Return to the 2006 Operating System Vulnerability Summary on OmniNerd

List of hosts

192.168.1.6

Low Severity problem(s) found

192.168.1.6

Scan time :

Start time :	Wed Feb 21 23:40:36 2007
End time :	Thu Feb 22 00:01:05 2007

Number of vulnerabilities :

Open ports :	12
Low :	10
Medium :	0
High :	0

Information about the remote host :

Operating system :	Microsoft Windows XP
NetBIOS name :	(unknown)
DNS name :	(unknown)

[^] Back to 192.168.1.6

Port general/udp

Traceroute
For your information, here is the traceroute from 192.168.1.250 to 192.168.1.6 : 192.168.1.250 192.168.1.6 Nessus ID : 10287

[^] Back to 192.168.1.6

Port netbios-ns (137/tcp)

Using NetBIOS to retrieve information from a Windows host

Synopsis :

It is possible to obtain the network name of the remote host.

Description :

The remote host listens on udp port 137 and replies to NetBIOS nbtscan
requests. By sending a wildcard request it is possible to obtain the
name of the remote system and the name of its domain.

Risk factor :

None

Plugin output :

The following 0 NetBIOS names have been gathered :

The remote host has the following MAC address on its adapter :
00:14:22:f8:28:06
CVE : CVE-1999-0621
Other references : OSVDB:13577

Nessus ID : 10150

[^] Back to 192.168.1.6

Port epmap (135/tcp)

[^] Back to 192.168.1.6

Port microsoft-ds (445/tcp)

SMB Detection
A CIFS server is running on this port Nessus ID : 11011

SMB NativeLanMan

Synopsis :

It is possible to obtain information about the remote operating
system.

Description :

It is possible to get the remote operating system name and
version (Windows and/or Samba) by sending an authentication
request to port 139 or 445.

Risk factor :

None

Plugin output :

The remote Operating System is : Windows Vista (TM) Ultimate 6000
The remote native lan manager is : Windows Vista (TM) Ultimate 6.0
The remote SMB Domain Name is : LH-DDYXSI6DJK9O

Nessus ID : 10785

SMB log in

Synopsis :

It is possible to logon on the remote host.

Description :

The remote host is running one of the Microsoft Windows operating
system. It was possible to logon using one of the following
account :

- NULL session
- Guest account
- Given Credentials

See also :

http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP
http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP

Risk factor :

none

Plugin output :

- NULL sessions are enabled on the remote host

CVE : CVE-1999-0504, CVE-1999-0505, CVE-1999-0506, CVE-2000-0222, CVE-2002-1117, CVE-2005-3595
BID : 494, 990, 11199

Nessus ID : 10394

SMB accessible registry

Synopsis :

Access the remote Windows Registry.

Description :

It was not possible to connect to PIPE\winreg on the remote host.
If you intend to use Nessus to perform registry-based checks, the
registry checks will not work because the 'Remote Registry Access'
service (winreg) has been disabled on the remote host or can not be
connected to with the supplied credentials.

Risk factor :

None

Nessus ID : 10400

[^] Back to 192.168.1.6

Port netbios-ssn (139/tcp)

SMB Detection
An SMB server is running on this port Nessus ID : 11011

[^] Back to 192.168.1.6

Port general/icmp

icmp timestamp request

Synopsis :

It is possible to determine the exact time set on the remote host.

Description :

The remote host answers to an ICMP timestamp request. This allows an attacker
to know the date which is set on your machine.

This may help him to defeat all your time based authentication protocols.

Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).

Risk factor :

None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)

Plugin output :

This host returns non-standard timestamps (high bit is set)
The ICMP timestamps might be in little endian format (not in network format)
The difference between the local and remote clocks is 9879 seconds

CVE : CVE-1999-0524

Nessus ID : 10114

[^] Back to 192.168.1.6

Port general/tcp

OS Identification
The remote host is running Microsoft Windows XP Nessus ID : 11936

Information about the scan

Information about this scan :

Nessus version : 3.0.4
Plugin feed version : 200701101815
Type of plugin feed : Registered (7 days delay)
Scanner IP : 192.168.1.250
Port scanner(s) : nessus_tcp_scanner synscan
Port range : default
Thorough tests : yes
Experimental tests : no
Paranoia level : 0
Report Verbosity : 2
Safe checks : no
Max hosts : 40
Max checks : 5
Scan Start Date : 2007/2/21 23:40
Scan duration : 1229 sec

Nessus ID : 19506