Nessus Scan Report
Number of hosts which were alive during the test : 1
Number of security holes found : 3
Number of security warnings found : 0
Number of security notes found : 2
List of the tested hosts :
192.192.192.192 :
List of open ports :
Information found on port general/udp
For your information, here is the traceroute to 192.192.192.192 :
?
Vulnerability found on port smtp (25/tcp)
The remote SMTP server did not complain when issued the
command :
MAIL FROM: root@this_host
RCPT TO: |testing
This probably means that it is possible to send mail directly
to programs, which is a serious threat, since this allows
anyone to execute arbitrary command on this host.
NOTE : ** This security hole might be a false positive, since
some MTAs will not complain to this test, and instead will
just drop the message silently **
Solution : upgrade your MTA or change it.
Risk factor : High
CVE : CAN-1999-0163
Vulnerability found on port smtp (25/tcp)
The remote SMTP server did not complain when issued the
command :
MAIL FROM: root@this_host
RCPT TO: /tmp/nessus_test
This probably means that it is possible to send mail directly
to files, which is a serious threat, since this allows
anyone to overwrite any file on the remote server.
NOTE : ** This security hole might be a false positive, since
some MTAs will not complain to this test and will
just drop the message silently. Check for the presence
of file 'nessus_test' in /tmp ! **
Solution : upgrade your MTA or change it.
Risk factor : High
CVE : CVE-1999-0096
Vulnerability found on port smtp (25/tcp)
The remote SMTP server did not complain when issued the
command :
MAIL FROM: |testing
This probably means that it is possible to send mail
that will be bounced to a program, which is
a serious threat, since this allows anyone to execute
arbitrary command on this host.
NOTE : ** This security hole might be a false positive, since
some MTAs will not complain to this test, but instead
just drop the message silently **
Solution : upgrade your MTA or change it.
Risk factor : High
CVE : CAN-1999-0203
Information found on port smtp (25/tcp)
Remote SMTP server banner :
linux.MyDomain ESMTP
214 qmail home page: http://pobox.com/~djb/qmail.html
This file was generated by Nessus, the open-sourced security scanner.