timestamps|||scan_start|Wed Apr 16 18:14:58 2008|
timestamps||140.211.166.115|host_start|Wed Apr 16 18:14:59 2008|
results|140.211.166|140.211.166.115|smtp (25/tcp)
results|140.211.166|140.211.166.115|ssh (22/tcp)
results|140.211.166|140.211.166.115|nessus (1241/tcp)
results|140.211.166|140.211.166.115|netsaint (5666/tcp)
results|140.211.166|140.211.166.115|cfengine (5308/tcp)
results|140.211.166|140.211.166.115|cfengine (5308/tcp)|10330|Security Note|The service closed the connection after 0 seconds without sending any data\nIt might be protected by some TCP wrapper\n\n
results|140.211.166|140.211.166.115|smtp (25/tcp)|10330|Security Note|An SMTP server is running on this port\nHere is its banner : \n220 nessus.osuosl.org ESMTP Postfix\r\n
results|140.211.166|140.211.166.115|ssh (22/tcp)|10330|Security Note|An ssh server is running on this port\n
results|140.211.166|140.211.166.115|ntp (123/udp)|10884|Security Note|\nSynopsis :\n\nAn NTP server is listening on the remote host.\n\nDescription :\n\nAn NTP (Network Time Protocol) server is listening on this port.\nIt provides information about the current date and time of the\nremote system and may provide system information.\n\nRisk factor :\n\nNone\n\nPlugin output :\n\nIt was possible to gather the following information from the remote NTP host :\n\nversion='ntpd 4.2.4p3@1.1502-o Sat Oct  6 00:59:07 UTC 2007 (1)',\r\nprocessor='i686', system='Linux/2.6.20-xen-r7-osl1-domU', leap=0,\r\nstratum=2, precision=-20, rootdelay=48.683, rootdispersion=47.352,\r\npeer=31244, refid=209.132.176.4, reftime=0xcbb0b91a.9e0fee61, poll=10,\r\nclock=0xcbb0c0b3.a4bd60df, state=4, offset=0.187, frequency=-78.942,\r\njitter=0.709, noise=0.404, stability=0.036, tai=0\r\n\n
results|140.211.166|140.211.166.115|general/tcp|12053|Security Note|140.211.166.115 resolves as nessus.osuosl.org.\n
results|140.211.166|140.211.166.115|general/tcp|12634|Security Note|Nessus can run commands on localhost to check if patches are applied\nThe output of "uname -a" is :\nLinux nessus 2.6.20-xen-r7-osl1-domU #4 SMP Tue Feb 26 01:34:45 UTC 2008 i686 Intel(R) Xeon(TM) CPU 2.80GHz GenuineIntel GNU/Linux\n\nThe remote Gentoo system is :\nGentoo Base System release 1.12.10\n\nLocal security checks have been enabled for this host.\n
results|140.211.166|140.211.166.115|smtp (25/tcp)|10263|Security Note|\nSynopsis :\n\nAn SMTP server is listening on the remote port.\n\nDescription :\n\nThe remote host is running a mail (SMTP) server on this port.\n\nSince SMTP servers are the targets of spammers, it is recommended you \ndisable it if you do not use it.\n\nSolution : \n\nDisable this service if you do not use it, or filter incoming traffic \nto this port.\n\nRisk factor : \n\nNone\n\nPlugin output :\n\nRemote SMTP server banner :\n220 nessus.osuosl.org ESMTP Postfix\r\n
