cit 480 - web viewthe procedure used in the security assessment included network scanning and...

CIT 480

Network Security Assessment

By: Greg Vestring

4/28/2016

1 SummaryThe finds from this security assessment reveal important information regarding the security and vulnerability of each of the target systems. The server with the IP address of 10.2.243.52 reported the fewest number of total vulnerabilities followed by 10.2.243.51 and 10.2.243.53.

The .51 server is utilizing a Linux 2.6.32 - 2.6.39 kernel. The server has several services running including: echo, discard, daytime, chargen, ftp, ssh, time, http, netbios-ssn, time, netbios-ns, and mdns. The purpose of this server appears to be as a web server, since it is operating Apache and has Simple PHP Blog running. This server is in the middle in terms of vulnerabilities when compared to the other 2 servers. This server is in the middle in terms of susceptibility to attack. It is in the middle in terms of the amount of vulnerabilities and validated vulnerabilities. This server also had only 5 items of medium or higher level of severity in the Nessus scan, including 1 item of critical nature.

The .52 server is utilizing Microsoft Windows Server 2003 as its operating system. This server has the following services running: http, msrpc, netbios-ssn, tcpwrapped, dhcps, dhcpc, ntp, netbios-ns, netbios-dgm, isakmp, and nat-t-ike. The purpose of this server appears to be as a web server, since it is running IIS. The server also may serve as a dhcp server since it has this service running. This server appears to be the least susceptible to attack due to the fact that it has both the least amount of vulnerabilities and the least amount of validated vulnerabilities. This server also had only 5 items of medium or higher level of severity in the Nessus scan, including 3 items of critical nature.

The .53 server is utilizing both a Microsoft Windows XP and Microsoft Windows Server 2003 operating system. This server has the following services running: ftp, smtp, http, msrpc, netbios-ssn, ris, ssl/http, microsoft-ds, mysql, ntp, netbios-ns, netbios-dgm, snmp, isakmp, blackjack, ms-sql, upnp, and nat-t-ike. This server appears to be the most susceptible to attack. This is due to the fact that it has the most amounts of vulnerabilities and the most amount of validated vulnerabilities. This server had 79 items of medium or higher level of severity reported from the Nessus scan, including 10 items of critical nature.

IP Address MAC Address Operating System

Total Vulnerabilities Scanned Vulnerabilities

10.2.243.51 00:50:56:B1:7B:AA (VMware)

Linux 2.6.32 - 2.6.39 – Vulnerability Scan reveals Ubuntu 11.04

Linux 2.6.32 - 2.6.39 – 10Ubuntu 11.04 - 3

5

10.2.243.52 00:50:56:B1:5C:EA Microsoft 18 5

1

(VMware) Windows 200310.2.243.53 00:50:56:b1:1a:33

(VMware)Microsoft Windows XP|2003

Microsoft Windows XP SP2 - 6Microsoft Windows Server 2003 - 18

79

2 ProcedureThe procedure used in the security assessment included network scanning and enumeration, vulnerability research and vulnerability scanning. Each server was scanned using nmap. The following scan was used: nmap -A -sS -sU -PN -p 1-65535 -oN [file name] [IP Address]. The scan verified that the system was available and also provided the operating systems and names and versions of the services running on the system. All TCP and UDP ports were also scanned. The results were output to a file.

Second, research was conducted utilizing the CVE Details website. All operating systems and services reported by nmap were analyzed to find vulnerabilities. Vulnerabilies with CVSS scores below 7 were ignored.

Third, Nessus was used to scan each system utilizing an advanced network scan. Each target was verified to be operating before the scan was started by utilizing a ping.

Next, DirBuster was used to identify the URLs on each server and to allow for further exploration. DirBuster was run on the following addresses: http://10.2.243.51:80, http://10.2.243.52:80, http://10.2.243.52:9223, https://10.2.243.52:9223, http://10.2.243.53:80, http://10.2.243.53:443, https://10.2.243.53:443. This process revealed additional software and services, which were not found in the first few methods. This software and services were researched further and vulnerabilities were identified. Lastly, vulnerabilities were validated. The top 15 vulnerability levels of critical and high reported by Nessus were validated as well as all vulnerabilities found in the second part of the procedure (research utilizing CVE Details). All vulnerabilities that did not have a Metasploit exploit were searched utilizing http://www.exploit-db.com. If an exploit was not found utilizing http://www.exploit-db.com, then the vulnerability was researched further utilizing the CVE Details web site. If the vulnerability was verified using this database it was considered validated.

