: 100021 (nlockmgr), version: 3
- program: 100021 (nlockmgr), version: 4

Nessus ID : 11111

A web server is running on this port.

Nessus ID : 22964

Synopsis :

Some information about the remote HTTP configuration can be extracted.

Description :

This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem.
Solution :
n/a

Risk factor :

None

Plugin output :

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Connection: close

Date: Tue, 16 Nov 2010 10:02:53 GMT

Content-Length: 1214

Content-Type: text/html

X-Powered-By: Servlet/2.5 JSP/2.1

Nessus ID : 24260

Synopsis :

This plugin displays the SSL certificate.

Description :

This plugin connects to every SSL-related port and attempts to
extract and dump the X.509 certificate.
Solution :
n/a

Risk factor :

None

Plugin output :

Subject Name:
Country: MY
State/Province: Wilayah Persekutuan
Organization: Malayan Banking Berhad
Organization Unit: ISD
Common Name: m2urbre01
Issuer Name:
Country: MY
State/Province: Wilayah Persekutuan
Locality: Kuala Lumpur
Organization: Malayan Banking Berhad
Organization Unit: ISD
Common Name: M2UADAPT
Email Address: yttay@maybank.com.my
Serial Number: 00
Version: 3
Signature Algorithm: SHA-1 With RSA Encryption
Not Valid Before: Nov 02 10:32:02 2010 GMT
Not Valid After: Oct 30 10:32:02 2020 GMT
Public Key Info:
Algorithm: RSA Encryption
Public Key: 00 CE 56 36 23 3C AE 38 B3 9C 05 44 34 4E E6 2B 11 58 DD 9A
25 F2 77 E6 A9 32 BD 36 C4 E2 C3 22 72 3A A8 D1 4A 2F C9 C5
7F 35 9C E4 A1 DF 25 C7 D5 64 87 51 36 6D 32 74 55 6D 6E CB
6B 1B E5 D0 DF FA F9 D0 22 2E 26 75 F4 59 A7 33 B1 12 D8 97
47 C3 37 4F 52 40 28 3E 42 26 53 60 6C 25 6E F8 52 01 0E 26
97 C6 FB A6 63 68 CA 62 75 36 82 6E F6 45 6C 46 68 CA 7B 86
F6 57 3F 77 FB FA A4 C2 59
Exponent: 01 00 01
Signature: 00 96 D4 81 D5 DF 41 27 F9 F7 B3 59 36 32 28 05 93 C3 9B 58
BF 6F 86 E7 AD 16 FB D1 B7 88 16 44 CF 5E 04 4E 85 02 39 EB
FF A2 13 79 54 42 1F 01 1B DE 62 D4 FA 62 A6 C0 89 E5 C8 6F
E9 1D 28 98 22 D1 D4 14 15 7D D5 3F E2 01 1F 78 72 9D F7 33
02 44 B9 A7 F7 E7 A3 2F 82 63 82 3A 07 D9 2E 3E E9 D9 35 66
B8 DC 62 3B A8 54 11 FD 54 1A BE 4B 54 39 ED 9A 77 BD 09 B2
F8 22 84 61 86 5A CB 0C 3D 6C AD CA 09 3F B6 92 02 8D 48 7D
79 ED 1A 19 87 5A D6 F7 D3 3B 60 E2 57 E0 40 B8 1E B0 91 D3
6D BD 8B 88 86 DF 7F 88 A2 F6 03 A0 1B 97 7B 50 EB 4C 7A E0
F0 AB 7F BE EE B1 9E 6A 2D 19 FC 1A FC 35 06 99 13 B7 DF BE
CC 18 EC 84 21 55 90 C6 58 F2 92 95 C9 4F C6 79 D8 E3 94 2E
F0 55 E5 BC D5 B7 44 E1 11 E7 7F C4 65 77 A4 93 1D D2 9B F9
25 EC 33 89 E0 A2 D9 4B 88 32 61 6F 3A B6 52 C6 C5
Extension: Basic Constraints (2.5.29.19)
Critical: 0
Data: 30 00

Extension: Comment (2.16.840.1.113730.1.13)
Critical: 0
Comment: OpenSSL Generated Certificate

Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 00 A5 1A 64 22 15 37 8C C1 77 54 90 CF 75 39 96 C0 6B 21 77

Extension: Authority Key Identifier (2.5.29.35)
Critical: 0

Nessus ID : 10863

Synopsis :

The remote service encrypts communications using SSL.

Description :

This script detects which SSL ciphers are supported by the remote
service for encrypting communications.
See also :
http://www.openssl.org/docs/apps/ciphers.html

Solution :
n/a

Risk factor :

None

Plugin output :

Here is the list of SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv3
ADH-DES-CBC-SHA Kx=DH Au=None Enc=DES(56) Mac=SHA1
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
High Strength Ciphers (>= 112-bit key)
SSLv3
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1
ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

Nessus ID : 21643

An SSLv3 server answered on this port.

Nessus ID : 22964

A web server is running on this port through SSLv3.

Nessus ID : 22964

Synopsis :

Some information about the remote HTTP configuration can be extracted.

Description :

This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem.
Solution :
n/a

Risk factor :

None

Plugin output :

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Connection: close

Date: Tue, 16 Nov 2010 10:02:54 GMT

Content-Length: 1214

Content-Type: text/html

X-Powered-By: Servlet/2.5 JSP/2.1

Nessus ID : 24260

Synopsis :

The remote service supports the use of weak SSL ciphers.