results|140.211.166|140.211.166.115|ssh (22/tcp)|10267|Security Note|\nSynopsis :\n\nAn SSH server is listening on this port.\n\nDescription :\n\nIt is possible to obtain information about the remote SSH\nserver by sending an empty authentication request.\n\nRisk factor :\n\nNone\n\nPlugin output :\n\nSSH version : SSH-2.0-OpenSSH_4.7\nSSH supported authentication : publickey,password,keyboard-interactive\nSSH banner : \n***************************************************************************\n                            NOTICE TO USERS\n\nThis is a computer system operated by the Oregon State University Open Source\nLab. It is for authorized use only. Users (authorized or unauthorized) have \nno explicit or implicit expectation of privacy.\n\nAny or all uses of this system and all files on this system may be \nintercepted, monitored, recorded, copied, audited, inspected, and disclosed to \nauthorized site, Oregon State University, and law enforcement personnel, \nas well as authorized officials of other agencies, both domestic and foreign.\nBy using this system, the user consents to such interception, monitoring, \nrecording, copying, auditing, inspection, and disclosure at the discretion of \nauthorized site or Oregon State University personnel.\n\nUnauthorized or improper use of this system may result in administrative \ndisciplinary action and civil and criminal penalties. By continuing to use\nthis system you indicate your awareness of and consent to these terms and \nconditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions\nstated in this warning.\n\n*****************************************************************************\n\n\n
results|140.211.166|140.211.166.115|ssh (22/tcp)|10881|Security Note|\nSynopsis :\n\nAn SSH server is running on the remote host. \n\nDescription :\n\nThis plugin determines the versions of the SSH protocol supported by\nthe remote SSH daemon. \n\nRisk factor : \n\nNone\n\nPlugin output :\n\nThe remote SSH daemon supports the following versions of the\nSSH protocol :\n\n  . 1.99\n  . 2.0\n\n\nSSHv2 host key fingerprint : 4f:c0:3e:36:66:22:f7:0b:18:29:0d:8e:ab:c1:41:19\n\n
results|140.211.166|140.211.166.115|ssh (22/tcp)|31737|Security Warning|\nSynopsis :\n\nThe remote SSH service is prone to an X11 session hijacking\nvulnerability. \n\nDescription :\n\nAccording to its banner, the version of SSH installed on the remote\nhost is older than 5.0.  Such versions may allow a local user to\nhijack X11 sessions because it improperly binds TCP ports on the local\nIPv6 interface if the corresponding ports on the IPv4 interface are in\nuse. \n\nSee also :\n\nhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011\nhttp://www.openssh.org/txt/release-5.0\n\nSolution :\n\nUpgrade to OpenSSH version 5.0 or later. \n\nRisk factor : \n\nMedium / CVSS Base Score : 6.2\n(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)\n\nPlugin output :\nThe remote OpenSSH server returned the following banner :\n\n  SSH-2.0-OpenSSH_4.7\n\nCVE : CVE-2008-1483\nBID : 28444\nOther references : Secunia:29522\n