3 Assessment of System at IP 10.2.243.51This server reported only 1 critical level alert from the Nessus scan (severity level of critical). This server also reported the fewest level of operating system vulnerabilities (Ubuntu Linux 11.04). The server has 19 open ports and is running one web server (Apache) on port 80. The nmap scan revealed an unknown service running on port udp port 50866. The server has 38

2

http://www.exploit-db.com/


https://10.2.243.53:443/

http://10.2.243.53:443/

http://10.2.243.53:80/

https://10.2.243.52:9223/

http://10.2.243.52:9223/

http://10.2.243.52:80/

http://10.2.243.51:80/

total vulnerabilities. Of these vulnerabilities, 33 were validated. The server also allows anonymous FTP access. This can create security issues such as reading and writing confidential information, depending on the level of access in directories. In addition, the version of Samba on the server has many security holes as documented below. Lastly, the version of Linux Ubuntu (11.04) is no longer supported. This creates a system that is vulnerable to current and future security problems.

Port Service Version Reported Vulnerabilities

Validated Vulnerabilities

7/tcp echo9/tcp discard?13/tcp daytime19/tcp chargen xinetd chargen CVE-2013-4342,

CVE-2001-0825, CVE-2000-0536

yesyesyes

21/tcp ftp vsftpd 2.3.222/tcp ssh OpenSSH 5.8p1

Debian 1ubuntu3 (Ubuntu Linux; protocol 2.0)

37/tcp time

3

80/tcp http Apache httpd 2.2.17 ((Ubuntu))

CVE-2013-2249, CVE-2006-1243, CVE-2005-2733,

yesyesno

139/tcp netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

CVE-2015-0240, CVE-2013-4408, CVE-2012-1182, CVE-2011-2411,CVE-2007-2446

yesyesnonoyes

445/tcp netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)


yesyesnonono

7/udp echo9/udp discard13/udp daytime19/udp chargen37/udp time137/udp netbios-ns Samba nmbd

(workgroup: WORKGROUP)


yesyesnonono

138/udp netbios-dgm5353/udp mdns50866/udp unknown

xinetd chargenCVE-2013-4342 ValidatedDescription: The services are run as root because xinetd does not enforce the user and

group configuration for TCPMUX services. This makes it easier for remote attackers to gain privleges by leveraging another vulnerability in a service.

Validation Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2013-4342/

CVE-2001-0825 ValidatedDescription: Remote attackers are able to execute arbitrary commands via a length

argument of zero or less, which disables the length check.Validation Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2001-0825/

CVE-2000-0536 ValidatedDescription: Connections are not properly restricted if hostnames are used for access

control and the connecting host does not have a reverse DNS entry.Validation Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2000-0536/

4

Apache httpd 2.2.17 ((Ubuntu))CVE-2013-2249 ValidatedDescription: Save operations for a session proceed without considering the dirty flag and

the requirement for a new session ID. This has an unspecified impact and remote attack vectors.


Simple PHP Blog 0.4.0CVE-2006-1243 ValidatedDescription: A directory traversal vulnerability that allows remote attackers to include

and execute arbitrary local files via directory traversal sequences.Validation Verified that vulnerability affects this version at https://www.exploit-

db.com/exploits/1581/ and https://www.cvedetails.com/cve/CVE-2006-1243/

CVE-2005-2733 Not ValidatedDescription: Allows remote attackers to execute arbitrary code because file extensions

are not properly restrictedValidation

5

https://www.cvedetails.com/cve/CVE-2006-1243/


https://www.exploit-db.com/exploits/1581/


Samba smbd 3.X (version determined to be 3.5.8)CVE-2015-0240 ValidatedDescription: Allows remote attackers to execute arbitrary code via crafted Netlogon

packets that use the ServerPasswordSet RPC API.Performs a free operation on an uninitialized stack pointer.

Validation

CVE-2013-4408 ValidatedDescription: Allows remote AD domain controllers to execute arbitrary code via an

invalid gragment length in a DCE-RPC packet through utilizing a heap-based buffer overflow.

Validation Verified that vulnerability affects this version at https://www.cvedetails.com/cve/CVE-2013-4408/

CVE-2012-1182 Not Validated

6

Description: Allows remote attackers to execute arbitrary code via a crafted RPC call. Improper validation of an array length in a manner consistent with validation of array memory allocation creates the issue.

Validation

7

CVE-2011-2411 Not ValidatedDescription: Allows remote authenticated users to execute arbitrary code via unknown

vectors due to an unspecified vulnerability in HP NonStop Servers.Validation Verified that vulnerability does not affect this server at


CVE-2010-0728 Not ValidatedDescription: Allows authenticated users to bypass intended file permissions via standard

filesystem operations with any client.Validation Verified that vulnerability does not affect this version at


CVE-2009-1886 Not ValidatedDescription: May allow context-dependent attackers to execute arbitrary code via

format string specifiers in a filename.Validation Verified that vulnerability does not affect this version at


CVE-2008-1720 Not ValidatedDescription: May allow remote attackers to execute arbitrary code via unknown vectors.Validation Verified that vulnerability does not affect this version at

http://www.cvedetails.com/cve/CVE-2008-1720/

CVE-2008-1105 Not ValidatedDescription: Allows remote attackers to execute arbitrary code via a crafted SMB

response via a heap-based overflow.Validation Verified that vulnerability does not affect this version at


CVE-2007-6015 Not ValidatedDescription: Allows remote attackers to execute arbitrary code via a GETDC mailslot

request composed of a long GETDC string following an offset username in a SAMLOGON logon request.

