Professional Documents
Culture Documents
According to its self-reported version in its banner, Dropbear SSH running on Upgrade to Dropbear
the remote host is prior to 2016.74. It is, therefore, affected by the following SSH version 2016.74 or
vulnerabilities : later.
- A flaw exists in dbclient or dropbear server if they are compiled with the
DEBUG_TRACE option and then run using the -v switch. A local attacker can
exploit this to disclose process memory. (CVE-2016-7409)
The remote host supports IPMI v2.0. The Intelligent Platform Management There is no patch for
Interface (IPMI) protocol is affected by an information disclosure vulnerability this vulnerability; it is
due to the support of RMCP+ Authenticated Key-Exchange Protocol (RAKP) an inherent problem
authentication. A remote attacker can obtain password hash information for with the specification
valid user accounts via the HMAC from a RAKP message 2 response from a BMC. for IPMI v2.0.
Suggested mitigations
include :
- Using strong
passwords to limit the
successfulness of off-
line dictionary attacks.
- Using strong
passwords to limit the
successfulness of off-
line dictionary attacks.
The remote NTP server is affected by a denial of service vulnerability due to Upgrade to NTP
improper validation of mrulist queries. An unauthenticated, remote attacker version 4.2.8p9 or
can exploit this, via a specially crafted NTP mrulist query packet, to terminate later.
the ntpd process.
The X.509 certificate chain for this service is not signed by a recognized Purchase or generate a
certificate authority. If the remote host is a public host in production, this proper certificate for
nullifies the use of SSL as anyone could establish a man-in-the-middle attack this service.
against the remote host.
Note that this plugin does not check for certificate chains that end in a
certificate that is not self-signed, but is signed by an unrecognized certificate
authority.
The server's X.509 certificate cannot be trusted. This situation can occur in Purchase or generate a
three different ways, in which the chain of trust can be broken, as stated proper certificate for
below : this service.
- First, the top of the certificate chain sent by the server might not be
descended from a known public certificate authority. This can occur either
when the top of the chain is an unrecognized, self-signed certificate, or
when intermediate certificates are missing that would connect the top of the
certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at
the time of the scan. This can occur either when the scan occurs before one
of the certificate's 'notBefore' dates, or after one of the certificate's
'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match
the certificate's information or could not be verified. Bad signatures can be
fixed by getting the certificate with the bad signature to be re-signed by its
issuer. Signatures that could not be verified are the result of the certificate's
issuer using a signing algorithm that Nessus either does not support or does
not recognize.
If the remote host is a public host in production, any break in the chain makes it
more difficult for users to verify the authenticity and identity of the web server.
This could make it easier to carry out man-in-the-middle attacks against the
remote host.
The remote NTP server responds to mode 6 queries. Devices that respond to Restrict NTP mode 6
these queries have the potential to be used in NTP amplification attacks. An queries.
unauthenticated, remote attacker could potentially exploit this, via a specially
crafted mode 6 query, to cause a reflected denial of service condition.
The remote NTP server is affected by a denial of service vulnerability due to Upgrade to NTP
improper validation of mrulist queries. An unauthenticated, remote attacker version 4.2.8p9 or
can exploit this, via a specially crafted NTP mrulist query packet, to terminate later.
the ntpd process.
The remote SSH server is configured to allow either MD5 or 96-bit MAC Contact the vendor or
algorithms, both of which are considered weak. consult product
documentation to
Note that this plugin only checks for the options of the SSH server, and it does disable MD5 and 96-bit
not check for vulnerable software versions. MAC algorithms.
The remote SSH server is configured to allow either MD5 or 96-bit MAC Contact the vendor or
algorithms, both of which are considered weak. consult product
documentation to
Note that this plugin only checks for the options of the SSH server, and it does disable MD5 and 96-bit
not check for vulnerable software versions. MAC algorithms.
Output CVE Status Comments2
Explot
Available
CVE-
Version source : SSH-2.0- 2016-
dropbear_2013.60 7409
Installed version : 2013.60
Fixed version : 2016.74
false Open
CVE-
Nessus detected that the 2013-
remote server has IPMI v2.0 4786
implemented.
Remote unauthenticated
users will be able to get
password hashes
for valid users.
true Open
CVE-
Nessus detected that the 2013-
remote server has IPMI v2.0 4786
implemented.
Remote unauthenticated
users will be able to get
password hashes
for valid users.
true Open
CVE-
2016-
7434
Open
Nessus elicited the
following response from the
remote
host by sending an NTP
mode 6 query :
'version="ntpd
4.2.8p3@1.3265 Wed Jul 20
06:17:35 UTC 2016 (1)",
processor="armv5tejl",
system="Linux/2.6.28.9",
leap=0, stratum=3,
precision=-16,
rootdelay=37.637,
rootdisp=67.522,
refid=199.38.183.232,
reftime=0xe1067c0d.9507b
8a0, Open
clock=0xe1067e32.beb1202
6, peer=60990,
tc=10, mintc=3,
offset=2.021406,
frequency=-0.642,
sys_jitter=5.099735,
clk_jitter=4.444,
clk_wander=0.340'
|-Subject :
C=US/ST=California/O=Supe Open
r Micro
Computer/OU=Software/CN
=IPMI
The following certificate was
at the top of the certificate
chain sent by the remote
host, but it is signed by an
unknown
certificate authority :
|-Subject :
C=US/ST=California/O=Supe
r Micro
Computer/OU=Software/CN
=IPMI
|-Issuer :
C=US/ST=California/O=Supe
r Micro
Computer/OU=Software/CN
=IPMI
Open
Nessus elicited the
following response from the
remote
host by sending an NTP
mode 6 query :
'version="ntpd
4.2.8p9@1.3265-o Fri Jun 15
23:45:37 UTC 2018 (1)",
processor="armv5tejl",
system="Linux/2.6.28.9",
leap=0, stratum=3,
precision=-17,
rootdelay=53.382,
rootdisp=65.946,
refid=162.248.221.109,
reftime=0xe1067bfa.987096
d3, Open
clock=0xe106822b.14612a1
2, peer=24627,
tc=10, mintc=3, offset=-
1.486991, frequency=4.273,
sys_jitter=5.139807,
clk_jitter=3.369,
clk_wander=0.417'
CVE-
2016-
7434
Open
Nessus elicited the
following response from the
remote
host by sending an NTP
mode 6 query :
'version="ntpd
4.2.8p3@1.3265 Wed Jul 20
06:17:35 UTC 2016 (1)",
processor="armv5tejl",
system="Linux/2.6.28.9",
leap=0, stratum=3,
precision=-16,
rootdelay=45.312,
rootdisp=79.170,
refid=162.248.221.109,
reftime=0xe1067ef9.985d68
46, Open
clock=0xe10686a0.37c8e18
e, peer=38273,
tc=10, mintc=3,
offset=0.731744,
frequency=0.919,
sys_jitter=2.843922,
clk_jitter=0.518,
clk_wander=0.104'
hmac-sha1-96
hmac-sha1-96
The following client-to-
server Message
Authentication Code (MAC)
algorithms
are supported :
hmac-md5
hmac-sha1-96
hmac-md5
hmac-sha1-96