results|140.211.166|140.211.166.115|cfengine (5308/tcp)|14315|Security Note|\ncfengine version 2.1.22 is running on this port.\ncfengine is a language-based system for testing and configuring \nunix and windows systems attached to a TCP/IP network.\n\nRisk factor : None\n
results|140.211.166|140.211.166.115|general/tcp|11936|Security Note|\nRemote operating system : Linux Kernel 2.6.20-xen-r7-osl1-domU on Gentoo Base System release 1.12.10\nConfidence Level : 100\nMethod : LinuxDistribution\n\n \nThe remote host is running Linux Kernel 2.6.20-xen-r7-osl1-domU on Gentoo Base System release 1.12.10\n
results|140.211.166|140.211.166.115|general/tcp|24017|Security Warning|\nSynopsis :\n\nThe remote operating system contains obsolete software\n\nDescription :\n\nThe remote Gentoo system contains several packages or versions \nwhich have been marked as obsolete and have been removed from \nthe portage tree.\nThese versions are therefore unmaintained, which means that if\nany security flaw is found in them, no patch will be made \navailable.\n\nIn addition to this, these packages might break after a library \nupgrade and it will be impossible to recompile them.\n\nSolution: \n\nRemove or upgrade those packages.\n\nRisk factor : \n\nMedium / CVSS Base Score : 6 \n(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)\n\n\nPlugin output :\n\nThe following packages should be updated:\napp-admin/denyhosts-2.6-r1\napp-admin/sysstat-8.0.0\napp-arch/cpio-2.9-r1\napp-arch/gzip-1.3.5-r10\napp-arch/tar-1.18-r2\napp-editors/nano-2.0.2\napp-misc/ca-certificates-20061027.2\napp-shells/bash-3.2_p17\ndev-libs/apr-0.9.12\ndev-libs/apr-util-0.9.12-r1\ndev-python/setuptools-0.6_rc6\nmail-client/mailx-support-20060102-r1\nnet-analyzer/nagios-plugins-1.4.10-r1\nnet-analyzer/net-snmp-5.4.1-r1\nnet-firewall/iptables-1.3.8-r2\nnet-libs/liblockfile-1.06-r2\nnet-misc/cfengine-2.1.22-r1\nnet-misc/iputils-20060512\nnet-misc/ntp-4.2.4_p3\nnet-misc/rsync-2.6.9-r3\nsys-apps/baselayout-1.12.10-r5\nsys-apps/coreutils-6.4\nsys-apps/debianutils-2.17.4\nsys-apps/diffutils-2.8.7-r1\nsys-apps/ethtool-5\nsys-apps/findutils-4.3.2-r1\nsys-apps/gawk-3.1.5-r2\nsys-apps/grep-2.5.1-r8\nsys-apps/less-394\nsys-apps/man-pages-2.42\nsys-apps/net-tools-1.60-r12\nsys-apps/pciutils-2.2.4-r3\nsys-apps/portage-2.1.3.19\nsys-apps/shadow-4.0.18.1\nsys-devel/binutils-config-1.9-r3\nsys-devel/bison-2.2\nsys-devel/flex-2.5.33-r1\nsys-devel/gcc-config-1.3.14\nsys-devel/gettext-0.16.1\nsys-devel/gnuconfig-20060702\nsys-devel/libtool-1.5.22\nsys-devel/m4-1.4.7\nsys-fs/udev-115-r1\nsys-kernel/hardened-sources-2.6.20-r10\nsys-libs/ncurses-5.6-r1\nsys-libs/pam-0.78-r5\nsys-libs/timezone-data-2007g\nsys-process/cronbase-0.3.2-r1\nsys-process/psmisc-22.2\n\n\n
results|140.211.166|140.211.166.115|general/tcp|25203|Security Note|\nSynopsis :\n\nThis plugin enumerates IPv4 interfaces on a remote host. \n\nDescription :\n\nBy connecting to the remote host with the supplied credentials, this\nplugin enumerates network interfaces configured with IPv4 addresses. \n\nSolution :\n\nDisable any unused IPv4 interfaces. \n\nRisk factor :\n\nNone\n\n\nPlugin output :\n\nThe following IPv4 addresses are set on the remote host :\n - 140.211.166.115 (on interface eth0)\n - 127.0.0.1 (on interface lo)\n\n