Validation Verified that vulnerability does not affect this version at https://www.cvedetails.com/cve/CVE-2007-6015/

CVE-2007-5398 Not ValidatedDescription: Allows remote attackers to execute arbitrary code via crafted WINS Name

Registration requests followed by a WINS Name Query request via a stack-based overflow.


8




CVE-2007-4572 Not ValidatedDescription: Allows remote attackers to have an unknown impact via crafted GETDC

mailsot requests, related to handling of GETDC logon server request via a stack-based overflow.


CVE-2007-2446 Not ValidatedDescription: Allows remote attackers to execute arbitrary code via MS-RPC requests via

multiple heap-based overflows.Validation

9

CVE-2007-2444 Not ValidatedDescription: Allows local users to gain temporary privileges and execute SMB/CIFS

protocol operations via unspecified vectors that cause daemon to transition to the root user via a logic error.


CVE-2007-0454 Not ValidatedDescription: Allows context-dependent attackers to execute arbitrary code via format

string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.


CVE-2004-0882 Not ValidatedDescription: May allow remote attackers to execute arbitrary code via a

TRANSACT2_QFILEPATHINFO request with a small maximum data bytes value.


CVE-2004-0815 Not ValidatedDescription: Trims certain directory names down to absolute paths, which could allow

remote attackers to bypass the specified share restrictions and read, write,

10

or list arbitrary files via "/.////" style sequences in pathnames.Validation Verified that vulnerability affects this version at


CVE-2004-0600 Not ValidatedDescription: Allows remote attackers to execute arbitrary code via an invalid base-64

character during HTTP basic authentication via a buffer overflow.Validation Verified that vulnerability does not affect this version at


CVE-2004-0186 Not ValidatedDescription: Allows local users to gain root privileges by mounting a Samba share that

contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.


CVE-2004-0082 Not ValidatedDescription: The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1,

when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.


Linux Ubuntu 11.04CVE-2012-1166 ValidatedDescription: The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x

before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.


CVE-2011-4409 ValidatedDescription: The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS

does not properly validate SSL certificates, which allows remote attackers to spoof a server and modify or read sensitive information via a man-in-the-middle (MITM) attack.


CVE-2011-4405 ValidatedDescription: The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10,

11




as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.


Linux 2.6xCVE-2015-0312 ValidatedDescription: Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x

through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.


CVE-2014-2648 ValidatedDescription: Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX

allows remote attackers to execute arbitrary code via unknown vectors.Validation Verified that vulnerability affects this version at


CVE-2011-4374 ValidatedDescription: Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers

to execute arbitrary code via unspecified vectors.Validation Verified that vulnerability affects this version at


CVE-2010-2240 ValidatedDescription: The do_anonymous_page function in mm/memory.c in the Linux kernel

before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server.


CVE-2008-4395 ValidatedDescription: Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux

kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.

12


CVE-2006-5751 ValidatedDescription: Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in

the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request.


CVE-2005-1263 ValidatedDescription: The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-

rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.

Validation Verified that vulnerability affects this version at https://www.exploit-db.com/exploits/25647/ and https://www.cvedetails.com/cve/CVE-2005-1263/ - exploit indicates that the vulnerability does not exist in the 2.6 kernel tree, however 2.6.20 is listed on CVE Details.

CVE-2004-1071 ValidatedDescription: The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and

2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.


CVE-2004-1070 ValidatedDescription: The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux

kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.


CVE-1999-0781 ValidatedDescription: KDE allows local users to execute arbitrary commands by setting the KDEDIR

environmental variable to modify the search path that KDE uses to locate its executables.

13






4 Assessment of System at IP 10.2.243.52This server reported 3 critical level alerts from the Nessus scan (severity level of critical). The server reported 18 vulnerabilities relating to the operating system (Microsoft Windows Server 2003). The server has 18 ports open and is running a web server on port 80 and port 9223. Two unknown services are running on udp ports 1027 and 2535. A total of 31 vulnerabilities were found, with 25 being validated. Lastly, the version of Windows Server (2003) is no longer supported. This creates a system that is vulnerable to current and future security problems.



80/tcp http Microsoft IIS httpd 6.0

CVE-2010-1256, CVE-2009-1535, CVE-2008-1446

yesyesyes

14

135/tcp msrpc Microsoft Windows RPC

CVE-2015-2370 yes

139/tcp netbios-ssn Microsoft Windows 98 netbios-ssn

CVE-2000-1079 no

445/tcp tcpwrapped CVE-2008-4250 yes1025/tcp msrpc Microsoft

Windows RPCCVE-2015-2370 yes


CVE-2015-2370 yes


CVE-2015-2370 yes

9223/tcp http Microsoft IIS httpd 6.0

CVE-2010-1256, CVE-2009-1535, CVE-2008-1446

yesyesyes

67/udp dhcps CVE-2011-0997, CVE-2009-0692

nono

68/udp dhcpc CVE-2011-0997, CVE-2009-0692

nono

123/udp ntp CVE-2014-9295, CVE-2014-9294, CVE-2014-9293

nonono

137/udp netbios-ns Microsoft Windows NT netbios-ssn (workgroup: WORKGROUP)

CVE-2000-1079 no

138/udp netbios-dgm445/udp microsoft-ds500/udp isakmp CVE-2005-3666 yes1027/udp unknown2535/udp unknown4500/udp nat-t-ike

Microsoft IIS httpd 6.0CVE-2010-1256 ValidatedDescription: Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended

Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."


