[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RPC vulnerability ?



Hi !
 
I am building a model application on OpenBSD.
I have an eval. copy of Retina - from eEye. It is a security scanner.
The only hole it sees in my installation is that port 111 (SunRPC) is open.
See attached report with suporting gifs &jpgs.
If htm file is:
Retina Report xt3.htm
It looks for gifs in a folder named:
Retina Report xt3_files

Services open:
111 -UDP portmapper
111 - TCP portmapper
885 - UDP  statd ver1 & 2
1009 - UDP Network username server ver 1,2,3

Hack points:
 
RPC statd file deletion vuln
RPC statd format string attack
RPC statd overflow
 
What to do - if anything ?
 
Mark
Title: Retina Report



Confidential Information

The following report contains confidential information, do not distribute, email, fax or transfer via any electronic mechanism unless it has been approved by our security policy. All copies and backups of this documents should be saved on protected storage at all times. Do not share any of the information contained within this report with anyone unless they are authorized to view the information. Violating any of the previous instructions is ground for termination.

 

Table of Contents



Executive Summary
1 - 1
Address 192.168.001.003
2 - 1
General
2 - 2
Audits
2 - 3
Machine
2 - 4
Ports
2 - 5
Services
2 - 6
Shares
2 - 7
Users
2 - 8
Statistics
3 - 1
Check List
4 - 1
Glossary of Terms
5 - 1

 

Executive Summary 1 - 1

Introduction
This report was generated on 3/10/2001 5:13:22 PM. Network security scan was performed using the default security policy. Security audits in this report are not conclusive and to be used only as reference, physical security to the network should be examined also. All audits outlined in this report where performed using Retina - The Network Security Scanner, Version 3.0.2

Audits
Audits in Retina the Network Security Scanner are categorized into different sections. The sections are based on the type of services you might be running on your servers and / or workstations.

Total Vulnerabilities By Risk Level
The following graph illustrates the total number of vulnerabilities accross all machines divided by risk level.



High 3

Medium 0

Low 0

Information 0

Total Vulnerabilities By Accounts Audit
The following graph illustrates the total number of Accounts vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

Total Vulnerabilities By CGI Scripts Audit
The following graph illustrates the total number of CGI Scripts vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

Total Vulnerabilities By CHAM Audit
The following graph illustrates the total number of CHAM vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

Total Vulnerabilities By Commerce Audit
The following graph illustrates the total number of Commerce vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

Total Vulnerabilities By Dns Services Audit
The following graph illustrates the total number of Dns Services vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

Total Vulnerabilities By DoS Audit
The following graph illustrates the total number of DoS vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

Total Vulnerabilities By FTP Servers Audit
The following graph illustrates the total number of FTP Servers vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

Total Vulnerabilities By IP Services Audit
The following graph illustrates the total number of IP Services vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

Total Vulnerabilities By Mail Servers Audit
The following graph illustrates the total number of Mail Servers vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

Total Vulnerabilities By Miscellaneous Audit
The following graph illustrates the total number of Miscellaneous vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

Total Vulnerabilities By NetBIOS Audit
The following graph illustrates the total number of NetBIOS vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

Total Vulnerabilities By Registry Audit
The following graph illustrates the total number of Registry vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

Total Vulnerabilities By Remote Access Audit
The following graph illustrates the total number of Remote Access vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

Total Vulnerabilities By Rpc Services Audit
The following graph illustrates the total number of Rpc Services vulnerabilities accross all machines divided by risk level.



High 3

Medium 0

Low 0

Information 0

Total Vulnerabilities By Service Control Audit
The following graph illustrates the total number of Service Control vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

Total Vulnerabilities By SSH Servers Audit
The following graph illustrates the total number of SSH Servers vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

Total Vulnerabilities By Web Servers Audit
The following graph illustrates the total number of Web Servers vulnerabilities accross all machines divided by risk level.



High 0

Medium 0

Low 0

Information 0

 

Address 192.168.001.003 2 - 1



General: 192.168.001.003


Address: 192.168.1.3
This is the IP (Internet Protocol) address of the machine, a single machine might have multiple IP adresses associated with it.


Report Date: 03/10/01 17:12:22PM
This is the date and time the scanner started to perform the auditing process. The date and time is reported off the machine local time zone.


Domain Name: xterm3.columbus.rr.com
This is the domain name of the machine. There can be multiple domain names assigned to a single IP (Internet Protocol) address or one domain name assigned to multiple IP addresses.


Ping Response: Host Responded
No More Details Available


Average Ping Response: 7 ms
No More Details Available


Time To Live: 255
No More Details Available



Audits: 192.168.001.003


Rpc Services: RPC statd file deletion vuln
High Risk Level
The statd RPC service has been known to contain an error that could allow an attacker to create or delete files on the hard drive due to improper argument checking by the statd service.
How To Fix:
Upgrade to the current version of statd from your vendor, or if this service is unnessescary, remove it following your vendor's directions.


Rpc Services: RPC statd format string attack
High Risk Level
The statd RPC service in numerous linux distributions has been known to contain format string holes that would allow a remote attacker the ability to run code as root.
How To Fix:
Upgrade to the current version of statd from your vendor, or if this service is unnessescary, remove it following your vendor's directions.


Rpc Services: RPC statd overflow
High Risk Level
The statd RPC service has been known to contain holes that would allow a remote attacker the ability to run code as root due to poor bounds checking.
How To Fix:
Upgrade to the current version of statd from your vendor, or if this service is unnessescary, remove it following your vendor's directions.



Machine: 192.168.001.003



Ports: 192.168.001.003


Open Ports: 5
No More Details Available


Closed Ports: 1331 - Closed Ports will not be shown
No More Details Available


13: DAYTIME - Daytime
Port State: Open


22: SSH - SSH (Secure Shell) Remote Login Protocol
Detected Protocol: SSH
Port State: Open
Version: SSH-1.99-OPENSSH_2.3.0


37: TIME - Time
Port State: Open


111: SUNRPC - SUN Remote Procedure Call
Port State: Open


113: IDENT - Authentication Service
Detected Protocol: AUTH
Port State: Open
Version: 0 , 0 : ERROR : UNKNOWN-ERROR



Services: 192.168.001.003


portmapper: Sun Portmapper Service
Details: maps ports to services for Sun's RPC implementation
Port: 111
Protocol: UDP
Version: 2


portmapper: Sun Portmapper Service
Details: maps ports to services for Sun's RPC implementation
Port: 111
Protocol: TCP
Version: 2


rstatd: RPC statd service
Details:
Port: 756
Protocol: UDP
Version: 1


rstatd: RPC statd service
Details:
Port: 756
Protocol: UDP
Version: 2


rstatd: RPC statd service
Details:
Port: 756
Protocol: UDP
Version: 3


rusersd: Network username server
Details: Returns list of users on host
Port: 914
Protocol: UDP
Version: 1


rusersd: Network username server
Details: Returns list of users on host
Port: 914
Protocol: UDP
Version: 2


rusersd: Network username server
Details: Returns list of users on host
Port: 914
Protocol: UDP
Version: 3



Shares: 192.168.001.003



Users: 192.168.001.003


END OF REPORT



yellow.gif

au.gif

black.gif

gray.gif

green.gif

logo.jpg

orange.gif

red.gif

white.gif

ad.gif