1. Risk Classification Summary
2. Vulnerability Category Summary
3. Vulnerability Title Summary
4. Vulnerability Details
5. Open Ports
6. Complete Report Order Form
Appendix A: Risk Definitions
1. Risk Classification Summary
Vulnerabilities are classified according to the risk they present to the network/host on which they are found. The following chart summarizes how the 0 different issues we found are spread across the different risk classes.
For a detailed explanation of how vulnerabilities are classified, see Appendix A: Risk Definitions
2. Vulnerability Category Summary
The vulnerability category summary shows how the various issues that were reported are distributed across the different test categories.
Category
High
Med
Low
Other
Fedora Local Security Checks
SuSE Local Security Checks
Web application abuses
Debian Local Security Checks
Ubuntu Local Security Checks
Huawei EulerOS Local Security Checks
General
CentOS Local Security Checks
Red Hat Local Security Checks
Mandrake Local Security Checks
Windows : Microsoft Bulletins
Product detection
Gentoo Local Security Checks
FreeBSD Local Security Checks
Denial of Service
Oracle Linux Local Security Checks
CGI abuses
Databases
Amazon Linux Local Security Checks
Policy
CISCO
Web Servers
Buffer overflow
Slackware Local Security Checks
Windows
Conectiva Local Security Checks
IT-Grundschutz-deprecated
Service detection
Backdoors
Mageia Linux Local Security Checks
Turbolinux Local Security Tests
Default Accounts
Mac OS X Local Security Checks
FTP
Gain a shell remotely
IT-Grundschutz
Nmap NSE net
Trustix Local Security Checks
Nmap NSE
JunOS Local Security Checks
F5 Local Security Checks
Huawei
Remote file access
Gain root remotely
SMTP problems
Privilege escalation
Misc.
IT-Grundschutz-15
SSL and TLS
AIX Local Security Checks
CGI abuses : XSS
VMware Local Security Checks
Malware
RPC
Palo Alto PAN-OS Local Security Checks
FortiOS Local Security Checks
Citrix Xenserver Local Security Checks
Windows : User management
SNMP
Useless services
Peer-To-Peer File Sharing
Firewalls
HP-UX Local Security Checks
Settings
Brute force attacks
Compliance
Port scanners
Finger abuses
Credentials
NIS
Solaris Local Security Checks
Totals:
0
0
0
0
On-line Order Form
This report is a synopsis of a security audit done on your
system. You had 0 High Risk and 0 Medium Risk vulnerabilities
that were not disclosed in the above report. To view the details of
these vulnerabilities and solutions to fix them, please subscribe to
one of the services below.
3. Vulnerability Title Summary
4. Vulnerability Details
Information omitted.
Information omitted.
5. Open Ports - X.X.X.X
Port
Protocol
Probable Service
135
TCP
loc-srv
Defined as a "Location Service" in RFC1060, pre-SP3 versions
of Windows NT were susceptible to a denial of service attack
on this port that would cause NT's rpcss.exe process to consume
all available CPU cycles. The (easiest) recovery from this
attack is to reboot your machine.
You should do one of several things: a) upgrade/patch your operating
system to make sure it is not susceptible to this attack; b) firewall
your system so that port 135 is not visible from the internet
c) configure your router to block port 135; d) Install one of several
monitoring packages on your PC that block this denial of service.
139
TCP
netbios-ssn
Port 139 is used on Windows machines for NetBios name resolution,
WINS, etc. A problem with older unpatched versions of Windows is that
they are susceptible to receipt of Out-Of-Band (OOB) data. This means
that someone can remotely send you OOB data on port 139 and can cause
numerous problems on your machine, including but not limited to
machine lockups, blue screens, loss of internet connection.
You should do one of several things: a) upgrade/patch your operating
system to make sure it is not susceptible to this attack; b) firewall
your system so that port 139 is not visible from the internet
c) configure your router to block port 139; d) Install one of several
monitoring packages on your PC that block this denial of service.
Number of open ports found by port scan:2
Appendix A: Risk Definitions
Users should note that test classifications are subjective, although we do our best to make appropriate classifications. If you spot an inconsistency, please let us know so that we can make the appropriate corrections.
AppendixB: CVE Versioning
CVE identifiers, an industry standard way of identifying tests, are maintained by Mitre. The current mapping of CVE/CAN identifiers to Test IDs is based on CVE Version Number 20211016, and CAN Version Number 20211016. These were verified on October 16, 2021 as being the latest available.