15

CVE-2009-1535 ValidatedDescription: The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1

and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.

Validation https://www.exploit-db.com/exploits/8704/ and https://www.cvedetails.com/cve/CVE-2009-1535/

16



CVE-2008-1446 ValidatedDescription: Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in

Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."


Microsoft Windows RPCCVE-2015-2370 ValidatedDescription: The authentication implementation in the RPC subsystem in Microsoft

Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection reflection, which allows local users to gain privileges via a crafted application, aka "Windows RPC Elevation of Privilege Vulnerability."

Validation Verified in CVE Details at http://www.cvedetails.com/cve/CVE-2015-2370/ - exploit not for Windows Server 2003 - https://www.exploit-db.com/exploits/37768/

Microsoft Windows 98 netbios-ssnCVE-2000-1079 Not ValidatedDescription: Interactions between the CIFS Browser Protocol and NetBIOS as

implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.

Validation Verified in CVE Details that this version is not impacted https://www.cvedetails.com/cve/CVE-2000-1079/

isakmpCVE-2005-3666 ValidatedDescription: Multiple unspecified format string vulnerabilities in multiple unspecified

implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable.

17




ntpCVE-2014-9295 Not ValidatedDescription: Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow

remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.

Validation Verified in CVE Details - Not sure of version https://www.cvedetails.com/cve/CVE-2014-9295/

CVE-2014-9294 Not ValidatedDescription: util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG

seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.


CVE-2014-9293 Not ValidatedDescription: The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key

is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.


dhcpCVE-2011-0997 Not ValidatedDescription: dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-

ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.


CVE-2009-0692 Not ValidatedDescription: Stack-based buffer overflow in the script_write_params method in

client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.


18


https://www.exploit-db.com/exploits/10015/https://www.exploit-db.com/exploits/9265/

Microsoft Windows Server 2003CVE-2015-1727 ValidatedDescription: Buffer overflow in the kernel-mode drivers in Microsoft Windows Server

2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Pool Buffer Overflow Vulnerability."

Validation Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2015-1727/ - Exploit DB does not give version information -https://www.exploit-db.com/exploits/38268/

CVE-2015-1726 ValidatedDescription: Use-after-free vulnerability in the kernel-mode drivers in Microsoft

Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Brush Object Use After Free Vulnerability."

Validation Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2015-1726/ - Exploit DB does not give version information - https://www.exploit-db.com/exploits/38269/

CVE-2015-1725 ValidatedDescription: Buffer overflow in the kernel-mode drivers in Microsoft Windows Server

2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Buffer Overflow Vulnerability."

Validation Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2015-1725/- Exploit DB does not give version information - https://www.exploit-db.com/exploits/38270/ and https://www.exploit-db.com/exploits/38271/


Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Object Use After Free Vulnerability."

Validation Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2015-1724/-

19






Exploit DB does not give version information - https://www.exploit-db.com/exploits/38272/


Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Station Use After Free Vulnerability."

Validation Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2015-1723/- Exploit DB does not give version information - https://www.exploit-db.com/exploits/38273/


Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability."

Validation Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2015-1722/ - Exploit DB does not give version information - https://www.exploit-db.com/exploits/38265/ and https://www.exploit-db.com/exploits/38275/


Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Use After Free Vulnerability."


CVE-2015-1645 ValidatedDescription: Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server

2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to execute arbitrary code via a crafted Enhanced Metafile (EMF) image, aka "EMF Processing Remote Code Execution Vulnerability."


20



CVE-2015-1644 ValidatedDescription: Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server

2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows MS-DOS Device Name Vulnerability."


CVE-2015-1643 ValidatedDescription: Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server

2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "NtCreateTransactionManager Type Confusion Vulnerability."


CVE-2015-0096 ValidatedDescription: Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2,

Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."


21


CVE-2015-0093 ValidatedDescription: Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista

SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0092.








22







CVE-2015-0014 ValidatedDescription: Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2,

Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability."


CVE-2015-0004 ValidatedDescription: The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003

SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user's UsrClass.dat registry hive, aka MSRC ID 20674 or "Microsoft User Profile Service Elevation of Privilege Vulnerability."


23

CVE-2008-4250 ValidatedDescription: The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server

2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

Validation Verified in CVE Details at http://www.cvedetails.com/cve/CVE-2008-4250/

CVE-2008-4114 ValidatedDescription: srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and

SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."