Description :

The remote host supports the use of SSL ciphers that offer either weak
encryption or no encryption at all.
Note: This is considerably easier to exploit if the attacker is on the
same physical network.
See also :
http://www.openssl.org/docs/apps/ciphers.html

Solution :
Reconfigure the affected application if possible to avoid use of weak
ciphers.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Plugin output :

Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

Other references :
CWE:327, CWE:326, CWE:753, CWE:803, CWE:720

Nessus ID : 26928

Synopsis :

The remote service supports the use of anonymous SSL ciphers.

Description :

The remote host supports the use of anonymous SSL ciphers. While this
enables an administrator to set up a service that encrypts traffic
without having to generate and configure SSL certificates, it offers
no way to verify the remote host's identity and renders the service
vulnerable to a man-in-the-middle attack.
Note: This is considerably easier to exploit if the attacker is on the
same physical network.
See also :
http://www.openssl.org/docs/apps/ciphers.html

Solution :
Reconfigure the affected application if possible to avoid use of weak
ciphers.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Plugin output :

The remote server supports the following anonymous SSL ciphers :
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
ADH-DES-CBC-SHA Kx=DH Au=None Enc=DES(56) Mac=SHA1
ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

Nessus ID : 31705

Synopsis :

The remote service supports the use of medium strength SSL ciphers.

Description :

The remote host supports the use of SSL ciphers that offer medium
strength encryption, which we currently regard as those with key
lengths at least 56 bits and less than 112 bits.
Note: This is considerably easier to exploit if the attacker is on the
same physical network.
Solution :
Reconfigure the affected application if possible to avoid use of
medium strength ciphers.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Plugin output :

Here are the medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv3
ADH-DES-CBC-SHA Kx=DH Au=None Enc=DES(56) Mac=SHA1
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

Nessus ID : 42873

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 32771 :
- program: 100024 (status), version: 1
- program: 100133 (nsm_addrand), version: 1

Nessus ID : 11111

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 32772 :
- program: 1073741824 (fmproduct), version: 1

Nessus ID : 11111

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 32772 :
- program: 100024 (status), version: 1
- program: 100133 (nsm_addrand), version: 1

Nessus ID : 11111

Synopsis :

It was possible to obtain traceroute information.

Description :

Makes a traceroute to the remote host.
Solution :
n/a

Risk factor :

None

Plugin output :

For your information, here is the traceroute from 172.25.60.70 to 172.31.51.26 :
172.25.60.70
172.25.60.251
172.31.46.102
172.31.51.26

Nessus ID : 10287

Remote operating system : Sun Solaris 2.5
Confidence Level : 75
Method : SinFP
Primary Method : NTP

The remote host is running Sun Solaris 2.5

Nessus ID : 11936

Information about this scan :
Nessus version : 4.0.2 (Build 1076) (Nessus 4.2.2 is available - consider upgrading)
Plugin feed version : 201010192234
Type of plugin feed : ProfessionalFeed (Direct)
Scanner IP : 172.25.60.70
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
CGI scanning : disabled
Web application tests : disabled
Max hosts : 40
Max checks : 5
Recv timeout : 5
Backports : None
Scan Start Date : 2010/11/16 17:53
Scan duration : 195 sec

Nessus ID : 19506

Synopsis :

Web application tests were not enabled during the scan.

Description :

One or several web servers were detected by Nessus, but neither the
CGI tests nor the Web Application Tests were enabled.
If you want to get a more complete report, you should enable one of
these features, or both.
Please note that the scan might take significantly longer with these
tests, which is why they are disabled by default.
See also :
http://blog.tenablesecurity.com/web-app-auditing/

Solution :
To enable specific CGI tests, go to the 'Advanced' tab, select
'Global variable settings' and set 'Enable CGI scanning'.
To generic enable web application tests, go to the 'Advanced' tab,
select 'Web Application Tests Settings' and set 'Enable web
applications tests'.
You may configure other options, for example HTTP credentials in
'Login configurations', or form-based authentication in 'HTTP login
page'.

Risk factor :

None

Nessus ID : 43067

Synopsis :

It is possible to enumerate CPE names that matched on the remote
system.

Description :

By using information obtained from a Nessus scan, this plugin reports
CPE (Common Platform Enumeration) matches for various hardware and
software products found on a host.
Note that if an official CPE is not available for the product, this
plugin computes the best possible CPE based on the information
available from the scan.
See also :
http://cpe.mitre.org/

Solution :
n/a

Risk factor :

None

Plugin output :

The remote operating system matched the following CPE :
cpe:/o:sun:sunos:2.5

Nessus ID : 45590

Synopsis :

An SSH server is listening on this port.

Description :

It is possible to obtain information about the remote SSH
server by sending an empty authentication request.
Solution :
n/a

Risk factor :

None

Plugin output :

SSH version : SSH-2.0-6.1.0.668 SSH Tectia Server
SSH supported authentication : gssapi-with-mic,password,publickey,keyboard-interactive

Nessus ID : 10267

An SSH server is running on this port.

Nessus ID : 22964

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 111 :
- program: 100000 (portmapper), version: 4
- program: 100000 (portmapper), version: 3
- program: 100000 (portmapper), version: 2

Nessus ID : 11111

Synopsis :

An ONC RPC portmapper is running on the remote host.

