Overview

This help file contains descriptions of 91 vulnerabilities. These vulnerabilities are listed by category in the following table. You can also view this list of vulnerabilities by risk level or search for a particular vulnerability in the index.

Internet Scanner Vulnerabilities by Risk Level
Category: Vulnerabilities:
High
Cwdleak FTP Getcwd() file descriptor leak
NTPrivFix SecHole lets non-administrative users gain Debug Level access
PPTP3 Fix PPTP patch not installed
SMTP DoS for MS Exchange SMTP Exchange denial of service
SSLpatch SSL patch not installed
Teardrop Teardrop IP fragmentation overlap
TelnetOpen Telnet available with no login
WarFTPD WarFTPD buffer overflow vulnerability
Xguesscookie X11 MIT-MAGIC-COOKIE-1 prediction could allow remote access to arbitrary X sessions
deftel Telnet default account accessible
ftpcd FTP CWD ~root login
ftpexec Wu-ftp site exec command could compromise root privileges
ftppwless FTP daemon with no password
imapd Core Vulnerability IMAP-4.1BETA server can be crashed with a core file containing hashed passwords
nfscd NFS CD accesses non-exported files
nfsguess Guessable NFS filehandles
nfsmknod NFS mknod
nfsmount NFS mountable
nfspmap NFS portmapper export
nfssuper Superfluous NFS daemon
nfsuid NFS does not properly identify UID
nfsultrix NFS mountable via Ultrix remount bug
nfswrite NFS writable
rloginspoof Rlogin vulnerable through TCP sequence prediction spoofing
rshspoof Rsh vulnerable through TCP seq prediction spoofing
smtp_outdated Sendmail daemon outdated
smtpexec Sendmail remote execution
smtpsyslog Syslog buffer overflow allows remote execution through network daemons
xcheck Open X display
Low
EhloCheck SMTP daemon supports EHLO
NTy2k Year 2000 Patch not installed
Null Session User Modals Windows NT null session user modals
PPT patch PowerPoint security patch missing
applog Application log readable
dnsbadseq DNS bad sequence
dnsupdates DNS allow updates can corrupt name server
etherstatd Etherstatd service
ftpanon Anonymous FTP enabled
ftphome FTP home directory bug
kernel version Windows NT kernel outdated
land Land denial of service attack
mountd Unix running NFS
netstat Netstat Inet service
nfsCache NFS cache poisoning
nfsd NFS Service
nfsexp NFS exports
qmailswap Qmail length denial of service attack
sysstat Sysstat
systemlog Windows NT system log accessible
Low
Chargen Patch Chargen patch not applied
DNS Predictable Query DNS predictable query
DNS version DNS version denial of service
DnsRev DNS service reverse lookup
FTP PASV Denial of Service FTP PASV port denial of service attack
Ftpd Args Core Dump Ftpd args core dump
ICMP Redirect ICMP redirect downed host
LSA patch for NT SP3 LSA patch not applied
Modified Teardrop Attack Modified teardrop attack can remotely crash machines
Mountd File Exists NFS mount daemon could allow remote attackers to determine whether files exist on a system
MountdReserved NFS mount daemon operating on an unreserved port
NTWinsupFix WINS update patch not installed header
NetBIOS shares - null session Shares enumerated through a null session
NetBios dotdot DoS SMB NetBIOS Test: Possible NT dotdot denial of service
Ntrras RRAS patch not installed
RPC DLL version Windows NT RPC locator vulnerable
SP2 security patches Windows NT Post-SP2 security patches missing
Users - null session Users enumerated through a null session
WINS Patch WINS patch not applied
Windows NT SMB logon DoS Windows NT denial of service attack
badforwards User .forward file found
chargen Chargen service
fingerbomb Finger bomb recursive request
ftpbounce FTP bounce attack
ftppasvcore Premature PASV command could cause some FTP servers to crash possibly compromising system passwords
ftprnfr Wu-ftp RNFR command vulnerable
ftpservu FTP CWD buffer overflow
ftpwrite FTP directories writable
iquery DNS server inverse queries
nfsbugadmin NFS exports outside domain
nfsrhosts NFS .Rhosts
ntdnsdos Windows NT DNS denial of service attack
oob_crash Out of Band denial of service
openclose Open/Close connection flood
qmailrecipient Qmail RCPT denial of service attack
repair insecure Repair directory readable
ssping Ssping patch not applied
syncstorm SYN flood denial of service attack can crash machines or degrade performance
syncstorm patch Syncstorm patch missing
tcppred TCP sequence prediction
udpbomb SunOS can be crashed with malformed UDP packets
zonexfer DNS honors zone transfer requests