[4eyes] FW:
Matthew Turk
mturk at cs.ucsb.edu
Fri Dec 12 10:19:01 PST 2014
Another vulnerability to check into. Who has 128.111.28.122?
Matthew
-----Original Message-----
From:
Sent: None
Subject:
Greetings:
Our vulnerability scanner has found a potentially vulnerable host on your network. You should consider taking the recommended actions mentioned in this report in order to reduce the chances of this host being abused by an attacker. If you believe any part of this report to be incorrect, please let us know so that we can work to improve our reporting accuracy.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Here is information about potential vulnerabilities that were found:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
IP : 128.111.28.122
Name : ilab-122.cs.ucsb.edu
Scan Time : Thu Dec 11 22:59:08 2014
Service : http (80/tcp)
Script ID : 46803
Synopsis :
The configuration of PHP on the remote host allows disclosure of sensitive information.
Description :
The PHP install on the remote server is configured in a way that allows disclosure of potentially sensitive information to an attacker through a special URL. Such a URL triggers an Easter egg built into PHP itself.
Other such Easter eggs likely exist, but Nessus has not checked for them.
See also :
http://www.0php.com/php_easter_egg.php
http://seclists.org/webappsec/2004/q4/324
Solution :
In the PHP configuration file, php.ini, set the value for 'expose_php' to 'Off' to disable this behavior. Restart the web server daemon to put this change into effect.
CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin output :
Nessus was able to verify the issue using the following URL :
http://ilab-122.cs.ucsb.edu/index.php/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
Other references : OSVDB:12184
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
IP : 128.111.28.122
Name : ilab-122.cs.ucsb.edu
Scan Time : Thu Dec 11 22:59:08 2014
Service : ms-wbt-server (3389/tcp)
Script ID : 79638
Synopsis :
The remote Windows host is affected by a remote code execution vulnerability.
Description :
The remote Windows host is affected by a remote code execution vulnerability due to improper processing of packets by the Secure Channel (Schannel) security package. An attacker can exploit this issue by sending specially crafted packets to a Windows server.
Note that this plugin sends a client Certificate TLS handshake message followed by a CertificateVerify message. Some Windows hosts will close the connection upon receiving a client certificate for which it did not ask for with a CertificateRequest message. In this case, the plugin cannot proceed to detect the vulnerability as the CertificateVerify message cannot be sent.
See also :
https://technet.microsoft.com/library/security/ms14-066
Solution :
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.
CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true
CVE : CVE-2014-6321
BID : 70954
Other references : OSVDB:114506, CERT:505120, IAVA:2014-A-0176, MSFT:MS14-066
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
--
E. Todd Atkins
Network Security Coordinator, Infrastructure Enterprise Technology Services University of California, Santa Barbara
**********************************************************************
The NOC's list of network contacts is used to determine who should receive email such as this. Please direct any requests for changes to this list of network contacts to noc at ucsb.edu.
**********************************************************************
More information about the Ilab-users
mailing list