Nessus Report

Report generated by Nessus™

Dino Server

Mon, 25 Jun 2018 17:28:10 WIB

TABLE OF CONTENTS
Vulnerabilities by Host
172.16.0.1
2
31
21
1
67
Critical
High
Medium
Low
Info
Scan Information
Start time: Mon Jun 25 17:20:38 2018
End time: Mon Jun 25 17:28:09 2018
Host Information
DNS Name: dino.poltekom.ac.id
IP: 172.16.0.1
MAC Address: 00:24:e8:42:63:8e 00:24:e8:42:63:8c 00:24:e8:42:63:88 00:24:e8:42:63:8a
OS: FreeBSD 10.3_5
Vulnerabilities

10114 - ICMP Timestamp Request Remote Date Disclosure
Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.

Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
References
CVE CVE-1999-0524
XREF OSVDB:94
XREF CWE:200
Plugin Information:
Published: 1999/08/01, Modified: 2012/06/18
Plugin Output

icmp/0

The difference between the local and remote clocks is 78 seconds.

93145 - FreeBSD : libxml2 -- multiple vulnerabilities (e195679d-045b-4953-bb33-be0073ba2ac6)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
Daniel Veillard reports :

More format string warnings with possible format string vulnerability (David Kilzer)

Avoid building recursive entities (Daniel Veillard)

Heap-based buffer overread in htmlCurrentChar (Pranjal Jumde)

Heap-based buffer-underreads due to xmlParseName (David Kilzer)

Heap use-after-free in xmlSAX2AttributeNs (Pranjal Jumde)

Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (Pranjal Jumde)

Fix some format string warnings with possible format string vulnerability (David Kilzer)

Detect change of encoding when parsing HTML names (Hugh Davenport)

Fix inappropriate fetch of entities content (Daniel Veillard)

Bug 759398: Heap use-after-free in xmlDictComputeFastKey (Pranjal Jumde)

Bug 758605: Heap-based buffer overread in xmlDictAddString (Pranjal Jumde)

Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal (David Kilzer)

Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup (Pranjal Jumde)

Add missing increments of recursion depth counter to XML parser.
(Peter Simons)

Fix NULL pointer deref in XPointer range-to
See Also
Solution
Update the affected package.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
References
Plugin Information:
Published: 2016/08/29, Modified: 2017/07/05
Plugin Output

tcp/0


- Package : libxml2
Installed version : 2.9.3
Affected version(s) : < 2.9.4
106427 - FreeBSD : clamav -- multiple vulnerabilities (b464f61b-84c7-4e1c-8ad4-6cf9efffd025)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
ClamAV project reports :

Join us as we welcome ClamAV 0.99.3 to the family!.

This release is a security release and is recommended for all ClamAV users.

CVE-2017-12374 ClamAV UAF (use-after-free) Vulnerabilities

CVE-2017-12375 ClamAV Buffer Overflow Vulnerability

CVE-2017-12376 ClamAV Buffer Overflow in handle_pdfname Vulnerability

CVE-2017-12377 ClamAV Mew Packet Heap Overflow Vulnerability

CVE-2017-12378 ClamAV Buffer Over Read Vulnerability

CVE-2017-12379 ClamAV Buffer Overflow in messageAddArgument Vulnerability

CVE-2017-12380 ClamAV Null Dereference Vulnerability
See Also
Solution
Update the affected package.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
References
Plugin Information:
Published: 2018/01/29, Modified: 2018/02/12
Plugin Output

tcp/0


- Package : clamav
Installed version : 0.99.2
Affected version(s) : < 0.99.3
92345 - FreeBSD : tiff -- buffer overflow (c17fe91d-4aa6-11e6-a7bd-14dae9d210b8)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
Henri Salo reports :

buffer overflow in gif2tiff tool
See Also
Solution
Update the affected package.
Risk Factor
High
References
Plugin Information:
Published: 2016/07/18, Modified: 2016/07/18
Plugin Output

tcp/0


- Package : tiff
Installed version : 4.0.6_2
Affected version(s) : < 4.0.7
92574 - FreeBSD : php -- multiple vulnerabilities (b6402385-533b-11e6-a7bd-14dae9d210b8) (httpoxy)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
PHP reports :

- Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)

- Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()).

- Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access).

- Fixed bug #72519 (imagegif/output out-of-bounds access).

- Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener).

- Fixed bug #72533 (locale_accept_from_http out-of-bounds access).

- Fixed bug #72541 (size_t overflow lead to heap corruption).

- Fixed bug #72551, bug #72552 (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).

- Fixed bug #72558 (Integer overflow error within
_gdContributionsAlloc()).

- Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications).

- Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).

- Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).

- Fixed bug #72613 (Inadequate error handling in bzread()).

- Fixed bug #72618 (NULL pointer Dereference in exif_process_user_comment).
See Also
Solution
Update the affected packages.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2016/07/27, Modified: 2016/10/24
Plugin Output

tcp/0


- Package : php56
Installed version : 5.6.23
Affected version(s) : < 5.6.24

- Package : php56-bz2
Installed version : 5.6.23
Affected version(s) : < 5.6.24
92742 - FreeBSD : Vulnerabilities in Curl (e4bc70fc-5a2f-11e6-a1bc-589cfc0654e1)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
Curl security team reports :

CVE-2016-5419 - TLS session resumption client cert bypass

CVE-2016-5420 - Re-using connections with wrong client cert

CVE-2016-5421 - use of connection struct after free
See Also
Solution
Update the affected package.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2016/08/05, Modified: 2016/10/19
Plugin Output

tcp/0


- Package : curl
Installed version : 7.49.1
Affected version(s) : >= 7.32.0 < 7.50.1
93498 - FreeBSD : cURL -- Escape and unescape integer overflows (b018121b-7a4b-11e6-bf52-b499baebfeaf)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
The cURL project reports

The four libcurl functions curl_escape(), curl_easy_escape(), curl_unescape and curl_easy_unescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments.