Validation DoS cannot be validated - Verified in CVE Details at https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2008-4114

5 Assessment of System at IP 10.2.243.53This server reported 10 critical level alerts from the Nessus scan (severity level of critical). This server had the highest operating system vulnerabilities due to the fact that it is running 2 operating systems (Microsoft Windows XP SP2 and Windows Server 2003). The server has 20 open ports. In addition, the server has 2 web servers running (Apache – port 80 and Apache – port 443). Also, the server has 2 databases running (MySQL – port 3306 and Microsoft SQL Server – port 1434). It is noteworthy that the server is running ftp on port 21 and mail on port 25. Running all of these services on this server increases the surface level of attack and creates more risk for the system. Vulnerabilities for these services may not exist now, but the possibility

24


remains for vulnerabilities to be discovered in the future. In addition, both operating systems on the server are no longer supported, which creates current and future security problems.



21/tcp ftp FileZilla ftpd 0.9.32 beta

CVE-2007-2318, CVE-2006-2403

nono

25/tcp smtp SLmail smtpd 5.5.0.4433

80/tcp http Apache httpd 2.2.12 ((Win32) DAV/2 mod_ssl/2.2.12 OpenSSL/0.9.8k mod_autoindex_color PHP/5.3.0 mod_perl/2.0.4 Perl/v5.10.0)

CVE-2012-1823, CVE-2010-0425,CVE-2012-5159, CVE-2014-0224,CVE-2012-2376

yesyesyesyesno


CVE-2015-2370 yes

139/tcp netbios-ssn Microsoft Windows 98 netbios-ssn

CVE-2000-1079

25

180/tcp ris?443/tcp ssl/http Apache httpd 2.2.12

((Win32) DAV/2 mod_ssl/2.2.12 OpenSSL/0.9.8k mod_autoindex_color PHP/5.3.0 mod_perl/2.0.4 Perl/v5.10.0)

CVE-2012-1823, CVE-2010-0425,CVE-2012-5159, CVE-2014-0224,CVE-2012-2376

yesyesyesyesno

445/tcp microsoft-ds Microsoft Windows XP microsoft-ds

CVE-2006-3439,CVE-2008-4114

noyes

3306/tcp mysql MySQL (unauthorized)

CVE-2008-0226,CVE-2004-0835, CVE-2004-0627, CVE-2003-0780, CVE-2003-0150

yesnononono

123/udp ntp CVE-2014-9295, CVE-2014-9294, CVE-2014-9293

nonono

137/udp netbios-ns Microsoft Windows NT netbios-ssn (workgroup: WORKGROUP)

CVE-2000-1079 no

138/udp netbios-dgm161/udp snmp SNMPv1 server

(public)445/udp microsoft-ds500/udp isakmp CVE-2005-3666 yes1025/udp blackjack1186/udp unknown1434/udp ms-sql-m Microsoft SQL Server

9.00.1399.06 (ServerName: CS-6B8F28CC69A7; TCPPort: 1433)

CVE-2009-3126, CVE-2009-2528, CVE-2009-2504, CVE-2009-2503, CVE-2009-2502

yesyesyesyesyes

1900/udp upnp4500/udp nat-t-ike

FileZilla ftpd 0.9.32 betaCVE-2007-2318 Not ValidatedDescription: Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote

attackers to execute arbitrary code via format string specifiers in (1) FTP

26

server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information.

Validation Verified in CVE Details at does not impact this version https://www.cvedetails.com/cve/CVE-2007-2318/

CVE-2006-2403 Not ValidatedDescription: Buffer overflow in FileZilla before 2.2.23 allows remote attackers to execute

arbitrary commands via unknown attack vectors.Validation Verified in CVE Details at does not impact this version


Apache httpd 2.2.12CVE-2013-2249 ValidatedDescription: mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP

Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.


CVE-2010-0425 ValidatedDescription: modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server

2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."


27


CVE-2013-2249 Not ValidatedDescription: Multiple integer overflows in the Apache Portable Runtime (APR) library and

the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

Validation Does not impact this version - Verified in CVE Details at http://www.cvedetails.com/cve/CVE-2013-2249/

CVE-2009-3095 ValidatedDescription: The mod_proxy_ftp module in the Apache HTTP Server allows remote

attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

Validation Verified in CVE Details at https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2009-3095

28

MySQLCVE-2014-6507 Not ValidatedDescription: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and

5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.

Validation Version not known - Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2014-6507/

CVE-2014-6500 Not ValidatedDescription: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and

5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.


CVE-2014-6491 Not ValidatedDescription: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and

5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.


CVE-2013-1492 Not ValidatedDescription: Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x

before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.


CVE-2012-3163 Not ValidatedDescription: Unspecified vulnerability in the MySQL Server component in Oracle MySQL

5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.