results|140.211.166|140.211.166.115|general/tcp|22869|Security Note|\nSynopsis :\n\nIt is possible to enumerate installed software on the remote host, via SSH.\n\nDescription :\n\nThis plugin lists the software installed on the remote host by calling the\nappropriate command (rpm -qa on RPM-based Linux distributions, etc...)\n\nSolution :\n\nRemove software that is not compliant with your company policy.\n\nRisk factor : \n\nNone\nPlugin output :\n\nHere is the list of packages installed on the remote Gentoo Linux system : \napp-admin/eselect-vi-1.1.4\napp-admin/logrotate-3.7.2\napp-admin/sysstat-8.0.0\napp-admin/perl-cleaner-1.04.3\napp-admin/syslog-ng-2.0.6\napp-admin/apache-tools-2.2.6\napp-admin/pwgen-2.04\napp-admin/denyhosts-2.6-r1\napp-admin/python-updater-0.2\napp-admin/cronolog-1.6.2-r2\napp-admin/eselect-1.0.10\napp-crypt/gnupg-1.4.7-r1\napp-crypt/hashalot-0.3-r2\nwww-client/lynx-2.8.6-r2\nnet-libs/libpcap-0.9.7\nnet-libs/libnet-1.1.2.1-r1\nnet-libs/liblockfile-1.06-r2\nnet-dns/libidn-1.0-r1\nnet-dns/bind-tools-9.4.1_p1\nsys-libs/gdbm-1.8.3-r3\nsys-libs/timezone-data-2007g\nsys-libs/ss-1.40.3\nsys-libs/db-4.3.29-r2\nsys-libs/pam-0.78-r5\nsys-libs/ncurses-5.6-r1\nsys-libs/glibc-2.5-r4\nsys-libs/com_err-1.40.3\nsys-libs/zlib-1.2.3-r1\nsys-libs/db-4.5.20_p2\nsys-libs/readline-5.1_p4\nsys-libs/pwdb-0.62\nsys-libs/cracklib-2.8.9-r1\nvirtual/perl-libnet-1.21\nvirtual/init-0\nvirtual/libiconv-0\nvirtual/libintl-0\nvirtual/perl-MIME-Base64-3.07\nvirtual/perl-digest-base-1.15\nvirtual/perl-Digest-MD5-2.36\ndev-libs/apr-util-0.9.12-r1\ndev-libs/openssl-0.9.8f\ndev-libs/libol-0.3.18\ndev-libs/expat-1.95.8\ndev-libs/libmix-2.05\ndev-libs/popt-1.10.7\ndev-libs/apr-util-1.2.10\ndev-libs/glib-2.14.6\ndev-libs/apr-1.2.11\ndev-libs/eventlog-0.2.5\ndev-libs/apr-0.9.12\ndev-libs/libpcre-7.6-r1\nsys-devel/gcc-3.4.6-r2\nsys-devel/m4-1.4.7\nsys-devel/bison-2.2\nsys-devel/binutils-2.16.1-r3\nsys-devel/gettext-0.16.1\nsys-devel/flex-2.5.33-r1\nsys-devel/automake-wrapper-3-r1\nsys-devel/automake-1.7.9-r1\nsys-devel/autoconf-2.13\nsys-devel/gnuconfig-20060702\nsys-devel/autoconf-2.61-r1\nsys-devel/make-3.81\nsys-devel/libperl-5.8.8-r1\nsys-devel/libtool-1.5.22\nsys-devel/gcc-config-1.3.14\nsys-devel/automake-1.4_p6\nsys-devel/bc-1.06-r6\nsys-devel/patch-2.5.9\nsys-devel/binutils-config-1.9-r3\nsys-devel/automake-1.10\nsys-devel/autoconf-wrapper-4-r3\napp-vim/gentoo-syntax-20070506\nsys-fs/e2fsprogs-1.40.3\nsys-fs/udev-115-r1\nperl-core/digest-base-1.15\nperl-core/PodParser-1.35\nperl-core/Test-Harness-2.64\nperl-core/libnet-1.21\napp-shells/dash-0.5.3.7\napp-shells/bash-3.2_p17\nsys-apps/pciutils-2.2.4-r3\nsys-apps/kbd-1.12-r8\nsys-apps/mktemp-1.5\nsys-apps/module-init-tools-3.2.2-r3\nsys-apps/gawk-3.1.5-r2\nsys-apps/findutils-4.3.2-r1\nsys-apps/baselayout-1.12.10-r5\nsys-apps/portage-2.1.3.19\nsys-apps/grep-2.5.1-r8\nsys-apps/tcp-wrappers-7.6-r8\nsys-apps/man-pages-2.42\nsys-apps/which-2.16\nsys-apps/sed-4.1.5\nsys-apps/man-1.6e-r3\nsys-apps/sandbox-1.2.17\nsys-apps/debianutils-2.17.4\nsys-apps/diffutils-2.8.7-r1\nsys-apps/sysvinit-2.86-r8\nsys-apps/coreutils-6.4\nsys-apps/util-linux-2.12r-r8\nsys-apps/texinfo-4.8-r5\nsys-apps/file-4.21-r1\nsys-apps/groff-1.19.2-r1\nsys-apps/net-tools-1.60-r12\nsys-apps/shadow-4.0.18.1\nsys-apps/ethtool-5\nsys-apps/less-394\nsys-apps/slocate-2.7-r8\nmail-mta/postfix-2.4.6-r2\ndev-util/ctags-5.5.4-r2\ndev-util/pkgconfig-0.21-r1\ndev-util/strace-4.5.15\ndev-python/setuptools-0.6_rc6\ndev-python/python-fchksum-1.7.1\ndev-python/pycrypto-2.0.1-r6\napp-arch/bzip2-1.0.5\napp-arch/tar-1.18-r2\napp-arch/cpio-2.9-r1\napp-arch/gzip-1.3.5-r10\napp-arch/rpm2targz-9.0-r6\nnet-firewall/iptables-1.3.8-r2\napp-portage/portage-utils-0.1.28\napp-portage/gentoolkit-0.2.3-r1\napp-forensics/rkhunter-1.2.9\nsys-auth/nss_ldap-258\nsys-auth/pam_ldap-183\ndev-perl/Net-SNMP-5.2.0\ndev-perl/TermReadKey-2.30\ndev-perl/Crypt-DES-2.05\ndev-perl/Digest-HMAC-1.01-r1\ndev-perl/Digest-SHA1-2.11\ndev-lang/python-2.4.4-r6\ndev-lang/perl-5.8.8-r4\nmail-client/mailx-8.1.2.20040524-r1\nmail-client/mailx-support-20060102-r1\napp-editors/vim-7.1.042\napp-editors/nano-2.0.2\napp-editors/vim-core-7.1.042\nnet-mail/mailbase-1\nnet-nds/openldap-2.3.41\nsys-kernel/linux-headers-2.6.17-r2\nsys-kernel/hardened-sources-2.6.20-r10\nnet-analyzer/nmap-4.20\nnet-analyzer/net-snmp-5.4.1-r1\nnet-analyzer/nagios-plugins-1.4.10-r1\nnet-analyzer/netcat-110-r8\nnet-analyzer/iptraf-3.0.0-r3\nnet-analyzer/nessus-bin-3.0.5\nnet-analyzer/nagios-nrpe-2.10\nnet-analyzer/tcpdump-3.9.7-r1\nnet-misc/stunnel-4.21-r1\nnet-misc/rsync-2.6.9-r3\nnet-misc/whois-4.7.24\nnet-misc/wget-1.10.2\nnet-misc/openssh-4.7_p1-r6\nnet-misc/cfengine-2.1.22-r1\nnet-misc/iputils-20060512\nnet-misc/ntp-4.2.4_p3\nsys-process/at-3.1.8-r11\nsys-process/procps-3.2.6\nsys-process/cronbase-0.3.2-r1\nsys-process/htop-0.6.6\nsys-process/psmisc-22.2\nsys-process/vixie-cron-4.1-r10\nsys-process/lsof-4.78\napp-misc/ca-certificates-20061027.2\napp-misc/screen-4.0.3\napp-misc/mime-types-7\napp-misc/pax-utils-0.1.15\n\n
results|140.211.166|140.211.166.115|general/tcp|19506|Security Note|Information about this scan : \n\nNessus version : 3.0.5 (Nessus 3.0.6 is available - consider upgrading)\n\nPlugin feed version : 200804151434\nType of plugin feed : Registered (7 days delay)\nScanner IP : 140.211.166.115\nPort scanner(s) : nessus_tcp_scanner \nPort range : default\nThorough tests : no\nExperimental tests : no\nParanoia level : 1\nReport Verbosity : 1\nSafe checks : yes\nOptimize the test : yes\nMax hosts : 20\nMax checks : 4\nRecv timeout : 5\nScan Start Date : 2008/4/16 18:15\nScan duration : 79 sec\n\n
timestamps||140.211.166.115|host_end|Wed Apr 16 18:16:22 2008|
timestamps|||scan_end|Wed Apr 16 18:16:22 2008|