Description :

The RPC portmapper is running on this port.
The portmapper allows someone to get the port number of each RPC
service running on the remote host by sending either multiple lookup
requests or a DUMP request.
Solution :
n/a

Risk factor :

None

Nessus ID : 10223

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 111 :
- program: 100000 (portmapper), version: 4
- program: 100000 (portmapper), version: 3
- program: 100000 (portmapper), version: 2

Nessus ID : 11111

Synopsis :

An NTP server is listening on the remote host.

Description :

An NTP (Network Time Protocol) server is listening on this port. It
provides information about the current date and time of the remote
system and may provide system information.
Solution :
n/a

Risk factor :

None

Plugin output :

It was possible to gather the following information from the remote NTP host :
system='SunOS', leap=0, stratum=3, rootdelay=364.55,

rootdispersion=72.43, peer=60012, refid=172.31.35.9,

reftime=0xd08cd359.0ddd7000, poll=10, clock=0xd08cd53a.00db8000,

phase=1.177, freq=18869.67, error=4.27

Nessus ID : 10884

Synopsis :

XDMCP is running on the remote host.

Description :

XDMCP allows a Unix user to remotely obtain a graphical X11 login (and
therefore act as a local user on the remote host).
If an attacker gains a valid login and password, he may be able to use
this service to gain further access on the remote host. An attacker
may also use this service to mount a dictionary attack against the
remote host to try to log in remotely.
Note that XDMCP (the Remote Desktop Protocol) is vulnerable to
Man-in-the-middle attacks, making it easy for attackers to steal the
credentials of legitimates users by impersonating the XDMCP server.
In addition to this, XDMCP is not a ciphered protocol which make it
easy for an attacker to capture the keystrokes entered by the user.
Solution :
Disable the XDMCP if you do not use it, and do not allow this service
to run across the Internet

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Plugin output :

Using XDMCP, it was possible to obtain the following information
about the remote host :
Hostname : m2urbre02
Status : 0 user, load: 0.0, 0.0, 0.0

Nessus ID : 10891

An SNMP Multiplexer (smux) is running on this port.

Nessus ID : 22964

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

Nessus ID : 22964

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 4045 :
- program: 100021 (nlockmgr), version: 1
- program: 100021 (nlockmgr), version: 2
- program: 100021 (nlockmgr), version: 3
- program: 100021 (nlockmgr), version: 4

Nessus ID : 11111

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 4045 :
- program: 100021 (nlockmgr), version: 1
- program: 100021 (nlockmgr), version: 2
- program: 100021 (nlockmgr), version: 3
- program: 100021 (nlockmgr), version: 4

Nessus ID : 11111

A web server is running on this port.

Nessus ID : 22964

Synopsis :

Some information about the remote HTTP configuration can be extracted.

Description :

This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem.
Solution :
n/a

Risk factor :

None

Plugin output :

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Connection: close

Date: Tue, 16 Nov 2010 10:03:10 GMT

Content-Length: 1214

Content-Type: text/html

X-Powered-By: Servlet/2.5 JSP/2.1

Nessus ID : 24260

Synopsis :

This plugin displays the SSL certificate.

Description :

This plugin connects to every SSL-related port and attempts to
extract and dump the X.509 certificate.
Solution :
n/a

Risk factor :

None

Plugin output :

Subject Name:
Country: MY
State/Province: Wilayah Persekutuan
Organization: Malayan Banking Berhad
Organization Unit: ISD
Common Name: m2urbre02
Issuer Name:
Country: MY
State/Province: Wilayah Persekutuan
Locality: Kuala Lumpur
Organization: Malayan Banking Berhad
Organization Unit: ISD
Common Name: M2UADAPT
Email Address: yttay@maybank.com.my
Serial Number: 01
Version: 3
Signature Algorithm: SHA-1 With RSA Encryption
Not Valid Before: Nov 02 11:44:19 2010 GMT
Not Valid After: Oct 30 11:44:19 2020 GMT
Public Key Info:
Algorithm: RSA Encryption
Public Key: 00 D5 D8 E3 C0 18 93 EE CC F9 EE AD 7D 09 B7 69 26 A2 BB 54
53 98 82 2E 42 95 69 EB 36 81 BE 9F 0C BC CA CB CF 19 E9 40
E4 D1 B3 A3 50 94 29 4F 64 6B F4 A6 44 D7 F0 49 5E 76 7E 9F
29 E9 A6 5C A7 B1 77 A2 AA F5 C4 8A 20 B6 4E 9F 76 90 84 F6
D7 35 4D 1C 58 54 18 E9 31 9A E3 50 8D 4C 97 62 31 43 B0 1E
4E 3E 98 C8 27 30 45 BE 8A 48 2A FC 8A 36 3A 08 51 0A 89 9A
E1 F1 36 E5 29 F4 CB E6 39
Exponent: 01 00 01
Signature: 00 6E 00 BE 7E C1 00 50 6A 69 A9 B1 97 66 6B 9E 09 5D 89 E9
65 1A DC C0 39 BF 7E B4 61 0D 11 D1 72 7D 90 9B 57 F0 2C 52
55 AC B8 44 18 F4 02 8A 20 E0 15 E4 67 42 74 CC 15 B8 91 50
2F 2E 65 FA 85 B1 1E 50 16 4A B5 D1 84 0F 0D DF 1E 4D 97 8B
EF 2C 04 94 4A 15 E0 A1 AA 18 B1 F2 BC 8B 0E BA 64 DA D3 57
E3 D5 12 33 59 47 B6 E3 78 7C 9A 6B 9F 11 6A 7A 59 BB 8B 03
25 AA FD 8C 98 9E 5A 10 DE B2 55 22 F0 1E 74 2F 6F 7D 09 6A
ED 15 37 C4 24 8C E1 11 5A FF 4F 65 08 B1 B9 D6 EB 35 74 D9
02 55 C1 A5 97 E4 72 D2 39 A0 E0 A9 6C 65 F3 04 59 04 25 E4
45 36 BA E8 53 EE F7 AE DF 71 BE EC D7 BC 20 78 32 39 9F EA
A2 39 83 F7 A5 6F 70 6C DF 19 FA 82 64 67 EF 40 C1 F4 C1 13
73 46 C6 98 78 D9 55 11 FE 04 DF F2 94 7C 5B 5A 80 D4 91 C2
51 12 54 15 73 C4 D2 42 C8 A7 B0 88 76 7F 6B AF 5E
Extension: Basic Constraints (2.5.29.19)
Critical: 0
Data: 30 00