CVE-2012-3158 Not ValidatedDescription: Unspecified vulnerability in the MySQL Server component in Oracle MySQL

5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to

29

Protocol.Validation Version not known - Verified in CVE Details at


CVE-2012-2750 Not ValidatedDescription: Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact

and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility.


CVE-2012-0882 Not ValidatedDescription: Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other

versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.


CVE-2012-0553 Not ValidatedDescription: Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x

before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.


CVE-2008-0226 ValidatedDescription: Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and

possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Validation https://www.cvedetails.com/cve/CVE-2008-0226/

30


CVE-2006-2753 Not ValidatedDescription: SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before

5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.


32

CVE-2004-0835 Not ValidatedDescription: MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x

before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

Validation Version not known - Verified in CVE Details at https://www.cvedetails.com/cve/CVE- 2004-0835 / Exploit DBhttps://www.exploit-db.com/exploits/24669 - DoS

CVE-2004-0627 Not ValidatedDescription: The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0,

allows remote attackers to bypass authentication via a zero-length scrambled string.

Validation Version not known - Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2004-0627/Exploit DBhttps://www.exploit-db.com/exploits/311/ - not sure how to run

CVE-2003-0780 Not ValidatedDescription: Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL

4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field.

Validation Version not known - Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2003-0780/Exploit DBhttps://www.exploit-db.com/exploits/98/ - not sure how to runhttps://www.exploit-db.com/exploits/23138/ - not sure how to run

CVE-2003-0150 Not ValidatedDescription: MySQL 3.23.55 and earlier creates world-writeable files and allows mysql

users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.


CVE-2002-1923 Not ValidatedDescription: The default configuration in MySQL 3.20.32 through 3.23.52, when running

on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.

33




https://www.exploit-db.com/exploits/24669



CVE-2002-1921 Not ValidatedDescription: The default configuration of MySQL 3.20.32 through 3.23.52, when running

on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.


CVE-2002-1809 Not ValidatedDescription: The default configuration of the Windows binary release of MySQL 3.23.2

through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.


CVE-2002-1375 Not ValidatedDescription: The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to

4.0.6, allows remote attackers to execute arbitrary code via a long response.Validation Version not known - Verified in CVE Details at

https://www.cvedetails.com/cve/CVE-2002-1375/Exploit DBhttps://www.exploit-db.com/exploits/22085/ - not sure how to run

CVE-2002-1374 Not ValidatedDescription: The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x

before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.


CVE-2001-1454 Not ValidatedDescription: Buffer overflow in MySQL before 3.23.33 allows remote attackers to

execute arbitrary code via a long drop database request.Validation Version not known - Verified in CVE Details at


34




CVE-2001-1453 Not ValidatedDescription: Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows

remote attackers to execute arbitrary code via a long host parameter.Validation Version not known - Verified in CVE Details at


CVE-2001-1275 Not ValidatedDescription: MySQL before 3.23.31 allows users with a MySQL account to use the SHOW

GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.


CVE-2000-0981 Not ValidatedDescription: MySQL Database Engine uses a weak authentication method which leaks

information that could be used by a remote attacker to recover the password.


CVE-2000-0148 Not ValidatedDescription: MySQL 3.22 allows remote attackers to bypass password authentication and

access a database via a short check string.Validation Version not known - Verified in CVE Details at


ntpCVE-2014-9295 Not ValidatedDescription: Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow

remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.


CVE-2014-9294 Not ValidatedDescription: util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG

seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.


35

CVE-2014-9293 Not ValidatedDescription: The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key

is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.


Microsoft SQL Server 9.00.1399.06CVE-2009-3126 ValidatedDescription: Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP

SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."

Validation Verified in CVE Details - https://www.cvedetails.com/cve/CVE-2009-3126/

CVE-2009-2528 ValidatedDescription: GDI+ in Microsoft Office XP SP3 does not properly handle malformed

objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."

Validation Verified in CVE Details https://www.cvedetails.com/cve/CVE-2009-2528/

CVE-2009-2504 ValidatedDescription: Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET

Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront

36

Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."


CVE-2009-2503 ValidatedDescription: GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3,

Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."


CVE-2009-2502 ValidatedDescription: Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP

SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."


CVE-2009-2501 ValidatedDescription: Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1,

Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold,

37

SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."


CVE-2009-2500 ValidatedDescription: Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP

SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."


Microsoft Windows RPCCVE-2015-2370 ValidatedDescription: The authentication implementation in the RPC subsystem in Microsoft

Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection reflection, which allows local users to gain privileges via a crafted application, aka "Windows RPC Elevation of Privilege Vulnerability."

Validation Verified in CVE Details at http://www.cvedetails.com/cve/CVE-2015-2370/ - exploit not for Windows Server 2003 - https://www.exploit-db.com/exploits/37768/

Microsoft Windows 98 netbios-ssnCVE-2000-1079 Not ValidatedDescription: Interactions between the CIFS Browser Protocol and NetBIOS as

implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.

38



Validation Verified in CVE Details that this version is not impacted https://www.cvedetails.com/cve/CVE-2000-1079/

Openssl 0.9.8kCVE-2011-4109 ValidatedDescription: Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when

X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.