The provided string length arguments were not properly checked and due to arithmetic in the functions, passing in the length 0xffffffff (2^32-1 or UINT_MAX or even just -1) would end up causing an allocation of zero bytes of heap memory that curl would attempt to write gigabytes of data into.
See Also
Solution
Update the affected package.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2016/09/15, Modified: 2016/10/19
Plugin Output

tcp/0


- Package : curl
Installed version : 7.49.1
Affected version(s) : >= 7.11.1 < 7.50.3
94083 - FreeBSD : PHP -- multiple vulnerabilities (8d5180a6-86fe-11e6-8d93-00248c0c745d)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
PHP reports :

- Fixed bug #73007 (add locale length check)

- Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)

- Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile)

- Fixed bug #73029 (Missing type check when unserializing SplArray)

- Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)

- Fixed bug #72860 (wddx_deserialize use-after-free)

- Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)
See Also
Solution
Update the affected package.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2016/10/17, Modified: 2016/10/25
Plugin Output

tcp/0


- Package : php56
Installed version : 5.6.23
Affected version(s) : < 5.6.26
94493 - FreeBSD : cURL -- multiple vulnerabilities (765feb7d-a0d1-11e6-a881-b499baebfeaf)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
The cURL project reports

- cookie injection for other servers

- case insensitive password comparison

- OOB write via unchecked multiplication

- double-free in curl_maprintf

- double-free in krb5 code

- glob parser write/read out of bounds

- curl_getdate read out of bounds

- URL unescape heap overflow via integer truncation

- Use-after-free via shared cookies

- invalid URL parsing with '#'

- IDNA 2003 makes curl use wrong host
See Also
Solution
Update the affected package.
Risk Factor
High
References
Plugin Information:
Published: 2016/11/03, Modified: 2016/11/03
Plugin Output

tcp/0


- Package : curl
Installed version : 7.49.1
Affected version(s) : >= 7.1 < 7.51.0
95265 - FreeBSD : ntp -- multiple vulnerabilities (8db8d62a-b08b-11e6-8eba-d050996490d0)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
Network Time Foundation reports :

NTF's NTP Project is releasing ntp-4.2.8p9, which addresses :

- 1 HIGH severity vulnerability that only affects Windows

- 2 MEDIUM severity vulnerabilities

- 2 MEDIUM/LOW severity vulnerabilities

- 5 LOW severity vulnerabilities

- 28 other non-security fixes and improvements

All of the security issues in this release are listed in VU#633847.
See Also
Solution
Update the affected packages.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Base Score
7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
References
Plugin Information:
Published: 2016/11/23, Modified: 2017/05/05
Plugin Output

tcp/0


- Package : ntp
Installed version : 4.2.8p8
Affected version(s) : < 4.2.8p9
95734 - FreeBSD : PHP -- Multiple vulnerabilities (2d56308b-c0a8-11e6-a9a5-b499baebfeaf)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
The PHP project reports :

This is a security release. Several security bugs were fixed in this release.
See Also
Solution
Update the affected packages.
Risk Factor
High
Plugin Information:
Published: 2016/12/13, Modified: 2016/12/13
Plugin Output

tcp/0


- Package : php56
Installed version : 5.6.23
Affected version(s) : < 5.6.29
96639 - FreeBSD : PHP -- undisclosed vulnerabilities (709e025a-de8b-11e6-a9a5-b499baebfeaf)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
The PHP project reports :

The PHP development team announces the immediate availability of PHP 7.0.15. This is a security release. Several security bugs were fixed in this release.

The PHP development team announces the immediate availability of PHP 5.6.30. This is a security release. Several security bugs were fixed in this release.
See Also
Solution
Update the affected packages.
Risk Factor
High
Plugin Information:
Published: 2017/01/20, Modified: 2017/01/20
Plugin Output

tcp/0


- Package : php56
Installed version : 5.6.23
Affected version(s) : < 5.6.30
97035 - FreeBSD : tiff -- multiple vulnerabilities (fb74eacc-ec8a-11e6-bc8a-0011d823eebd)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
libtiff project reports :

Multiple flaws have been discovered in libtiff library and utilities.
See Also
Solution
Update the affected packages.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2017/02/07, Modified: 2017/02/09
Plugin Output

tcp/0


- Package : tiff
Installed version : 4.0.6_2
Affected version(s) : < 4.0.7
99551 - FreeBSD : tiff -- multiple vulnerabilities (2a96e498-3234-4950-a9ad-419bc84a839d)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
NVD reports :

Please reference CVE/URL list for details
See Also
Solution
Update the affected packages.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2017/04/21, Modified: 2017/10/02
Plugin Output

tcp/0


- Package : tiff
Installed version : 4.0.6_2
Affected version(s) : < 4.0.8
99556 - FreeBSD : libevent -- multiple vulnerabilities (b8ee7a81-a879-4358-9b30-7dd1bd4c14b1)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
Debian Security reports :

CVE-2016-10195: The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.