Extension: Comment (2.16.840.1.113730.1.13)
Critical: 0
Comment: OpenSSL Generated Certificate

Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: EC 8C 71 76 2A 1A A2 74 AB D6 1E 4B 2C 53 57 FE 18 5F F4 24

Extension: Authority Key Identifier (2.5.29.35)
Critical: 0

Nessus ID : 10863

Synopsis :

The remote service encrypts communications using SSL.

Description :

This script detects which SSL ciphers are supported by the remote
service for encrypting communications.
See also :
http://www.openssl.org/docs/apps/ciphers.html

Solution :
n/a

Risk factor :

None

Plugin output :

Here is the list of SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv3
ADH-DES-CBC-SHA Kx=DH Au=None Enc=DES(56) Mac=SHA1
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
High Strength Ciphers (>= 112-bit key)
SSLv3
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1
ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

Nessus ID : 21643

An SSLv3 server answered on this port.

Nessus ID : 22964

A web server is running on this port through SSLv3.

Nessus ID : 22964

Synopsis :

Some information about the remote HTTP configuration can be extracted.

Description :

This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem.
Solution :
n/a

Risk factor :

None

Plugin output :

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Connection: close

Date: Tue, 16 Nov 2010 10:03:10 GMT

Content-Length: 1214

Content-Type: text/html

X-Powered-By: Servlet/2.5 JSP/2.1

Nessus ID : 24260

Synopsis :

The remote service supports the use of weak SSL ciphers.

Description :

The remote host supports the use of SSL ciphers that offer either weak
encryption or no encryption at all.
Note: This is considerably easier to exploit if the attacker is on the
same physical network.
See also :
http://www.openssl.org/docs/apps/ciphers.html

Solution :
Reconfigure the affected application if possible to avoid use of weak
ciphers.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Plugin output :

Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

Other references :
CWE:327, CWE:326, CWE:753, CWE:803, CWE:720

Nessus ID : 26928

Synopsis :

The remote service supports the use of anonymous SSL ciphers.

Description :

The remote host supports the use of anonymous SSL ciphers. While this
enables an administrator to set up a service that encrypts traffic
without having to generate and configure SSL certificates, it offers
no way to verify the remote host's identity and renders the service
vulnerable to a man-in-the-middle attack.
Note: This is considerably easier to exploit if the attacker is on the
same physical network.
See also :
http://www.openssl.org/docs/apps/ciphers.html

Solution :
Reconfigure the affected application if possible to avoid use of weak
ciphers.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Plugin output :

The remote server supports the following anonymous SSL ciphers :
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
ADH-DES-CBC-SHA Kx=DH Au=None Enc=DES(56) Mac=SHA1
ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

Nessus ID : 31705

Synopsis :

The remote service supports the use of medium strength SSL ciphers.

Description :

The remote host supports the use of SSL ciphers that offer medium
strength encryption, which we currently regard as those with key
lengths at least 56 bits and less than 112 bits.
Note: This is considerably easier to exploit if the attacker is on the
same physical network.
Solution :
Reconfigure the affected application if possible to avoid use of
medium strength ciphers.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Plugin output :

Here are the medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv3
ADH-DES-CBC-SHA Kx=DH Au=None Enc=DES(56) Mac=SHA1
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

Nessus ID : 42873

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 32771 :
- program: 100024 (status), version: 1
- program: 100133 (nsm_addrand), version: 1

Nessus ID : 11111

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 32772 :
- program: 1073741824 (fmproduct), version: 1

Nessus ID : 11111

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 32772 :
- program: 100024 (status), version: 1
- program: 100133 (nsm_addrand), version: 1

Nessus ID : 11111

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 32773 :
- program: 100229 (metad), version: 1
- program: 100229 (metad), version: 2

Nessus ID : 11111

Remote operating system : Solaris
Confidence Level : 75
Method : NTP

The remote host is running Solaris

Nessus ID : 11936

Information about this scan :
Nessus version : 4.0.2 (Build 1076) (Nessus 4.2.2 is available - consider upgrading)
Plugin feed version : 201010192234
Type of plugin feed : ProfessionalFeed (Direct)
Scanner IP : 172.25.60.70
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
CGI scanning : disabled
Web application tests : disabled
Max hosts : 40
Max checks : 5
Recv timeout : 5
Backports : None
Scan Start Date : 2010/11/16 17:53
Scan duration : 207 sec

Nessus ID : 19506

Synopsis :

The remote service implements TCP timestamps.

Description :

The remote host implements TCP timestamps, as defined by RFC1323. A
side effect of this feature is that the uptime of the remote host can
sometimes be computed.
See also :
http://www.ietf.org/rfc/rfc1323.txt

Solution :
n/a

Risk factor :

None

Nessus ID : 25220

Synopsis :

It was possible to obtain traceroute information.