Validation Verified in CVE Details that this version affected at https://www.cvedetails.com/cve/CVE-2011-4109/

CVE-2010-4252 ValidatedDescription: OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate

the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.


CVE-2010-3864 ValidatedDescription: Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o,

1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.


CVE-2010-0742 ValidatedDescription: The Cryptographic Message Syntax (CMS) implementation in

crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.


CVE-2009-3245 ValidatedDescription: OpenSSL before 0.9.8m does not check for a NULL return value from

bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

39


CVE-2014-0224 ValidatedDescription: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does

not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Validation https://www.cvedetails.com/cve/CVE-2014-0224

isakmpCVE-2005-3666 ValidatedDescription: Multiple unspecified format string vulnerabilities in multiple unspecified

implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable.


40

PHP 5.3.0CVE-2014-9427 ValidatedDescription: sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x

through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.


CVE-2013-1635 ValidatedDescription: ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not

validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.


CVE-2012-2688 ValidatedDescription: Unspecified vulnerability in the _php_stream_scandir function in the stream

implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."


CVE-2012-2376 Not ValidatedDescription: Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier

on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.

Validation Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2012-2376/Exploit DB - https://www.exploit-db.com/exploits/18861/version – 5.4 (5.4.3)

CVE-2012-2311 ValidatedDescription: sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when

configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

41



Validation Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2012-2311/Exploit DB - https://www.exploit-db.com/exploits/29316/https://www.exploit-db.com/exploits/29290/https://www.exploit-db.com/exploits/18836/https://www.exploit-db.com/exploits/18834/

CVE-2012-1823 ValidatedDescription: sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when

configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.


42




CVE-2011-3268 ValidatedDescription: Buffer overflow in the crypt function in PHP before 5.3.7 allows context-

dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.


CVE-2010-2225 ValidatedDescription: Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x

and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.


CVE-2010-1868 ValidatedDescription: The (1) sqlite_single_query and (2) sqlite_array_query functions in

ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.

Validation Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2010-1868/Exploit DB - https://www.exploit-db.com/exploits/11636/

CVE-2009-4018 ValidatedDescription: The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11

and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars

43


directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.

Validation Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2009-4018/and https://www.exploit-db.com/exploits/11636/

CVE-2009-3559 Not ValidatedDescription: ** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1

does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.


CVE-2009-3546 ValidatedDescription: The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1,

and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.


CVE-2007-1581 ValidatedDescription: The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent

attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected.


Perl v5.10.0CVE-2012-6329 Not ValidatedDescription: The _compile function in Maketext.pm in the Locale::Maketext

implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.

Validation https://www.cvedetails.com/cve/CVE-2012-6329/

44




phpMyAdmin 3.2.0.1-10.2.243.53CVE-2012-5159 ValidatedDescription: phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during

an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.


46

CVE-2011-2506 ValidatedDescription: setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2

and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.

Validation Verified in CVE Details at https://www.cvedetails.com/cve/CVE-2011-2506/Exploit DB - https://www.exploit-db.com/exploits/17514/https://www.exploit-db.com/exploits/17510/

CVE-2009-3697 ValidatedDescription: SQL injection vulnerability in the PDF schema generator functionality in

phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.


Microsoft Windows XP Professional SP2CVE-2013-3876 ValidatedDescription: DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003

SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate.


CVE-2013-3175 ValidatedDescription: Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows

47



Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a malformed asynchronous RPC request, aka "Remote Procedure Call Vulnerability."


CVE-2013-3128 ValidatedDescription: The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows

Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability."


CVE-2009-2515 ValidatedDescription: Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and

SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."


CVE-2007-3091 ValidatedDescription: Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP

SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."


CVE-2007-2374 ValidatedDescription: Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003

allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.


48

CVE-2005-1206 Not ValidatedDescription: Buffer overflow in the Server Message Block (SMB) functionality for

Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."

Validation Does not impact this version - Verified in CVE Details at http://www.cvedetails.com/cve/CVE-2005-1206/

CVE-2006-3439 Not ValidatedDescription: Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP

SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.

Validation http://www.cvedetails.com/cve/CVE-2006-3439/

49


Microsoft Windows Server 2003 has same vulnerabilities as the .51 server

CVE-2015-0096 ValidatedDescription: Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2,

Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."


50


CVE-2008-4114 ValidatedDescription: srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and

SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."

Validation DoS cannot be validated - Verified in CVE Details at https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2008-4114

6 ConclusionThis security assessment has shown that all servers (10.2.243.51, 10.2.243.52 and 10.2.243.53) have security vulnerabilities that need to be addressed. Two servers (10.2.243.51 and 10.2.243.52 are close in their level of vulnerability, while 10.2.243.53 is the most vulnerable to attack. Steps should be taken to correct these vulnerabilities before the systems are compromised (assuming they haven’t been already).

Mitigation for each server is described below.