CVE-2016-10196: Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

CVE-2016-10197: The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
See Also
Solution
Update the affected packages.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2017/04/21, Modified: 2017/04/21
Plugin Output

tcp/0


- Package : libevent2
Installed version : 2.0.22_1
Affected version(s) : < 2.1.6
100283 - FreeBSD : freetype2 -- buffer overflows (4a088d67-3af2-11e7-9d75-c86000169601)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
Werner Lemberg reports :

CVE-2017-8105, CVE-2017-8287: Older FreeType versions have out-of-bounds writes caused by heap-based buffer overflows related to Type 1 fonts.
See Also
Solution
Update the affected package.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2017/05/19, Modified: 2018/01/31
Plugin Output

tcp/0


- Package : freetype2
Installed version : 2.6.3
Affected version(s) : < 2.8
100581 - FreeBSD : FreeRADIUS -- TLS resumption authentication bypass (673dce46-46d0-11e7-a539-0050569f7e80)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
Stefan Winter reports :

The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
See Also
Solution
Update the affected packages.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2017/06/02, Modified: 2018/02/01
Plugin Output

tcp/0


- Package : freeradius
Installed version : 2.2.9
Affected version(s) : < 3.0.14
100976 - FreeBSD : OpenVPN -- several vulnerabilities (9f65d382-56a4-11e7-83e3-080027ef73ec)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
Samuli Seppanen reports :

In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In the process he found several vulnerabilities and reported them to the OpenVPN project. [...] The first releases to have these fixes are OpenVPN 2.4.3 and 2.3.17.

This is a list of fixed important vulnerabilities :

- Remotely-triggerable ASSERT() on malformed IPv6 packet

- Pre-authentication remote crash/information disclosure for clients

- Potential double-free in --x509-alt-username

- Remote-triggerable memory leaks

- Post-authentication remote DoS when using the --x509-track option

- NULL pointer dereference in establish_http_proxy_passthru()
See Also
Solution
Update the affected packages.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2017/06/22, Modified: 2018/02/01
Plugin Output

tcp/0


- Package : openvpn
Installed version : 2.3.11
Affected version(s) : < 2.3.17
101332 - FreeBSD : oniguruma -- multiple vulnerabilities (b396cf6c-62e6-11e7-9def-b499baebfeaf)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
the PHP project reports :

- A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer (CVE-2017-9224).

- A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption (CVE-2017-9226).

- A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer (CVE-2017-9227).

- A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption (CVE-2017-9228).

- A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition (CVE-2017-9228).
See Also
Solution
Update the affected packages.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2017/07/10, Modified: 2018/01/31
Plugin Output

tcp/0


- Package : oniguruma5
Installed version : 5.9.6_1
Affected version(s) : < 5.9.7

- Package : php56-mbstring
Installed version : 5.6.23
Affected version(s) : < 5.6.31
102279 - FreeBSD : sqlite3 -- heap-buffer overflow (9245681c-7c3c-11e7-b5af-a4badb2f4699)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
Google reports :

A heap-buffer overflow (sometimes a crash) can arise when running a SQL request on malformed sqlite3 databases.
See Also
Solution
Update the affected package.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2017/08/09, Modified: 2018/02/01
Plugin Output

tcp/0


- Package : sqlite3
Installed version : 3.13.0
Affected version(s) : < 3.20.0
103442 - FreeBSD : perl -- multiple vulnerabilities (d9e82328-a129-11e7-987e-4f174049b30a)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
SO-AND-SO reports :

CVE-2017-12814: $ENV{$key} stack-based buffer overflow on Windows

A possible stack-based buffer overflow in the %ENV code on Windows has been fixed by removing the buffer completely since it was superfluous anyway.

CVE-2017-12837: Heap buffer overflow in regular expression compiler

Compiling certain regular expression patterns with the case-insensitive modifier could cause a heap buffer overflow and crash perl. This has now been fixed.

CVE-2017-12883: Buffer over-read in regular expression parser

For certain types of syntax error in a regular expression pattern, the error message could either contain the contents of a random, possibly large, chunk of memory, or could crash perl. This has now been fixed.
See Also
Solution
Update the affected packages.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2017/09/25, Modified: 2018/01/31
Plugin Output

tcp/0


- Package : perl5
Installed version : 5.24.1.r4_1
Affected version(s) : >= 5.24.0 < 5.24.3
103620 - FreeBSD : dnsmasq -- multiple vulnerabilities (b77b5646-a778-11e7-ac58-b499baebfeaf)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
Google Project Zero reports :

- CVE-2017-14491: Heap based overflow (2 bytes). Before 2.76 and this commit overflow was unrestricted.

- CVE-2017-14492: Heap based overflow.

- CVE-2017-14493: Stack Based overflow.

- CVE-2017-14494: Information Leak

- CVE-2017-14495: Lack of free()

- CVE-2017-14496: Invalid boundary checks. Integer underflow leading to a huge memcpy.

- CVE-2017-13704: Crash on large DNS query
See Also
Solution
Update the affected packages.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
STIG Severity
I
References
Plugin Information:
Published: 2017/10/03, Modified: 2018/02/01
Plugin Output

tcp/0


- Package : dnsmasq
Installed version : 2.76,1
Affected version(s) : < 2.78,1
103796 - FreeBSD : Python 2.7 -- multiple vulnerabilities (9164f51e-ae20-11e7-a633-009c02a2ab30)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
Python reports :

Multiple vulnerabilities have been fixed in Python 2.7.14. Please refer to the CVE list for details.
See Also
Solution
Update the affected package.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
References
Plugin Information:
Published: 2017/10/12, Modified: 2017/10/12
Plugin Output

tcp/0


- Package : python27
Installed version : 2.7.12
Affected version(s) : < 2.7.14
103953 - FreeBSD : krb5 -- Multiple vulnerabilities (3f3837cc-48fb-4414-aa46-5b1c23c9feae)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
MIT reports :

CVE-2017-11368 :

In MIT krb5 1.7 and later, an authenticated attacker can cause an assertion failure in krb5kdc by sending an invalid S4U2Self or S4U2Proxy request.

CVE-2017-11462 :

RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or subsequent call to gss_init_sec_context() or gss_accept_sec_context() if the call results in an error. This API behavior has been found to be dangerous, leading to the possibility of memory errors in some callers. For safety, GSS-API implementations should instead preserve existing security contexts on error until the caller deletes them.

