Overview

This help file contains descriptions of 91 vulnerabilities. These vulnerabilities are listed by category in the following table. You can also view this list of vulnerabilities by risk level or search for a particular vulnerability in the index.

Internet Scanner Vulnerabilities by Category
Category: Vulnerabilities:
Brute Force
TelnetOpen Telnet available with no login
deftel Telnet default account accessible
DNS
DNS version DNS version denial of service
DnsRev DNS service reverse lookup
dnsbadseq DNS bad sequence
dnsupdates DNS allow updates can corrupt name server
iquery DNS server inverse queries
ntdnsdos Windows NT DNS denial of service attack
zonexfer DNS honors zone transfer requests
Daemons
chargen Chargen service
fingerbomb Finger bomb recursive request
netstat Netstat Inet service
openclose Open/Close connection flood
sysstat Sysstat
E-mail
EhloCheck SMTP daemon supports EHLO
SMTP DoS for MS Exchange SMTP Exchange denial of service
badforwards User .forward file found
imapd Core Vulnerability IMAP-4.1BETA server can be crashed with a core file containing hashed passwords
qmailrecipient Qmail RCPT denial of service attack
qmailswap Qmail length denial of service attack
smtp_outdated Sendmail daemon outdated
smtpexec Sendmail remote execution
smtpsyslog Syslog buffer overflow allows remote execution through network daemons
FTP
Cwdleak FTP Getcwd() file descriptor leak
FTP PASV Denial of Service FTP PASV port denial of service attack
Ftpd Args Core Dump Ftpd args core dump
WarFTPD WarFTPD buffer overflow vulnerability
ftpanon Anonymous FTP enabled
ftpbounce FTP bounce attack
ftpcd FTP CWD ~root login
ftpexec Wu-ftp site exec command could compromise root privileges
ftphome FTP home directory bug
ftppasvcore Premature PASV command could cause some FTP servers to crash possibly compromising system passwords
ftppwless FTP daemon with no password
ftprnfr Wu-ftp RNFR command vulnerable
ftpservu FTP CWD buffer overflow
ftpwrite FTP directories writable
NFS
Mountd File Exists NFS mount daemon could allow remote attackers to determine whether files exist on a system
MountdReserved NFS mount daemon operating on an unreserved port
mountd Unix running NFS
nfsCache NFS cache poisoning
nfsbugadmin NFS exports outside domain
nfscd NFS CD accesses non-exported files
nfsd NFS Service
nfsexp NFS exports
nfsguess Guessable NFS filehandles
nfsmknod NFS mknod
nfsmount NFS mountable
nfspmap NFS portmapper export
nfsrhosts NFS .Rhosts
nfssuper Superfluous NFS daemon
nfsuid NFS does not properly identify UID
nfsultrix NFS mountable via Ultrix remount bug
nfswrite NFS writable
NT Critical Issues
repair insecure Repair directory readable
NT Networking
Null Session User Modals Windows NT null session user modals
NT Patches
Chargen Patch Chargen patch not applied
DNS Predictable Query DNS predictable query
LSA patch for NT SP3 LSA patch not applied
Modified Teardrop Attack Modified teardrop attack can remotely crash machines
NTPrivFix SecHole lets non-administrative users gain Debug Level access
NTWinsupFix WINS update patch not installed header
NTy2k Year 2000 Patch not installed
Ntrras RRAS patch not installed
PPT patch PowerPoint security patch missing
PPTP3 Fix PPTP patch not installed
RPC DLL version Windows NT RPC locator vulnerable
SP2 security patches Windows NT Post-SP2 security patches missing
SSLpatch SSL patch not installed
WINS Patch WINS patch not applied
Windows NT SMB logon DoS Windows NT denial of service attack
kernel version Windows NT kernel outdated
ssping Ssping patch not applied
syncstorm patch Syncstorm patch missing
NT Policy Issues
applog Application log readable
systemlog Windows NT system log accessible
NT Users
Users - null session Users enumerated through a null session
Network
ICMP Redirect ICMP redirect downed host
Teardrop Teardrop IP fragmentation overlap
land Land denial of service attack
oob_crash Out of Band denial of service
syncstorm SYN flood denial of service attack can crash machines or degrade performance
udpbomb SunOS can be crashed with malformed UDP packets
Protocol Spoofing
rloginspoof Rlogin vulnerable through TCP sequence prediction spoofing
rshspoof Rsh vulnerable through TCP seq prediction spoofing
tcppred TCP sequence prediction
RPC
etherstatd Etherstatd service
Shares
NetBIOS shares - null session Shares enumerated through a null session
NetBios dotdot DoS SMB NetBIOS Test: Possible NT dotdot denial of service
NT Networking
Xguesscookie X11 MIT-MAGIC-COOKIE-1 prediction could allow remote access to arbitrary X sessions
xcheck Open X display