Description :

Makes a traceroute to the remote host.
Solution :
n/a

Risk factor :

None

Plugin output :

For your information, here is the traceroute from 172.25.60.70 to 172.31.51.28 :
172.25.60.70
172.25.60.251
172.31.46.102
172.31.51.28

Nessus ID : 10287

Synopsis :

An SSH server is listening on this port.

Description :

It is possible to obtain information about the remote SSH
server by sending an empty authentication request.
Solution :
n/a

Risk factor :

None

Plugin output :

SSH version : SSH-2.0-6.1.4.83 SSH Tectia Server

Nessus ID : 10267

An SSH server is running on this port.

Nessus ID : 22964

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 111 :
- program: 100000 (portmapper), version: 4
- program: 100000 (portmapper), version: 3
- program: 100000 (portmapper), version: 2

Nessus ID : 11111

Synopsis :

An ONC RPC portmapper is running on the remote host.

Description :

The RPC portmapper is running on this port.
The portmapper allows someone to get the port number of each RPC
service running on the remote host by sending either multiple lookup
requests or a DUMP request.
Solution :
n/a

Risk factor :

None

Nessus ID : 10223

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 111 :
- program: 100000 (portmapper), version: 4
- program: 100000 (portmapper), version: 3
- program: 100000 (portmapper), version: 2

Nessus ID : 11111

Synopsis :

An NTP server is listening on the remote host.

Description :

An NTP (Network Time Protocol) server is listening on this port. It
provides information about the current date and time of the remote
system and may provide system information.
Solution :
n/a

Risk factor :

None

Plugin output :

It was possible to gather the following information from the remote NTP host :
system='SunOS', leap=0, stratum=3, rootdelay=357.59,

rootdispersion=78.48, peer=24124, refid=172.31.35.9,

reftime=0xd08cd4eb.a2096000, poll=6, clock=0xd08cd4fa.0bbf4000,

phase=-0.545, freq=9561.90, error=2.69

Nessus ID : 10884

An SNMP Multiplexer (smux) is running on this port.

Nessus ID : 22964

Synopsis :

An Oracle tnslsnr service is listening on the remote port.

Description :

The remote host is running the Oracle tnslsnr service, a network
interface to Oracle databases. This product allows a remote user to
determine the presence and version number of a given Oracle
installation.
Solution :
Filter incoming traffic to this port so that only authorized hosts can
connect to it.

Risk factor :

None

Plugin output :

A TNS service is running on this port but it
refused to honor an attempt to connect to it.
(The TNS reply code was 4)

Nessus ID : 10658

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

Nessus ID : 22964

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 4045 :
- program: 100021 (nlockmgr), version: 1
- program: 100021 (nlockmgr), version: 2
- program: 100021 (nlockmgr), version: 3
- program: 100021 (nlockmgr), version: 4

Nessus ID : 11111

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 4045 :
- program: 100021 (nlockmgr), version: 1
- program: 100021 (nlockmgr), version: 2
- program: 100021 (nlockmgr), version: 3
- program: 100021 (nlockmgr), version: 4

Nessus ID : 11111

Synopsis :

A backup software is running on the remote port.

Description :

The remote host is running the VERITAS NetBackup Java Console
service. This service is used by the NetBackup Java Console
GUI to manage the backup server. A user, authorized to connect
to this service, can use it as a remote shell with system
privileges by sending 'command_EXEC_LIST' messages.
Solution :
n/a

Risk factor :

None

Plugin output :

Remote version of NetBackup is : 6.5

Nessus ID : 20148

Veritas NetBackup is running on this port.

Nessus ID : 22964

Synopsis :

A backup software is running on the remote port.

Description :

The remote host is running the VERITAS NetBackup Java Console
service. This service is used by the NetBackup Java Console
GUI to manage the backup server. A user, authorized to connect
to this service, can use it as a remote shell with system
privileges by sending 'command_EXEC_LIST' messages.
Solution :
n/a

Risk factor :

None

Plugin output :

Remote version of NetBackup is : 6.5

Nessus ID : 20148

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

Nessus ID : 22964

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 32771 :
- program: 1073741824 (fmproduct), version: 1

Nessus ID : 11111

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 32772 :
- program: 100024 (status), version: 1
- program: 100133 (nsm_addrand), version: 1

Nessus ID : 11111

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 32867 :
- program: 100024 (status), version: 1
- program: 100133 (nsm_addrand), version: 1

Nessus ID : 11111

Remote operating system : Solaris
Confidence Level : 75
Method : NTP

The remote host is running Solaris

Nessus ID : 11936

Information about this scan :
Nessus version : 4.0.2 (Build 1076) (Nessus 4.2.2 is available - consider upgrading)
Plugin feed version : 201010192234
Type of plugin feed : ProfessionalFeed (Direct)
Scanner IP : 172.25.60.70
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
CGI scanning : disabled
Web application tests : disabled
Max hosts : 40
Max checks : 5
Recv timeout : 5
Backports : None
Scan Start Date : 2010/11/16 17:53
Scan duration : 191 sec

Nessus ID : 19506

Synopsis :

The remote service implements TCP timestamps.

Description :

The remote host implements TCP timestamps, as defined by RFC1323. A
side effect of this feature is that the uptime of the remote host can
sometimes be computed.
See also :
http://www.ietf.org/rfc/rfc1323.txt

Solution :
n/a

Risk factor :

None

Nessus ID : 25220

Synopsis :

It was possible to obtain traceroute information.