All versions of MIT krb5 prior to this change may delete acceptor contexts on error. Versions 1.13.4 through 1.13.7, 1.14.1 through 1.14.5, and 1.15 through 1.15.1 may also delete initiator contexts on error.
See Also
Solution
Update the affected packages.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2017/10/19, Modified: 2018/01/31
Plugin Output

tcp/0


- Package : krb5
Installed version : 1.14.2
Affected version(s) : < 1.14.6
103999 - FreeBSD : arj -- multiple vulnerabilities (b95e5674-b4d6-11e7-b895-0cc47a494882)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
Several vulnerabilities: symlink directory traversal, absolute path directory traversal and buffer overflow were discovered in the arj archiver.
See Also
Solution
Update the affected package.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2017/10/20, Modified: 2017/10/20
Plugin Output

tcp/0


- Package : arj
Installed version : 3.10.22_4
Affected version(s) : < 3.10.22_5
104266 - FreeBSD : PHP -- denial of service attack (de7a2b32-bd7d-11e7-b627-d43d7e971a1b)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
The PHP project reports :

The PHP development team announces the immediate availability of PHP 5.6.32. This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.0.25. This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.1.11. This is a bugfix release, with several bug fixes included. All PHP 7.1 users are encouraged to upgrade to this version.
See Also
Solution
Update the affected packages.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2017/10/31, Modified: 2017/11/15
Plugin Output

tcp/0


- Package : php56
Installed version : 5.6.23
Affected version(s) : < 5.6.32
104863 - FreeBSD : cURL -- Multiple vulnerabilities (301a01b7-d50e-11e7-ac58-b499baebfeaf)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
The cURL project reports :

- NTLM buffer overflow via integer overflow (CVE-2017-8816)libcurl contains a buffer overrun flaw in the NTLM authentication code. The internal function Curl_ntlm_core_mk_ntlmv2_hash sums up the lengths of the user name + password (= SUM) and multiplies the sum by two (= SIZE) to figure out how large storage to allocate from the heap.

- FTP wildcard out of bounds read (CVE-2017-8817) libcurl contains a read out of bounds flaw in the FTP wildcard function. libcurl's FTP wildcard matching feature, which is enabled with the CURLOPT_WILDCARDMATCH option can use a built-in wildcard function or a user provided one. The built-in wildcard function has a flaw that makes it not detect the end of the pattern string if it ends with an open bracket ([) but instead it will continue reading the heap beyond the end of the URL buffer that holds the wildcard.

- SSL out of buffer access (CVE-2017-8818) libcurl contains an out boundary access flaw in SSL related code. When allocating memory for a connection (the internal struct called connectdata), a certain amount of memory is allocated at the end of the struct to be used for SSL related structs. Those structs are used by the particular SSL library libcurl is built to use. The application can also tell libcurl which specific SSL library to use if it was built to support more than one.
See Also
Solution
Update the affected packages.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2017/11/30, Modified: 2018/01/31
Plugin Output

tcp/0


- Package : curl
Installed version : 7.49.1
Affected version(s) : >= 7.21.0 < 7.57.0
107046 - FreeBSD : ntp -- multiple vulnerabilities (af485ef4-1c58-11e8-8477-d05099c0ae8c)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
Network Time Foundation reports :

The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11.

This release addresses five security issues in ntpd :

- LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack

- INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909 : ctl_getitem():
buffer read overrun leads to undefined behavior and information leak

- LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations

- LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state

- LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909 : Unauthenticated packet can reset authenticated interleaved association

one security issue in ntpq :

- MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909 : ntpq:decodearr() can write beyond its buffer limit

and provides over 33 bugfixes and 32 other improvements.
See Also
Solution
Update the affected packages.
Risk Factor
High
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
CVE CVE-2016-1549
CVE CVE-2018-7170
CVE CVE-2018-7182
CVE CVE-2018-7183
CVE CVE-2018-7184
CVE CVE-2018-7185
XREF FreeBSD:SA-18:02.ntp
Plugin Information:
Published: 2018/02/28, Modified: 2018/03/29
Plugin Output

tcp/0


- Package : ntp
Installed version : 4.2.8p8
Affected version(s) : < 4.2.8p11
107126 - FreeBSD : isc-dhcp -- Multiple vulnerabilities (2040c7f5-1e3a-11e8-8ae9-0050569f0b83)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
ISC reports :

Failure to properly bounds check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section.

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash.
See Also
Solution
Update the affected packages.
Risk Factor
High
STIG Severity
I
References
CVE CVE-2018-5732
CVE CVE-2018-5733
XREF IAVB:2018-B-0034
Plugin Information:
Published: 2018/03/05
Plugin Output

tcp/0


- Package : isc-dhcp43-server
Installed version : 4.3.4
Affected version(s) : <= 4.3.6

- Package : isc-dhcp43-client
Installed version : 4.3.4
Affected version(s) : <= 4.3.6
109051 - FreeBSD : perl -- multiple vulnerabilities (41c96ffd-29a6-4dcc-9a88-65f5038fa6eb)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
perldelta :

CVE-2018-6797: heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)

A crafted regular expression could cause a heap buffer write overflow, with control over the bytes written. [perl #132227]

CVE-2018-6798: Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)

Matching a crafted locale dependent regular expression could cause a heap buffer read overflow and potentially information disclosure.
[perl #132063]

CVE-2018-6913: heap-buffer-overflow in S_pack_rec

pack() could cause a heap buffer write overflow with a large item count. [perl #131844]
See Also
Solution
Update the affected packages.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2018/04/16, Modified: 2018/05/23
Plugin Output

tcp/0


- Package : perl5
Installed version : 5.24.1.r4_1
Affected version(s) : >= 5.24.0 < 5.24.4
109594 - FreeBSD : python 2.7 -- multiple vulnerabilities (8719b935-8bae-41ad-92ba-3c826f651219)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
python release notes :

Multiple vulnerabilities has been fixed in this release. Please refer to the CVE list for details.
See Also
Solution
Update the affected package.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2018/05/07, Modified: 2018/05/07
Plugin Output

tcp/0


- Package : python27
Installed version : 2.7.12
Affected version(s) : < 2.7.15
109877 - FreeBSD : cURL -- multiple vulnerabilities (04fe6c8d-2a34-4009-a81e-e7a7e759b5d2)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
cURL security problems :

CVE-2018-1000300: FTP shutdown response buffer overflow

curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.

