Appendix E • Nessus Plug-ins 549 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Windows IE 5.01 5.5 6.0 Cumula- tive patch CAN-2003-0838, CAN-2003-0809, CAN-2003-0530, CAN-2003-0531, CAN-2003-0113, CAN-2003-0114, CAN-2003-0115, CAN-2003-0116 3578, 8556, 8565 Windows Microsoft’s SQL version less than or equal to 7 CAN-2000-0199 1055 Windows SMB Registry : Autologon Windows Unchecked buffer in SQLXML CVE-2002-0186, CVE-2002-0187, CAN-2002-0186, CAN-2002-0187 5004, 5005 Windows MS SQL7.0 Service Pack may leave passwords on system CVE-2000-0402 1281 Windows SMB Registry : permis- sions of Schedule CAN-1999-0589 Windows Unchecked Buffer in XP Shell Could Enable System Compromise (329390) CAN-2002-1327 Windows Still Image Service Privi- lege Escalation patch CVE-2000-0851 1651 Windows SMB Registry : permis- sions of the RAS key CAN-2001-0045 2064 Windows Word Macros may run automatically CAN-2003-0664, CAN-1999-0354 8533 Windows MS SQL Installation may leave passwords on system CAN-2002-0643 Howlett_AppE.fm Page 549 Friday, June 25, 2004 1:50 PM 550 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Windows DBTools DBManager Information Disclosure 7040 Windows Winreg registry key write- able by non-admins CVE-2002-0049 4053 Windows Citrix redirection bug Windows Microsoft’s SQL Blank Password CAN-2000-1209 1281 Windows Buffer Overrun in the ListBox and in the ComboBox (824141) CAN-2003-0659 Windows SMB Request Handler Buffer Overflow CAN-2003-0345 8152 Windows Malformed request to index server CVE-2001-0244, CVE-2001-0245 2709 Windows Winsock Mutex vulnerability CVE-2001-0006 2303 Windows CA Unicenter’s File Transfer Service is running Windows Trusting domains bad verification CVE-2002-0018 3997 Windows SMB Registry : XP Service Pack version CAN-1999-0662 Windows Security issues in the remote version of Flash- Player 7005 Windows Flaw in Windows Script Engine (Q814078) CAN-2003-0010 7146 Windows SMB Registry : NT4 Service Pack version CAN-1999-0662 Windows SMB LanMan Pipe Server browse listing Howlett_AppE.fm Page 550 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 551 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Windows Service Control Manager Named Pipe Imperson- ation patch CVE-2000-0737 1535 Windows SMB Registry : Win2k Service Pack version CAN-1999-0662 7930, 8090, 8128, 8154 Windows LPC and LPC Ports Vulnerabilities patch 1743 Windows AOL Instant Messenger is Installed Windows MUP overlong request kernel overflow Patch (Q311967) CVE-2002-0151 4426 Windows Malformed request to domain controller CVE-2001-0502 2929 Windows The messenger service is running CAN-1999-0630 Windows SMB shares access CAN-1999-0519, CAN-1999-0520 8026 Windows SMB fully accessible registry Windows SMB use host SID to enumerate local users CVE-2000-1200 959 Windows FTP Voyager Overflow 7862 Windows Exchange 2000 Exhaust CPU Resources (Q320436) CAN-2002-0368 Windows The remote host is infected by msblast.exe Windows Checks for MS HOTFIX for snmp buffer overruns CAN-2002-0053 Howlett_AppE.fm Page 551 Friday, June 25, 2004 1:50 PM 552 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Windows Flaw in Microsoft VM Could Allow Code Execu- tion (810030) CAN-2002-1257, CAN-2002-1258, CAN-2002-1183, CAN-2002-0862 Windows Microsoft RDP flaws could allow sniffing and DOS(Q324380) CAN-2002-0863 5410 Windows Microsoft’s SQL Server Brute Force Windows SMB Registry : missing winreg Windows Detect the HTTP RPC endpoint mapper Windows SMB Registry : permis- sions of keys that can change common paths CAN-1999-0589 Windows LeapFTP Overflow Windows Microsoft Shlwapi.dll Malformed HTML form tag DoS 7402 Windows Unchecked Buffer in Decompression Func- tions(Q329048) CAN-2002-0370, CAN-2002-1139 Windows Microsoft’s SQL UDP Info Query Windows : User management Local users information : Never changed password Windows : User management Users in the ‘Backup Operator’ group Windows : User management Obtains the lists of users groups Windows : User management Users information : auto- matically disabled accounts Howlett_AppE.fm Page 552 Friday, June 25, 2004 1:50 PM Appendix E • Nessus Plug-ins 553 Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Windows : User management Local users information : automatically disabled accounts Windows : User management Guest belongs to a group Windows : User management Local users information : User has never logged on Windows : User management Users information : Pass- words never expires Windows : User management Local users information : disabled accounts Windows : User man- agement Obtains local user information Windows : User management Users in the Admin group Windows : User management Users in the ‘Replicator’ group Windows : User management Local users information : Can’t change password Windows : User management Users in the ‘Print Operator’ group Windows : User management Users information : dis- abled accounts Windows : User management Users in the ‘System Operator’ group Windows : User management Users information : Can’t change password Windows : User management Local users information : Passwords never expires Windows : User management Users in the Domain Admin group Howlett_AppE.fm Page 553 Friday, June 25, 2004 1:50 PM 554 Appendix E • Nessus Plug-ins Family Plug-in Name CVE ID Number(s) BugTraq ID Number(s) Windows : User management Users information : User has never logged in Windows : User management Obtains the lists of users aliases Windows : User management Obtains user information Windows : User management Users information : Never changed password Windows : User management Users in the ‘Account Operator’ group Howlett_AppE.fm Page 554 Friday, June 25, 2004 1:50 PM 555 References Web Sites ACID: http://acidlab.sourceforge.net AirSnort: http://airsnort.shmoo.com Bastille Linux: www.bastille-linux.org CERT: www.cert.org Ethereal: www.ethereal.com FBI: www.fbi.gov Foundstone: www.foundstone.com FreeS/WAN www.freeswan.org GNU Project www.gnu.org GPG www.gnupg.org John the Ripper: www.openwall.com/john Iptables: www.netfilter.org Kismet Wireless: www.kismetwireless.net lsof: http://freshmeat.net/projects/lsof NCC: www.netsecuritysvcs.com/ncc Nessus: www.nessus.org NessusWX: nessuswx.nessus.org NetStumbler: www.netstumbler.com Nlog: www.secureaustin.com/nlog Howlett_ref.fm Page 555 Friday, June 25, 2004 1:59 PM 556 • References Nmap: www.insecure.org/nmap NPI Website, Open Source Windows Forensics Tools: www.opensourceforensics.org/tools/ windows.html OpenSSH: www.openssh.org PGP: www.pgp.com PuTTY: www.chiark.greenend.org.uk/~sgtatham/putty Sam Spade for Windows: www.samspade.org/ssw Sleuth Kit: www.sleuthkit.org SmoothWall Express: www.smoothwall.org Snort: www.snort.org Snort Webmin Module: http://msbnetworks.net/snort SourceForge: www.sourceforge.net StumbVerter: www.sonar-security.com Swatch: swatch.sourceforge.net Tcpdump, Windump: www.tcpdump.org Tripwire: www.tripwire.org Turtle Firewall: www.turtlefirewall.com Books and Articles Caswell, Brian, Jay Beale, James C. Foster, and Jeffrey Posluns. 2003. Snort 2.0 Intrusion Detection. Rockland, MA: Syngress. Cisco Internetwork Basics: www.idevelopment.info/data/Networking/Networking_ Basics/BASICS_Understanding_OSI_Model.shtml Drummond, Richard. 1993. Data Communications for the Office. New York: Bantam Professional Books. EMACS quick reference: http://seamons.com/emacs/ Hafner, Katie and John Markoff. 1991. Cyberpunk: Outlaws and Hackers on the Computer Frontier. New York: Simon and Schuster. Introduction to Cryptography, Network Associates: www.pgpi.org/doc/pgpintro/ Krutz, Ronald L.and Russell Dean Vines. 2001. The CISSP Prep Guide. New York: John Wiley & Sons. Lammle, Todd. 2003. CCNA Cisco Certified Network Associate Study Guide, Fourth Edition. Location: San Francisco: Sybex. Levy, Steven. 2002. Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age. New York: Penguin Putnam Inc. Howlett_ref.fm Page 556 Friday, June 25, 2004 1:59 PM Books and Articles 557 Marcus, J. Scott. 1999. Designing Wide Area Networks and Internetworks: A Practical Guide. Boston: Addison-Wesley. The OSI Model: www.wdsd.org/strut/OSI/osimodel.html Scambray, Joel, Stuart McClure, and George Kurtz. 2001. Hacking Exposed, Second Edition. New York: McGraw Hill. Schneier, Bruce. 1995. Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition. Hoboken, NJ: John Wiley & Sons. Schultz, E. Eugene. 2000. Windows NT/2000 Network Security. New York: MacMillan Technical Publishing. Singh, Simon. 2000. The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography. London: Anchor Books. Smith, Richard E. 2001. Authentication: From Passwords to Public Keys. Boston: Addison-Wesley. Stanger, James, Patrick T. Lane, and Edgar Danielyan. 2001. Hackproofing Linux. Rockland, MA: Syngress. Torvalds, Linus and David Diamond. 2002. Just for Fun: The Story of an Accidental Revolutionary. New York: HarperBusiness. Howlett_ref.fm Page 557 Friday, June 25, 2004 1:59 PM Howlett_ref.fm Page 558 Friday, June 25, 2004 1:59 PM . www.insecure.org/nmap NPI Website, Open Source Windows Forensics Tools: www.opensourceforensics.org /tools/ windows.html OpenSSH: www.openssh.org PGP: www.pgp.com PuTTY: www.chiark.greenend.org.uk/~sgtatham/putty Sam. http://acidlab.sourceforge.net AirSnort: http://airsnort.shmoo.com Bastille Linux: www.bastille-linux.org CERT: www.cert.org Ethereal: www.ethereal.com FBI: www.fbi.gov Foundstone: www.foundstone.com FreeS/WAN. the Ripper: www.openwall.com/john Iptables: www.netfilter.org Kismet Wireless: www.kismetwireless.net lsof: http://freshmeat.net/projects/lsof NCC: www.netsecuritysvcs.com/ncc Nessus: www.nessus.org NessusWX: