2 November 2006

SARA Scan Results of psc_server

INTRODUCTION

A Security Auditor's Research Assistant (SARA) security scan was performed on hosts on the psc_server sub-nets. The SARA scan was performed to identify potential security vulnerabilities in the psc_server sub-domain. The last scan was completed on 2006/11/02 06:17:23 and its scan mode was set to extreme. The version of SARA was Version 7.0.2c.

DISCUSSION
SARA is a third generation security analysis tool that analyzes network-based services on the target computers. SARA classifies a detected service in one of five categories:

A total of 7 devices were detected of which 2 are possibly vulnerable. Figure 1 summarizes this scan by color where the Green bar indicates hosts with no detected vulnerabilities. Gray indicates hosts with no services. The Red bar indicates hosts that have one or more red vulnerabilities. The Yellow bar indicates hosts that have one or more yellow vulnerabilities (but no red). And the Brown bar indicates hosts that have one or more brown problems (but no red or yellow).

The SARA scan results are distributed as appendices to this paper:

Appendices are hyper-linked to assist the reader in navigating through this report. The report includes information on all hosts that have one or more vulnerabilities.

RECOMMENDATION
The identified hosts should be analyzed immediately.

END OF SECTION

Appendix A
SARA Subnet Summary

Host Name
Host IP
NetBios Name
Operating System
 Grn Red Yel Brn FP
158.74.241.12 158.74.241.12 9 0 0 0 0
158.74.241.15 158.74.241.15 10 0 0 0 0
158.74.241.18 158.74.241.18 11 0 0 0 0
158.74.241.25 158.74.241.25 10 0 0 0 0
158.74.241.28 158.74.241.28 10 0 0 0 0
158.74.241.3 158.74.241.3 12 0 1 0 0
158.74.241.9 158.74.241.9 13 2 2 2 0
Table A-1: Subnet 158.74.241
END OF SECTION

Appendix B
SARA Host Details

Name
IP
NetBios
Netbios Domain
Operating System
158.74.241.3 158.74.241.3
Non Vulnerable services

       domain (53)
       ms-sql-m (1434)
       ssh (22)
    		    h323gatedisc (1718)
       pop3s (995)
       sunrpc (111)
    		    h323gatestat (1719)
       smux (199)
       telnet (23)
    		    h323hostcall (1720)
       snmp (161)
       xdmcp (177)

Vulnerabilities

False Positives

    <None>

Name
IP
NetBios
Netbios Domain
Operating System
158.74.241.9 158.74.241.9
Non Vulnerable services

       domain (53)
       ms-sql-m (1434)
       snmp (161)
       xdmcp (177)
    		    h323gatedisc (1718)
       nfs (2049)
       ssh (22)
    		    h323gatestat (1719)
       pop3s (995)
       sunrpc (111)
    		    h323hostcall (1720)
       smux (199)
       telnet (23)

Vulnerabilities

False Positives

    <None>

END OF SECTION

Appendix C
SARA Vulnerability Summary

Critical Vulnerabilities (RED)

Probable Vulnerabilities (YELLOW)

Possible Vulnerabilities (BROWN)

Labeled as False Positive (GRAY)

END OF SECTION

Appendix D
SARA Tutorial Summaries

National Cyber-Alert System
Vulnerability Summary: ARC-012
Orirignal release date: 2006-05-01
Source: Advanced Research Corporation ®

Overview

    The directory mentioned in the vulnerability is is available to everyone who can connect to the NFS server. If the vulnerability indicates 'rw', then files in the mentioned directory can be overwritten.

Impact

    CVSS Severity: 8.0 (High)
    Range: remote
    Authentication:
    Impact Type:

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    Any NFS Server

Technical Details

National Cyber-Alert System
Vulnerability Summary: ARC-013
Orirignal release date: 2006-05-01
Source: Advanced Research Corporation ®

Overview

    The Oracle Listener is not password protected. Consequently, a specially crafted status request yielded account names. Arbitrary file overwrites may also be possible. Security should be enabled on the Listener by adding a password.

Impact

    CVSS Severity: 7.0 (High)
    Range: remote
    Authentication:
    Impact Type:

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    Any Oracle Server

Technical Details

National Cyber-Alert System
Vulnerability Summary: ARC-018
Orirignal release date: 2006-05-01
Source: Advanced Research Corporation ®

Overview

    The Oracle server is displaying a version number that is known to be vulnerable to one or more exploits. Check the version number and apply the appropriate patch.

Impact

    CVSS Severity: 6.9 (Medium)
    Range: remote
    Authentication:
    Impact Type:

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    Oracle Servers

Technical Details

National Cyber-Alert System
Vulnerability Summary: ARC-022
Orirignal release date: 2006-05-01
Source: Advanced Research Corporation ®

Overview

    The sendmail DEBUG command enabled. Under certain circumstances, this command could assist the malicious user in compromising the system. The sendmail VRFY and/or EXTN commands may be enabled. These commands can assist the malicious user in guessing valid account names.

Impact

    CVSS Severity: 6.0 (Medium)
    Range: remote
    Authentication:
    Impact Type:

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    Sendmail

Technical Details

National Cyber-Alert System
Vulnerability Summary: CVE-1999-0045
Orirignal release date: 1996-12-10
Source: US-CERT/NIST

Overview

    List of arbitrary files on Web host via nph-test-cgi script

Impact

    CVSS Severity: 7 (High)
    Range: remote
    Authentication: input,config
    Impact Type: sec_prot

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    Apache (Apache Group)
    Communications Server (Netscape)
    Enterprise Server (Netscape)
    Commerce Server (Netscape)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0045

National Cyber-Alert System
Vulnerability Summary: CVE-2000-0818
Orirignal release date: 2000-12-19
Source: US-CERT/NIST

Overview

    The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.

Impact

    CVSS Severity: 10 (High)
    Range: local,remote
    Authentication: design
    Impact Type: sec_prot admin="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    listener (Oracle)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0818

National Cyber-Alert System
Vulnerability Summary: CVE-2003-0694
Orirignal release date: 2003-10-06
Source: US-CERT/NIST

Overview

    The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

Impact

    CVSS Severity: 10 (High)
    Range: remote
    Authentication: input buffer="1"
    Impact Type: sec_prot admin="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    TurboLinux Workstation (TurboLinux)
    AIX (IBM)
    Mac OS X (Apple)
    Tru64 (Compaq)
    Gentoo Linux (Gentoo)
    Solaris (Sun)
    Sendmail Pro (Sendmail Inc)
    Sendmail (Sendmail Consortium)
    IRIX (SGI)
    HP-UX (HP)
    TurboLinux Server (TurboLinux)
    NetBSD (NetBSD)
    Sendmail Advanced Message Server (Sendmail Inc)
    Mac OS X Server (Apple)
    Sendmail (Sendmail Inc)
    TurboLinux Advanced Server (TurboLinux)
    FreeBSD (FreeBSD)
    Sendmail Switch (Sendmail Inc)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0694