When doing FTP transfers, curl keeps a spare 'closure handle' around internally that will be used when an FTP connection gets shut down since the original curl easy handle is then already removed.

FTP server response data that gets cached from the original transfer might then be larger than the default buffer size (16 KB) allocated in the 'closure handle', which can lead to a buffer overwrite. The contents and size of that overwrite is controllable by the server.

This situation was detected by an assert() in the code, but that was of course only preventing bad stuff in debug builds. This bug is very unlikely to trigger with non-malicious servers.

We are not aware of any exploit of this flaw.

CVE-2018-1000301: RTSP bad headers buffer over-read

curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded content.

When servers send RTSP responses back to curl, the data starts out with a set of headers. curl parses that data to separate it into a number of headers to deal with those appropriately and to find the end of the headers that signal the start of the 'body' part.

The function that splits up the response into headers is called Curl_http_readwrite_headers() and in situations where it can't find a single header in the buffer, it might end up leaving a pointer pointing into the buffer instead of to the start of the buffer which then later on may lead to an out of buffer read when code assumes that pointer points to a full buffer size worth of memory to use.

This could potentially lead to information leakage but most likely a crash/denial of service for applications if a server triggers this flaw.

We are not aware of any exploit of this flaw.
See Also
Solution
Update the affected package.
Risk Factor
High
References
Plugin Information:
Published: 2018/05/17, Modified: 2018/05/17
Plugin Output

tcp/0


- Package : curl
Installed version : 7.49.1
Affected version(s) : < 7.60.0
110274 - FreeBSD : strongswan -- Fix Denial-of-Service Vulnerability strongSwan (CVE-2018-10811, CVE-2018-5388) (7fc3e827-64a5-11e8-aedb-00224d821998)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
strongSwan security team reports :

- A denial-of-service vulnerability in the IKEv2 key derivation was fixed if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (which is not FIPS-compliant). So this should only affect very specific setups, but in such configurations all strongSwan versions since 5.0.1 may be affected.

- A denial-of-service vulnerability in the stroke plugin was fixed.
When reading a message from the socket the plugin did not check the received length. Unless a group is configured, root privileges are required to access that socket, so in the default configuration this shouldn't be an issue, but all strongSwan versions may be affected.
See Also
Solution
Update the affected package.
Risk Factor
High
References
Plugin Information:
Published: 2018/06/01, Modified: 2018/06/01
Plugin Output

tcp/0


- Package : strongswan
Installed version : 5.5.0
Affected version(s) : < 5.6.3
92652 - FreeBSD : libidn -- multiple vulnerabilities (cb5189eb-572f-11e6-b334-002590263bf5)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
Simon Josefsson reports :

libidn: Fix out-of-bounds stack read in idna_to_ascii_4i.

idn: Solve out-of-bounds-read when reading one zero byte as input.
Also replaced fgets with getline.

libidn: stringprep_utf8_nfkc_normalize reject invalid UTF-8. It was always documented to only accept UTF-8 data, but now it doesn't crash when presented with such data.
See Also
Solution
Update the affected package.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information:
Published: 2016/08/01, Modified: 2017/07/05
Plugin Output

tcp/0


- Package : libidn
Installed version : 1.31
Affected version(s) : < 1.33
96086 - FreeBSD : cURL -- buffer overflow (42880202-c81c-11e6-a9a5-b499baebfeaf)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
The cURL project reports : printf floating point buffer overflow libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion outputs more than 255 bytes.
See Also
Solution
Update the affected package.
Risk Factor
Medium
CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2016/12/22, Modified: 2018/05/25
Plugin Output

tcp/0


- Package : curl
Installed version : 7.49.1
Affected version(s) : >= 7.1 < 7.52
100140 - FreeBSD : OpenVPN -- two remote denial-of-service vulnerabilities (04cc7bd2-3686-11e7-aa64-080027ef73ec)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
Samuli Seppanen reports :

OpenVPN v2.4.0 was audited for security vulnerabilities independently by Quarkslabs (funded by OSTIF) and Cryptography Engineering (funded by Private Internet Access) between December 2016 and April 2017. The primary findings were two remote denial-of-service vulnerabilities.
Fixes to them have been backported to v2.3.15.

An authenticated client can do the 'three way handshake'
(P_HARD_RESET, P_HARD_RESET, P_CONTROL), where the P_CONTROL packet is the first that is allowed to carry payload. If that payload is too big, the OpenVPN server process will stop running due to an ASSERT() exception. That is also the reason why servers using tls-auth/tls-crypt are protected against this attack - the P_CONTROL packet is only accepted if it contains the session ID we specified, with a valid HMAC (challenge-response). (CVE-2017-7478)

An authenticated client can cause the server's the packet-id counter to roll over, which would lead the server process to hit an ASSERT() and stop running. To make the server hit the ASSERT(), the client must first cause the server to send it 2^32 packets (at least 196 GB).
See Also
Solution
Update the affected packages.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
References
Plugin Information:
Published: 2017/05/12, Modified: 2018/01/31
Plugin Output

tcp/0


- Package : openvpn
Installed version : 2.3.11
Affected version(s) : < 2.3.15
100141 - FreeBSD : PostgreSQL vulnerabilities (414c18bf-3653-11e7-9550-6cc21735f730)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
The PostgreSQL project reports :

Security Fixes nested CASE expressions + database and role names with embedded special characters

- CVE-2017-7484: selectivity estimators bypass SELECT privilege checks.

- CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable

- CVE-2017-7486: pg_user_mappings view discloses foreign server passwords. This applies to new databases, see the release notes for the procedure to apply the fix to an existing database.
See Also
Solution
Update the affected packages.
Risk Factor
Medium
CVSS v3.0 Base Score
8.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H)
CVSS Base Score
6.5 (CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
References
Plugin Information:
Published: 2017/05/12, Modified: 2017/05/19
Plugin Output

tcp/0


- Package : postgresql93-client
Installed version : 9.3.15_1
Affected version(s) : >= 9.3.0 < 9.3.16
101381 - FreeBSD : nginx -- a specially crafted request might result in an integer overflow (b28adc5b-6693-11e7-ad43-f0def16c5c1b)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
Maxim Dounin reports :

A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak (CVE-2017-7529).
See Also
Solution
Update the affected packages.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information:
Published: 2017/07/12, Modified: 2018/01/31
Plugin Output

tcp/0


- Package : nginx
Installed version : 1.10.1,2
Affected version(s) : >= 0.5.6 < 1.12.1,2
101827 - FreeBSD : strongswan -- Denial-of-service vulnerability in the x509 plugin (c7e8e955-6c61-11e7-9b01-2047478f2f70)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
strongSwan security team reports :

ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate.
See Also
Solution
Update the affected package.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
References
Plugin Information:
Published: 2017/07/20, Modified: 2017/07/20
Plugin Output

tcp/0


- Package : strongswan
Installed version : 5.5.0
Affected version(s) : <= 5.5.3
101829 - FreeBSD : strongswan -- multiple vulnerabilities (e6ccaf8a-6c63-11e7-9b01-2047478f2f70)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
strongSwan security team reports :

- RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception. [CVE-2017-9022]

- ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types.
This could lead to infinite looping of the thread parsing a specifically crafted certificate.
See Also
Solution
Update the affected package.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
References
Plugin Information:
Published: 2017/07/20, Modified: 2018/01/31
Plugin Output

tcp/0


- Package : strongswan
Installed version : 5.5.0
Affected version(s) : >= 4.4.0 <= 5.5.2
102330 - FreeBSD : cURL -- multiple vulnerabilities (69cfa386-7cd0-11e7-867f-b499baebfeaf)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
The cURL project reports :

- FILE buffer read out of bounds

- TFTP sends more than buffer size

- URL globbing out of bounds read
See Also
Solution
Update the affected package.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
References
Plugin Information:
Published: 2017/08/10, Modified: 2018/02/01
Plugin Output

tcp/0


- Package : curl
Installed version : 7.49.1
Affected version(s) : < 7.55.0
103478 - FreeBSD : php-gd and gd -- Buffer over-read into uninitialized memory (5033e2fc-98ec-4ef5-8e0b-87cfbbc73081)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
PHP developers report :

The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
See Also
Solution
Update the affected packages.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
References
Plugin Information:
Published: 2017/09/27, Modified: 2018/02/01
Plugin Output

tcp/0


- Package : libgd
Installed version : 2.2.4,1
Affected version(s) : < 2.2.5
103480 - FreeBSD : libgd -- Denial of servica via double free (a60a2e95-acba-4b11-bc32-ffb47364e07d)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
libgd developers report :

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
See Also
Solution
Update the affected package.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
References
CVE CVE-2017-6362
XREF DSA:3961
Plugin Information:
Published: 2017/09/27, Modified: 2018/01/31
Plugin Output

tcp/0


- Package : libgd
Installed version : 2.2.4,1
Affected version(s) : < 2.2.5
103523 - FreeBSD : OpenVPN -- out-of-bounds write in legacy key-method 1 (3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
Steffan Karger reports :

The bounds check in read_key() was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack-based buffer overflow. [...]

Note that 'key-method 1' has been replaced by 'key method 2' as the default in OpenVPN 2.0 (released on 2005-04-17), and explicitly deprecated in 2.4 and marked for removal in 2.5. This should limit the amount of users impacted by this issue.
See Also
Solution
Update the affected packages.
Risk Factor
Medium
CVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
STIG Severity
I
References
CVE CVE-2017-12166
XREF IAVA:2017-A-0285
Plugin Information:
Published: 2017/09/28, Modified: 2018/02/01
Plugin Output

tcp/0


- Package : openvpn
Installed version : 2.3.11
Affected version(s) : < 2.3.18
103666 - FreeBSD : cURL -- out of bounds read (ccace707-a8d8-11e7-ac58-b499baebfeaf)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
The cURL project reports :

FTP PWD response parser out of bounds read

libcurl may read outside of a heap allocated buffer when doing FTP.

When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses.

Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path.

A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault.
See Also
Solution
Update the affected package.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
References
Plugin Information:
Published: 2017/10/05, Modified: 2018/01/31
Plugin Output

tcp/0


- Package : curl
Installed version : 7.49.1
Affected version(s) : < 7.56.0
104113 - FreeBSD : cURL -- out of bounds read (143ec3d6-b7cf-11e7-ac58-b499baebfeaf)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
The cURL project reports :

libcurl contains a buffer overrun flaw in the IMAP handler. An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.
See Also
Solution
Update the affected package.
Risk Factor
Medium
CVSS v3.0 Base Score
9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)
References
Plugin Information:
Published: 2017/10/24, Modified: 2018/01/31
Plugin Output

tcp/0


- Package : curl
Installed version : 7.49.1
Affected version(s) : >= 7.20 < 7.56.1
105216 - FreeBSD : libxml2 -- Multiple Issues (76e59f55-4f7a-4887-bcb0-11604004163a)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
libxml2 developers report :

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len'
rather than the updated buffer length strlen(buf). This allows us to write about 'size' many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash.
This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash.
This vulnerability exists because of an incomplete fix for CVE-2016-1839.
See Also
Solution
Update the affected package.
Risk Factor
Medium
CVSS v3.0 Base Score
9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
CVSS Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)
References
Plugin Information:
Published: 2017/12/14, Modified: 2018/02/01
Plugin Output

tcp/0


- Package : libxml2
Installed version : 2.9.3
Affected version(s) : <= 2.9.4
106214 - FreeBSD : unbound -- vulnerability in the processing of wildcard synthesized NSEC records (8d3bae09-fd28-11e7-95f2-005056925db4)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
Unbound reports :

We discovered a vulnerability in the processing of wildcard synthesized NSEC records. While synthesis of NSEC records is allowed by RFC4592, these synthesized owner names should not be used in the NSEC processing. This does, however, happen in Unbound 1.6.7 and earlier versions.
See Also
Solution
Update the affected package.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
References
Plugin Information:
Published: 2018/01/22, Modified: 2018/02/20
Plugin Output

tcp/0


- Package : unbound
Installed version : 1.5.9
Affected version(s) : < 1.6.8
106424 - FreeBSD : cURL -- Multiple vulnerabilities (0cbf0fa6-dcb7-469c-b87a-f94cffd94583)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
The cURL project reports :

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequest hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.
See Also
Solution
Update the affected package.
Risk Factor
Medium
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information:
Published: 2018/01/29, Modified: 2018/02/20
Plugin Output

tcp/0


- Package : curl
Installed version : 7.49.1
Affected version(s) : < 7.58.0
106700 - FreeBSD : tiff -- multiple vulnerabilities (b38e8150-0535-11e8-96ab-0800271d4b9c)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
Debian Security Advisory reports :

Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.
See Also
Solution
Update the affected package.
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
References
Plugin Information:
Published: 2018/02/09, Modified: 2018/02/09
Plugin Output

tcp/0


- Package : tiff
Installed version : 4.0.6_2
Affected version(s) : <= 4.0.9
106995 - FreeBSD : squid -- Vulnerable to Denial of Service attack (d5b6d151-1887-11e8-94f7-9c5c8e75236a)
Synopsis
The remote FreeBSD host is missing one or more security-related updates.
Description
Louis Dion-Marcil reports :

Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses.

This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service.

Due to unrelated changes Squid-3.5 has become vulnerable to some regular ESI server responses also triggering this issue.

This problem is limited to the Squid custom ESI parser. Squid built to use libxml2 or libexpat XML parsers do not have this problem.

Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses or downloading intermediate CA certificates.

This problem allows a remote client delivering certain HTTP requests in conjunction with certain trusted server responses to trigger a denial of service for all clients accessing the Squid service.
See Also
Solution
Update the affected packages.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
References
CVE CVE-2018-1000024
CVE CVE-2018-1000027
XREF DSA:4122
Plugin Information:
Published: 2018/02/26, Modified: 2018/03/12
Plugin Output

tcp/0


- Package : squid
Installed version : 3.5.23
Affected version(s) : < 3.5.27_3
108574 - FreeBSD : SQLite -- Corrupt DB can cause a NULL pointer dereference (6d52bda1-2e54-11e8-a68f-485b3931c969)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
MITRE reports :

SQLite databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
See Also
Solution
Update the affected package.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
References
Plugin Information:
Published: 2018/03/23, Modified: 2018/04/10
Plugin Output

tcp/0


- Package : sqlite3
Installed version : 3.13.0
Affected version(s) : < 3.22.0_1
99206 - FreeBSD : cURL -- potential memory disclosure (04f29189-1a05-11e7-bc6e-b499baebfeaf)
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
The cURL project reports :

There were two bugs in curl's parser for the command line option
--write-out (or -w for short) that would skip the end of string zero byte if the string ended in a % (percent) or \ (backslash), and it would read beyond that buffer in the heap memory and it could then potentially output pieces of that memory to the terminal or the target file etc..

This flaw only exists in the command line tool.

We are not aware of any exploit of this flaw.
See Also
Solution
Update the affected package.
Risk Factor
Low
CVSS v3.0 Base Score
2.4 (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information:
Published: 2017/04/06, Modified: 2018/01/31
Plugin Output

tcp/0


- Package : curl
Installed version : 7.49.1
Affected version(s) : >= 6.5 < 7.53.1_1
11936 - OS Identification
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2003/12/09, Modified: 2018/04/19
Plugin Output

tcp/0


Remote operating system : FreeBSD 10.3_5
Confidence level : 100
Method : uname


The remote host is running FreeBSD 10.3_5
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


172.16.0.1 resolves as dino.poltekom.ac.id.
19506 - Nessus Scan Information
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- Whether credentialed or third-party patch management checks are possible.
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2005/08/26, Modified: 2017/10/26
Plugin Output

tcp/0

Information about this scan :

