ID

10539

Nom

Usable remote name server

Auteurs

This script is Copyright (C) 2005-2007 Tenable Network Security

Catégorie

General

Action

infos

Résumé

Determines if the remote name server allows recursive queries

Description

Synopsis : The remote name server allows recursive queries to be performed by the host running nessusd. Description : It is possible to query the remote name server for third party names. If this is your internal nameserver, then forget this warning. If you are probing a remote nameserver, then it allows anyone to use it to resolve third parties names (such as www.nessus.org). This allows hackers to do cache poisoning attacks against this nameserver. If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system. See also : http://www.cert.org/advisories/CA-1997-22.html Solution : Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it). If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command Then, within the options block, you can explicitly state: 'allow-recursion { hosts_defined_in_acl }' For more info on Bind 9 administration (to include recursion), see: http://www.nominum.com/content/documents/bind9arm.pdf If you are using another name server, consult its documentation. Risk factor : Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Predictable TCP sequence number
Linksys Router Default Password
OS Identification : MSRPC
Unprotected PC Anywhere Service
Unprotected Netware Management Portal
SSL Certificate Expiry
PowerDNS recursor cache poisoning
Supported SSL Ciphers Suites
Linux Distribution Detection
HTTP version spoken
NetCharts Server Default Password
Enable local security checks
Usable remote name server
DNS Cache Snooping
SSH protocol versions supported
RiSearch OpenProxy
CVS file existence information disclosure weakness
NTP read variables
SWAT allows user names to be obtained by brute force
Unconfigured web server
Version of BIND
Sun JavaServer Default Admin Password
CheckPoint InterSpect
Kerberos 5 issues
Enumerate IPv6 interfaces via SSH
ntpd Incorrect Group Privileges Vulnerability
Compaq Web-based Management Login
SHOUTcast Server logfiles XSS
TCP timestamps
SSL Certificate
Unreal Tournament Server Detection
CVS server piped checkout access validation
OS Identification : SNMP
DHCP server info gathering
CVS pserver CVSROOT passwd file cmd exec
Determine if Bind 9 is running
ICMP domain name request
Information about the scan
OS Identification : SinFP
OS Identification : HTTP
Netscape Enterprise Server default files
iPlanet Application Server Detection
DNS Server Fingerprint
Compaq Web Based Management Agent Proxy Vulnerability
CVS malformed entry lines flaw
Unsupported Linux / Unix Operating System
HP Integrated Lights-Out Detection
X-Micro Router Default Password
Knox Arkeia Network Backup Agent Unauthorized Access
SPF Enabled
Private IP address leaked in HTTP headers
OS Identification : Linux Distribution
BIND UDP Client Handler Remote DoS
DNS Server Detection
Kerberos IV cryptographic weaknesses
CVS Multiple Unspecified Vulnerabilities
IRCXPro Default Admin password
OS Identification : telnet banner
The remote BIND has dynamic updates enabled
LLTD Detection
SHOUTcast Server User-Agent / Host Header Denial of Service Vulnerability
Public CVS pserver
Obtain /etc/passwd using NetInfo
DNS Server on UDP and TCP
SCO OpenServer multiple vulnerabilities
SSF Detection
IlohaMail Detection
Get the IMAP Banner
TFTP directory permissions (HP Ignite-UX)
TFTP file detection (Cisco CallManager)
602LAN SUITE Open Telnet Proxy
OS Identification : uname
NetOp products information disclosure
PHP-Nuke sql_debug Information Disclosure
UDDI detection
OS Identification : NTP
Local Checks Failed
WhatsUp Gold Default Admin Account
HP Jet Admin 7.0 or less Vulnerability
OS Identification : mDNS
Dropbear SSH server format string vulnerability
CVS pserver double free() bug
F5 Device Default Support Password
clarkconnectd detection
Enhydra Multiserver Default Password
HP Jet Admin 7.x Directory Traversal
BIND vulnerable to DNS storm
Deprecated SSL Protocol Usage
AFS client version
IRC daemon identification
Open News server
NetGear Router Default Password
Brightmail Control Center Default Account/Password
OS Identification
Access Point detection
cfengine detection and local identification
CVS pserver dir create bug
Leafnode denials of service
OS Identification : SSH
Cisco IDS Device Manager Detection
Netscape Enterprise Default Administrative Password
Misc information on News server
HMAP
Version of PowerDNS
PowerDNS malformed query handling
Intel System Management Mode Local Privilege Escalation Vulnerability
CVS pserver heap overflow
BIOS version (SSH)
Enumerate MAC addresses via SSH
Host FQDN
Network Chemistry Wireless Sensor Detection
Standard & Poors detection
BrightStor ARCserve/Enterprise Backup Default Account Vulnerability
McAfee IntruShield management console
IDA Pro Detection
Weak Supported SSL Ciphers Suites
S-HTTP detection
OpenFTPD Detection
OS Identification : ICMP
Remote DNS Resolver Uses Non-Random Ports
TCP sequence number approximation
TFTP file detection (HP Ignite-UX passwd)
TFTP file detection (Cisco IOS CA)
MikroTik RouterOS Detection
Tripwire for Webpages Information Disclosure Vulnerability
HTTP Server type and version
DNS AXFR
SSH protocol version 1 enabled
OS Identification : SMB
Anonymous SSL Ciphers Suites Supported
TFTP file detection (HP Ignite-UX)
Google Search Appliance Detection
Enumerate IPv4 interfaces via SSH