Description :

Makes a traceroute to the remote host.
Solution :
n/a

Risk factor :

None

Plugin output :

For your information, here is the traceroute from 172.25.60.70 to 172.31.51.30 :
172.25.60.70
172.25.60.251
172.31.46.102
172.31.51.30

Nessus ID : 10287

Synopsis :

An SSH server is listening on this port.

Description :

It is possible to obtain information about the remote SSH
server by sending an empty authentication request.
Solution :
n/a

Risk factor :

None

Plugin output :

SSH version : SSH-2.0-6.1.4.83 SSH Tectia Server

Nessus ID : 10267

An SSH server is running on this port.

Nessus ID : 22964

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 111 :
- program: 100000 (portmapper), version: 4
- program: 100000 (portmapper), version: 3
- program: 100000 (portmapper), version: 2

Nessus ID : 11111

Synopsis :

An ONC RPC portmapper is running on the remote host.

Description :

The RPC portmapper is running on this port.
The portmapper allows someone to get the port number of each RPC
service running on the remote host by sending either multiple lookup
requests or a DUMP request.
Solution :
n/a

Risk factor :

None

Nessus ID : 10223

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 111 :
- program: 100000 (portmapper), version: 4
- program: 100000 (portmapper), version: 3
- program: 100000 (portmapper), version: 2

Nessus ID : 11111

Synopsis :

An NTP server is listening on the remote host.

Description :

An NTP (Network Time Protocol) server is listening on this port. It
provides information about the current date and time of the remote
system and may provide system information.
Solution :
n/a

Risk factor :

None

Plugin output :

It was possible to gather the following information from the remote NTP host :
system='SunOS', leap=0, stratum=3, rootdelay=366.87,

rootdispersion=70.02, peer=24564, refid=172.31.35.9,

reftime=0xd08cd140.1156c000, poll=10, clock=0xd08cd4f1.726a4000,

phase=-2.123, freq=32310.73, error=2.98

Nessus ID : 10884

An SNMP Multiplexer (smux) is running on this port.

Nessus ID : 22964

Synopsis :

An Oracle tnslsnr service is listening on the remote port.

Description :

The remote host is running the Oracle tnslsnr service, a network
interface to Oracle databases. This product allows a remote user to
determine the presence and version number of a given Oracle
installation.
Solution :
Filter incoming traffic to this port so that only authorized hosts can
connect to it.

Risk factor :

None

Plugin output :

A TNS service is running on this port but it
refused to honor an attempt to connect to it.
(The TNS reply code was 4)

Nessus ID : 10658

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

Nessus ID : 22964

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 4045 :
- program: 100021 (nlockmgr), version: 1
- program: 100021 (nlockmgr), version: 2
- program: 100021 (nlockmgr), version: 3
- program: 100021 (nlockmgr), version: 4

Nessus ID : 11111

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 4045 :
- program: 100021 (nlockmgr), version: 1
- program: 100021 (nlockmgr), version: 2
- program: 100021 (nlockmgr), version: 3
- program: 100021 (nlockmgr), version: 4

Nessus ID : 11111

Synopsis :

A backup software is running on the remote port.

Description :

The remote host is running the VERITAS NetBackup Java Console
service. This service is used by the NetBackup Java Console
GUI to manage the backup server. A user, authorized to connect
to this service, can use it as a remote shell with system
privileges by sending 'command_EXEC_LIST' messages.
Solution :
n/a

Risk factor :

None

Plugin output :

Remote version of NetBackup is : 6.5

Nessus ID : 20148

Veritas NetBackup is running on this port.

Nessus ID : 22964

Synopsis :

A backup software is running on the remote port.

Description :

The remote host is running the VERITAS NetBackup Java Console
service. This service is used by the NetBackup Java Console
GUI to manage the backup server. A user, authorized to connect
to this service, can use it as a remote shell with system
privileges by sending 'command_EXEC_LIST' messages.
Solution :
n/a

Risk factor :

None

Plugin output :

Remote version of NetBackup is : 6.5

Nessus ID : 20148

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

Nessus ID : 22964

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 32771 :
- program: 100024 (status), version: 1
- program: 100133 (nsm_addrand), version: 1

Nessus ID : 11111

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 32772 :
- program: 1073741824 (fmproduct), version: 1

Nessus ID : 11111

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 32774 :
- program: 100024 (status), version: 1
- program: 100133 (nsm_addrand), version: 1

Nessus ID : 11111

Remote operating system : Solaris
Confidence Level : 75
Method : NTP

The remote host is running Solaris

Nessus ID : 11936

Information about this scan :
Nessus version : 4.0.2 (Build 1076) (Nessus 4.2.2 is available - consider upgrading)
Plugin feed version : 201010192234
Type of plugin feed : ProfessionalFeed (Direct)
Scanner IP : 172.25.60.70
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
CGI scanning : disabled
Web application tests : disabled
Max hosts : 40
Max checks : 5
Recv timeout : 5
Backports : None
Scan Start Date : 2010/11/16 17:53
Scan duration : 160 sec

Nessus ID : 19506

Synopsis :

The remote service implements TCP timestamps.

Description :

The remote host implements TCP timestamps, as defined by RFC1323. A
side effect of this feature is that the uptime of the remote host can
sometimes be computed.
See also :
http://www.ietf.org/rfc/rfc1323.txt

Solution :
n/a

Risk factor :

None

Nessus ID : 25220

Synopsis :

Web application tests were not enabled during the scan.

