|We have a suspicion that it's been exloited in UofT network|
|being actively exploited(There were many cases in the past and many probes are being detected everyday)|
|recently discovered vunerability(exploit exists)|
MS RPC Services null pointer reference DoSVulnID: 11159
MS Windows RPC service (RPCSS) crashes trying to dereference a null pointer when it receives a certain malformed request. All MS RPC-based services (i.e. a large part of MS Windows 2000+) running on the target machine are rendered inoperable.
Solution: Block access to TCP port 135. Risk factor: High
|10.10.20.1||unknown (135/tcp)||dns.name.here||OS: Windows 2000 Professional, Build 2183 (RC3);|
Useable remote name serverVulnID: 10539
The remote name server allows recursive queries to be performed by the host running nessusd.
If this is your internal nameserver, then forget this warning.
If you are probing a remote nameserver, then it allows anyone to use it to resolve third parties names (such as www.nessus.org). This allows hackers to do cache poisoning attacks against this nameserver.
Solution: Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it). If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf If you are using another name server, consult its documentation.
Risk factor: Serious
|10.10.20.1||domain (53/tcp)||dns.name.here||OS: Windows 2000 Professional, Build 2183 (RC3);|
Detect the HTTP RPC endpoint mapperVulnID: 10763
This detects the http-rpc-epmap service by connecting to the port 593 and processing the buffer received.
This endpoint mapper provides CIS (COM+ Internet Services) parameters like port 135 (epmap) for RPC.
Solution: Deny incoming traffic from the Internet to TCP port 593 as it may become a security threat in the future, if a vulnerability is discovered.
For more information about CIS: http://msdn.microsoft.com/library/en-us/dndcom/html/cis.asp
Risk factor: Low
|10.10.20.1||unknown (593/tcp)||dns.name.here||OS: Windows 2000 Professional, Build 2183 (RC3);|
|[10539: Useable remote name server] [10763: Detect the HTTP RPC endpoint mapper] [11159: MS RPC Services null pointer reference DoS]|
|: Useable remote name server|
|: Detect the HTTP RPC endpoint mapper|
|: MS RPC Services null pointer reference DoS|