Site hosted by Angelfire.com: Build your free website today!
X-Scan Report
This report gives details on hosts that were tested and issues that were found. Please follow the recommended steps and procedures to eradicate these threats.

Scan Result
Hosts which were alive and responding during test 1
Number of security holes found 0
Number of security warnings found 17
Number of security notes found 15


Host List
Host(s) Possible Issue
aic.stanford.edu Security warnings found
Host Summary - OS: Unknown OS; PORT/TCP: 7, 9, 13, 19, 21, 22, 23, 79, 80, 113, 8080
[return to top]


Analysis of Host: aic.stanford.edu
Address of Host Port/Service Issue regarding Port
aic.stanford.edu echo (7/tcp) Security notes found
aic.stanford.edu www (80/tcp) Security warnings found
aic.stanford.edu www (8080/tcp) Security notes found
aic.stanford.edu daytime (13/tcp) Security notes found
aic.stanford.edu ssh (22/tcp) Security warnings found
aic.stanford.edu chargen (19/tcp) Security notes found
aic.stanford.edu ftp (21/tcp) Security notes found
aic.stanford.edu telnet (23/tcp) Security notes found
aic.stanford.edu finger (79/tcp) Security warnings found
aic.stanford.edu auth (113/tcp) Security notes found
aic.stanford.edu discard (9/tcp) Security notes found


Security Issues and Fixes: aic.stanford.edu
Type Port/Service Security Issues and Fixes
Informational echo (7/tcp) An echo server is running on this port
NESSUS_ID : 10330
Warning www (80/tcp) HTTP-Vuln: http://aic.stanford.edu/cfcache.map
Warning www (80/tcp) HTTP-Vuln: http://aic.stanford.edu/cgi-bin
Warning www (80/tcp) HTTP-Vuln: http://aic.stanford.edu/robots.txt
Warning www (80/tcp) HTTP-Vuln: http://aic.stanford.edu/private
Warning www (80/tcp) HTTP-Vuln: http://aic.stanford.edu/admin/
Warning www (80/tcp) HTTP-Vuln: http://aic.stanford.edu/cgi-bin/jj
Warning www (80/tcp) HTTP-Vuln: http://aic.stanford.edu/cgi-bin/htsearch
Warning www (80/tcp) HTTP-Vuln: http://aic.stanford.edu/cgi-bin/htsearch?config=aaa
Warning www (80/tcp) HTTP-Vuln: http://aic.stanford.edu/cgi-bin/post-query
Warning www (80/tcp) HTTP-Vuln: http://aic.stanford.edu/cgi-bin/query
Warning www (80/tcp) HTTP-Vuln: http://aic.stanford.edu/cgi-bin/AT-admin.cgi
Warning www (80/tcp) HTTP-Vuln: http://aic.stanford.edu/cgi-bin/AT-generate.cgi
Warning www (80/tcp) HTTP-Vuln: http://aic.stanford.edu/cgi-bin/test-cgi
Warning www (80/tcp) HTTP-Vuln: http://aic.stanford.edu/private/
Warning www (80/tcp) HTTP-Vuln: http://aic.stanford.edu/cfdocs/cfcache.map
Informational www (80/tcp) A web server is running on this port
NESSUS_ID : 10330
Informational www (80/tcp) The following directories were discovered:
/admin, /conf, /gfx, /icons, /members, /private, /sitelib, /testarea, /obs, /cool, /jaic/code, /jaic/img, /jaic/test

While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards

NESSUS_ID : 11032
Informational www (80/tcp) The remote web server type is :

Netscape-Enterprise/2.01

Solution : We recommend that you configure (if possible) your web server to return
a bogus Server header in order to not leak information.

NESSUS_ID : 10107
Informational www (8080/tcp) A web server is running on this port
NESSUS_ID : 10330
Informational daytime (13/tcp) Maybe the "daytime" service running on this port.

Here is its banner:
53 75 6e 20 46 65 62 20 32 39 20 31 38 3a 32 38 Sun Feb 29 18:28
3a 33 33 20 32 30 30 34 0d 0a :33 2004
NESSUS_ID : 10330
Warning ssh (22/tcp)
You are running a version of SSH which is
older than (or as old as) version 1.2.27.

If you compiled ssh with kerberos support,
then an attacker may eavesdrop your users
kerberos tickets, as sshd will set
the environment variable KRB5CCNAME to
'none', so kerberos tickets will be stored
in the current working directory of the
user, as 'none'.

If you have nfs/smb shared disks, then an attacker
may eavesdrop the kerberos tickets of your
users using this flaw.

*** If you are not using kerberos, then
*** ignore this warning.

Risk factor : Serious
Solution : use ssh 1.2.28 or newer
CVE_ID : CVE-2000-0575
BUGTRAQ_ID : 1426
NESSUS_ID : 10472
Informational ssh (22/tcp) A ssh server is running on this port
NESSUS_ID : 10330
Informational ssh (22/tcp) Remote SSH version : SSH-1.5-1.2.26
NESSUS_ID : 10267
Informational chargen (19/tcp) Maybe the "chargen" service running on this port.

Here is its banner:
20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./
30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 0123456789:
<=>?
40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f @ABCDEFGHIJKLMNO
50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f PQRSTUVWXYZ[
Informational ftp (21/tcp) A FTP server is running on this port.
Here is its banner :
220 palimpsest FTP server (Version 4.1 Fri Mar 20 17:28:53 CST 1998) ready.
NESSUS_ID : 10330
Informational ftp (21/tcp) Remote FTP server banner :
220 palimpsest FTP server (Version 4.1 Fri Mar 20 17:28:53 CST 1998) ready.
NESSUS_ID : 10092
Informational telnet (23/tcp) A telnet server seems to be running on this port
NESSUS_ID : 10330
Warning finger (79/tcp)
The 'finger' service provides useful information to attackers, since it allows
them to gain usernames, check if a machine is being used, and so on...

Here is the output we obtained for 'root' :

Login name: root In real life: Root Palimpsest
Directory: / Shell: /bin/tcsh
No Plan.


Solution : comment out the 'finger' line in /etc/inetd.conf
Risk factor : Low
CVE_ID : CVE-1999-0612
NESSUS_ID : 10068
Informational finger (79/tcp) A finger server seems to be running on this port
NESSUS_ID : 10330
Informational auth (113/tcp) Maybe the "auth" service running on this port.

NESSUS_ID : 10330
Informational discard (9/tcp) Maybe the "discard" service running on this port.

NESSUS_ID : 10330
This file was generated by X-Scan, the security scanner.