Description :

One or several web servers were detected by Nessus, but neither the
CGI tests nor the Web Application Tests were enabled.
If you want to get a more complete report, you should enable one of
these features, or both.
Please note that the scan might take significantly longer with these
tests, which is why they are disabled by default.
See also :
http://blog.tenablesecurity.com/web-app-auditing/

Solution :
To enable specific CGI tests, go to the 'Advanced' tab, select
'Global variable settings' and set 'Enable CGI scanning'.
To generic enable web application tests, go to the 'Advanced' tab,
select 'Web Application Tests Settings' and set 'Enable web
applications tests'.
You may configure other options, for example HTTP credentials in
'Login configurations', or form-based authentication in 'HTTP login
page'.

Risk factor :

None

Nessus ID : 43067

Synopsis :

It was possible to obtain traceroute information.

Description :

Makes a traceroute to the remote host.
Solution :
n/a

Risk factor :

None

Plugin output :

For your information, here is the traceroute from 172.25.60.70 to 172.31.51.32 :
172.25.60.70
172.25.60.251
172.31.46.102
172.31.51.32

Nessus ID : 10287

Synopsis :

An SSH server is listening on this port.

Description :

It is possible to obtain information about the remote SSH
server by sending an empty authentication request.
Solution :
n/a

Risk factor :

None

Plugin output :

SSH version : SSH-2.0-6.1.0.668 SSH Tectia Server
SSH supported authentication : gssapi-with-mic,password,publickey,keyboard-interactive

Nessus ID : 10267

An SSH server is running on this port.

Nessus ID : 22964

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 111 :
- program: 100000 (portmapper), version: 4
- program: 100000 (portmapper), version: 3
- program: 100000 (portmapper), version: 2

Nessus ID : 11111

Synopsis :

An ONC RPC portmapper is running on the remote host.

Description :

The RPC portmapper is running on this port.
The portmapper allows someone to get the port number of each RPC
service running on the remote host by sending either multiple lookup
requests or a DUMP request.
Solution :
n/a

Risk factor :

None

Nessus ID : 10223

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 111 :
- program: 100000 (portmapper), version: 4
- program: 100000 (portmapper), version: 3
- program: 100000 (portmapper), version: 2

Nessus ID : 11111

Synopsis :

An NTP server is listening on the remote host.

Description :

An NTP (Network Time Protocol) server is listening on this port. It
provides information about the current date and time of the remote
system and may provide system information.
Solution :
n/a

Risk factor :

None

Plugin output :

It was possible to gather the following information from the remote NTP host :
system='SunOS', leap=0, stratum=3, rootdelay=356.55,

rootdispersion=78.84, peer=51532, refid=172.31.35.9,

reftime=0xd08cd2f8.f2854000, poll=10, clock=0xd08cd514.f22da000,

phase=7.157, freq=34058.93, error=12.82

Nessus ID : 10884

Synopsis :

XDMCP is running on the remote host.

Description :

XDMCP allows a Unix user to remotely obtain a graphical X11 login (and
therefore act as a local user on the remote host).
If an attacker gains a valid login and password, he may be able to use
this service to gain further access on the remote host. An attacker
may also use this service to mount a dictionary attack against the
remote host to try to log in remotely.
Note that XDMCP (the Remote Desktop Protocol) is vulnerable to
Man-in-the-middle attacks, making it easy for attackers to steal the
credentials of legitimates users by impersonating the XDMCP server.
In addition to this, XDMCP is not a ciphered protocol which make it
easy for an attacker to capture the keystrokes entered by the user.
Solution :
Disable the XDMCP if you do not use it, and do not allow this service
to run across the Internet

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

Plugin output :

Using XDMCP, it was possible to obtain the following information
about the remote host :
Hostname : m2urbbo01
Status : 0 user, load: 0.0, 0.0, 0.0

Nessus ID : 10891

An SNMP Multiplexer (smux) is running on this port.

Nessus ID : 22964

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

Nessus ID : 22964

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on TCP port 4045 :
- program: 100021 (nlockmgr), version: 1
- program: 100021 (nlockmgr), version: 2
- program: 100021 (nlockmgr), version: 3
- program: 100021 (nlockmgr), version: 4

Nessus ID : 11111

Synopsis :

An ONC RPC service is running on the remote host.

Description :

By sending a DUMP request to the portmapper, it was possible to
enumerate the ONC RPC services running on the remote port. Using this
information, it is possible to connect and bind to each service by
sending an RPC request to the remote port.
Solution :
n/a

Risk factor :

None

Plugin output :

The following RPC services are available on UDP port 4045 :
- program: 100021 (nlockmgr), version: 1
- program: 100021 (nlockmgr), version: 2
- program: 100021 (nlockmgr), version: 3
- program: 100021 (nlockmgr), version: 4

Nessus ID : 11111

A web server is running on this port.

Nessus ID : 22964

Synopsis :

Some information about the remote HTTP configuration can be extracted.

Description :

This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem.
Solution :
n/a

Risk factor :

None

Plugin output :

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Connection: close

Date: Tue, 16 Nov 2010 10:02:35 GMT

Content-Length: 1214

Content-Type: text/html

X-Powered-By: Servlet/2.5 JSP/2.1

Nessus ID : 24260

Synopsis :

This plugin displays the SSL certificate.