10.2.243.51Linux Ubuntu 11.04 Upgrade to the latest version Ubuntu 16.04 LTSApache httpd 2.2.17 Upgrade to Apache 2.4.20 – Stable release

(https://en.wikipedia.org/wiki/Apache_HTTP_Server)vsftpd 2.3.2 Remove ftp service - move to OpenSSH Server, which will allow the

use of SSH File Transfer ProtocolSamba smbd 3.x Upgrade to Samba 4.4.2 – current stable release

(https://www.samba.org/)

51

https://www.samba.org/

https://en.wikipedia.org/wiki/Apache_HTTP_Server

Simple PHP Blog 0.4.0 Upgrade to Simple PHP Blog 0.8.4, which did not report any security vulnerabilities - https://security.openhub.net/vulnerabilities/Simple+PHP+Blog/95586841-ae55-4a9b-b9aa-af7b291102f7?project_id=327

udp port – 50866 Investigate the unknown service running on this port and close the port.

Overall Recommendation

Make sure all other software and services are running the latest stable release.

10.2.243.52Windows Server 2003 Upgrade to the Windows Server 2012 R2Microsoft IIS httpd 6.0 Upgrade to IIS 8.5 – available on Windows Server 2012 R2udp port 1027 Investigate the unknown service running on this port and close the

port.udp port 2535 Investigate the unknown service running on this port and close the

port.Overall Recommendation

Make sure all other software or services are running the latest stable release.

10.2.243.53Windows Server 2003 and Windows XP SP2

Upgrade to the Windows Server 2012 R2

Apache httpd 2.2.12 Upgrade to IIS 8.5 – available on Windows Server 2012 R2 or Upgrade to Apache 2.4.20 – Stable release (https://en.wikipedia.org/wiki/Apache_HTTP_Server)

FileZilla ftpd 0.9.32 Move to SSH File Transfer Protocol - WinSCP 5.7.7SLmail Investigate if mail is still need. If it is still needed utilize SMTP on

Windows Server 2012.Openssl 0.9.8k Upgrade to OpenSSL 0.9.8za or later.PHP 5.3.0 Upgrade to PHP 7.0.5 - http://php.net/downloads.php - no security

vulnerabilities via CVE Details - https://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/PHP-PHP.html

MySQL and Microsoft SQL Server

Investigate the mysql service running on tcp port 3306, it reports as unauthorized. Investigate to see if both are needed. If both are needed upgrade to the latest stable versions (MySQL 5.7) and (Microsoft SQL Server 2012)

Perl v5.10.0 Upgrade to Perl 5.22.1 – the latest stable release - https://en.wikipedia.org/wiki/Perl - no security vulnerabilities via CVE Details http://www.cvedetails.com/google-search-results.php?q=perl+5.22.1&sa=Search

52

https://en.wikipedia.org/wiki/Perl

http://php.net/downloads.php


phpMyAdmin 3.2.0.1-10.2.243.53

Upgrade to phpMyAdmin 4.6.0 - https://www.phpmyadmin.net/news/

Web Servers (port 80 and port 443)

Investigate if both are needed. If not close one port (probably port 80 since 443 handles ssl/http).

udp port 1186 Investigate the unknown service running on this port and close the port.

Overall Recommendation

Make sure all other software or services are running the latest stable release. Also investigate moving some of these services to other servers if possible. In other words, utilize multiple virtual servers to separate the services.

7 References

1. CVE Details – The ultimate security vulnerability datasourcehttp://www.cvedetails.com/

2. Metasploit Unleashed - The ultimate guide to the Metasploit Frameworkhttp://www.offensive-security.com/metasploit-unleashed/

3. NMAP.ORGhttp://nmap.org/docs.html

4. Exploit Database – Offensive Security Exploit Database Archivehttp://www.exploit-db.com/

5. WikiPediahttps://en.wikipedia.org/wiki/Apache_HTTP_Serverhttps://en.wikipedia.org/wiki/Perl

6. SAMBA Websitehttps://www.samba.org/

7. Blackduck Security https://security.openhub.net/vulnerabilities/Simple+PHP+Blog/95586841-ae55-4a9b-b9aa-af7b291102f7?project_id=327

8. PHP.nethttp://php.net/downloads.php

9. phpMyAdmin.nethttps://www.phpmyadmin.net/news/

53

https://www.phpmyadmin.net/news/

http://php.net/downloads.php

https://security.openhub.net/vulnerabilities/Simple+PHP+Blog/95586841-ae55-4a9b-b9aa-af7b291102f7?project_id=327

https://security.openhub.net/vulnerabilities/Simple+PHP+Blog/95586841-ae55-4a9b-b9aa-af7b291102f7?project_id=327

https://www.samba.org/

https://en.wikipedia.org/wiki/Perl



http://nmap.org/docs.html

http://www.offensive-security.com/metasploit-unleashed/

http://www.cvedetails.com/

cit 480 - web viewthe procedure used in the security assessment included network scanning and...

Documents