Description :

This plugin connects to every SSL-related port and attempts to
extract and dump the X.509 certificate.
Solution :
n/a

Risk factor :

None

Plugin output :

Subject Name:
Country: MY
State/Province: Wilayah Persekutuan
Organization: Malayan Banking Berhad
Organization Unit: ISD
Common Name: m2urbbo01
Issuer Name:
Country: MY
State/Province: Wilayah Persekutuan
Locality: Kuala Lumpur
Organization: Malayan Banking Berhad
Organization Unit: ISD
Common Name: M2UADAPT
Email Address: yttay@maybank.com.my
Serial Number: 00
Version: 3
Signature Algorithm: SHA-1 With RSA Encryption
Not Valid Before: Nov 02 11:46:37 2010 GMT
Not Valid After: Oct 30 11:46:37 2020 GMT
Public Key Info:
Algorithm: RSA Encryption
Public Key: 00 D8 C0 72 98 00 2A 32 89 9F 2E 1A 7E B1 6A 63 FB 17 9E 47
80 F6 CC 94 6F 81 F0 77 F5 58 24 95 11 B6 B6 B4 FD B4 C7 22
AC DE BD 6B D0 84 69 20 98 15 FD DB E0 06 18 9A A7 6A A2 EA
10 9D 76 56 07 64 9F 05 4C 9A 22 14 16 20 46 9D A6 0B 91 02
F5 D1 9D 04 04 C1 9D 7F 9B 87 DB E0 0C 40 92 F4 22 F3 0F 57
CA 3F EB 8E 6B 1B C3 47 DE D6 27 6D 94 6A 78 6B 1B 43 53 F8
04 68 A3 A6 66 C3 F2 FB 8F
Exponent: 01 00 01
Signature: 00 A6 6A B5 A6 12 A5 8C 7C DC 71 D0 AF 9B D8 B1 74 E8 6C 7A
36 5A 06 67 26 2B 13 05 89 00 75 EA 37 34 98 94 3A A6 37 3C
79 37 41 38 C7 F0 DC D4 97 9B 26 C2 43 43 BC E1 F9 03 A9 16
1C 63 1F 13 84 99 AB 63 1B 6D 45 08 81 1D 8D 10 30 16 58 3F
AE 9C C0 E5 1C D7 A6 ED C2 CD DC 94 86 C4 1D 82 88 A4 5A 64
AA BC 06 DC C2 F6 96 80 67 27 DF 34 FF CA E6 B8 4C 31 0F 91
0E 7F 0E FB 2E 44 C1 5F 59 D8 B8 85 DA 28 E6 14 9A C0 B0 DC
20 1C E5 93 6C A7 CB 2A 0A 32 88 6D 83 81 01 F9 02 22 C0 94
81 C7 5C 79 24 0E 9B 72 42 01 BD 2C 34 D5 2F 23 B4 5A D8 1B
D3 0E F7 4E 92 60 2A AF 18 DE 76 FE 3A 07 E3 11 AB 76 E8 1F
F2 82 86 83 69 BE 09 2B 4F 7D 0E 1E B3 63 65 D4 7C AF E8 70
5E E5 65 A0 B8 FD 94 26 71 F4 AB 16 90 3E 53 C9 ED D5 30 C7
19 E2 27 89 C6 9A 3D 98 D4 28 B9 D9 9C 99 7B 85 C8
Extension: Basic Constraints (2.5.29.19)
Critical: 0
Data: 30 00

Extension: Comment (2.16.840.1.113730.1.13)
Critical: 0
Comment: OpenSSL Generated Certificate

Extension: Subject Key Identifier (2.5.29.14)
Critical: 0
Subject Key Identifier: 22 BF 1D 37 03 44 54 08 C8 31 A6 F8 53 01 5C C3 D7 B5 91 7E

Extension: Authority Key Identifier (2.5.29.35)
Critical: 0

Nessus ID : 10863

Synopsis :

The remote service encrypts communications using SSL.

Description :

This script detects which SSL ciphers are supported by the remote
service for encrypting communications.
See also :
http://www.openssl.org/docs/apps/ciphers.html

Solution :
n/a

Risk factor :

None

Plugin output :

Here is the list of SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv3
ADH-DES-CBC-SHA Kx=DH Au=None Enc=DES(56) Mac=SHA1
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
High Strength Ciphers (>= 112-bit key)
SSLv3
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES(168) Mac=SHA1
ADH-RC4-MD5 Kx=DH Au=None Enc=RC4(128) Mac=MD5
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

Nessus ID : 21643

An SSLv3 server answered on this port.

Nessus ID : 22964

A web server is running on this port through SSLv3.

Nessus ID : 22964

Synopsis :

Some information about the remote HTTP configuration can be extracted.

Description :

This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem.
Solution :
n/a

Risk factor :

None

Plugin output :

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Connection: close

Date: Tue, 16 Nov 2010 10:02:35 GMT

Content-Length: 1214

Content-Type: text/html

X-Powered-By: Servlet/2.5 JSP/2.1

Nessus ID : 24260

Synopsis :

The remote service supports the use of weak SSL ciphers.

Description :

The remote host supports the use of SSL ciphers that offer either weak
encryption or no encryption at all.
Note: This is considerably easier to exploit if the attacker is on the
same physical network.
See also :
http://www.openssl.org/docs/apps/ciphers.html

Solution :
Reconfigure the affected application if possible to avoid use of weak
ciphers.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

Plugin output :

Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

Other references :
CWE:327, CWE:326, CWE:753, CWE:803, CWE:720

Nessus ID : 26928