Nessus version : 7.1.0
Plugin feed version : 201806121820
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Advanced Scan
Scanner IP : 172.16.1.201
Port scanner(s) : netstat
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : yes, as 'root' via ssh
Attempt Least Privilege : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 100
Max checks : 5
Recv timeout : 5
Backports : Detected
Allow post-scan editing: Yes
Scan Start Date : 2018/6/25 17:21 WIB
Scan duration : 425 sec
22869 - Software Enumeration (SSH)
Synopsis
It was possible to enumerate installed software on the remote host via SSH.
Description
Nessus was able to list the software installed on the remote host by calling the appropriate command (e.g., 'rpm -qa' on RPM-based Linux distributions, qpkg, dpkg, etc.).
Solution
Remove any software that is not in compliance with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information:
Published: 2006/10/15, Modified: 2017/07/28
Plugin Output

tcp/0


Here is the list of packages installed on the remote FreeBSD system :

arc-5.21p Create & extract files from DOS .ARC files
arj-3.10.22_4 Open source implementation of the ARJ archiver
arping-2.15_1 ARP level "ping" utility
ataidle-2.7.2 Utility to spin down ATA drives
bash-4.4.12 GNU Project's Bourne Again SHell
beep-1.0_1 Beeps a certain duration and pitch out of the PC Speaker
bind-tools-9.10.4P2 Command line tools from BIND: delv, dig, host, nslookup...
bsnmp-regex-0.6_1 bsnmpd module allowing creation of counters from log files
bsnmp-ucd-0.4.2 bsnmpd module that implements parts of UCD-SNMP-MIB
bwi-firmware-kmod-3.130.20 Broadcom AirForce IEEE 802.11 Firmware Kernel Module
c-icap-0.4.3,2 ICAP server implementation
c-icap-modules-0.4.3 Modules for c-icap: virus_scan and srv_url_check
ca_root_nss-3.25 Root certificate bundle from the Mozilla Project
check_reload_status-0.0.7 run various pfSense scripts on event.
choparp-20150613 Simple proxy arp daemon
clamav-0.99.2 Command line virus scanner written entirely in C
clog-1.0.1 Circular log support for FreeBSD syslogd
cpdup-1.18 Comprehensive filesystem mirroring and backup program
cpustats-0.1_1 cpustats
curl-7.49.1 Non-interactive tool to get files from FTP, GOPHER, HTTP(S) servers
cyrus-sasl-2.1.26_12 RFC 2222 SASL (Simple Authentication and Security Layer)
db5-5.3.28_4 Oracle Berkeley DB, revision 5.3
dhcp6-20080615_7 KAME DHCP6 client, server, and relay
dhcpleases-0.3_1 read dhpcd.lease file and add it to hosts file
dhcpleases6-0.1_2 read dhpcd6.leases file and trigger command on modification
dmidecode-3.0 Tool for dumping DMI (SMBIOS) contents in human-readable format
dnsmasq-2.76,1 Lightweight DNS forwarder, DHCP, and TFTP server
dpinger-2.0 IP device monitoring tool
expat-2.1.1_2 XML 1.0 parser written in C
expiretable-0.6_1 Utility to remove entries from the pf(4) table based on their age
filterdns-1.0_9 filterdns
filterlog-0.1_4 filterlog
freeradius-2.2.9 Free RADIUS server implementation
freetype2-2.6.3 Free and portable TrueType font rendering engine
gdbm-1.12 GNU database manager
gettext-runtime-0.19.8.1 GNU gettext runtime libraries and programs
giflib-5.1.4 Tools and library routines for working with GIF images
glib-2.46.2 Some useful routines of C programming (current stable version)
gmp-5.1.3_3 Free library for arbitrary precision arithmetic
gogoc-1.2_1 GogoCLIENT, connect to Freenet6 tunnel
idnkit-1.0_5 Library to handle internationalized domain names
igmpproxy-0.1_3,1 Multicast forwarding IGMP proxy
indexinfo-0.2.4 Utility to regenerate the GNU info page index
ipmitool-1.8.17_1 CLI to manage IPMI systems
isc-dhcp43-client-4.3.4 The ISC Dynamic Host Configuration Protocol client
isc-dhcp43-relay-4.3.4_1 The ISC Dynamic Host Configuration Protocol relay
isc-dhcp43-server-4.3.4 ISC Dynamic Host Configuration Protocol server
jbigkit-2.1_1 Lossless compression for bi-level images such as scanned pages, faxes
jpeg-turbo-1.4.2 SIMD-accelerated JPEG codec which replaces libjpeg
json-c-0.12_2 JSON (JavaScript Object Notation) implementation in C
krb5-1.14.2 Authentication system developed at MIT, successor to Kerberos IV
ldns-1.6.17_5 Library for programs conforming to DNS RFCs and drafts
lha-1.14i_6 Archive files using LZSS and Huffman compression (.lzh files)
libdaemon-0.14_1 Lightweight C library that eases the writing of UNIX daemons
libedit-3.1.20150325_2,1 Command line editor library
libevent2-2.0.22_1 API for executing callback functions on events or timeouts
libffi-3.2.1 Foreign Function Interface
libgd-2.2.4,1 Graphics library for fast creation of images
libiconv-1.14_9 Character set conversion library
libidn-1.31 Internationalized Domain Names command line tool
libltdl-2.4.6 System independent dlopen wrapper
liblz4-131 LZ4 compression library, lossless and very fast
libmcrypt-2.5.8_3 Multi-cipher cryptographic library (used in PHP)
libnet-1.1.6_4,1 C library for creating IP packets
libpdel-0.5.3_6 Packet Design multi-purpose C library for embedded applications
libsodium-1.0.8 Library to build higher-level cryptographic tools
libssh2-1.7.0,2 Library implementing the SSH2 protocol
libucl-0.8.0 Universal configuration library parser
libxml2-2.9.3 XML parser library for GNOME
libzmq4-4.1.4_1 ZeroMQ core library (Version 4)
lightsquid-1.8_5 Light and fast web based squid proxy traffic analyser
lighttpd-1.4.44 Secure, fast, compliant, and flexible Web Server
links-2.9,1 Lynx-like text WWW browser
lmdb-0.9.18_1 OpenLDAP Lightning Memory-Mapped Database
lzo2-2.09 Portable speedy, lossless data compression library
minicron-0.0.2 very small cron
miniupnpd-1.9.20160113,1 UPnP IGD implementation which uses pf/ipf
mpd4-4.4.1_1 Multi-link PPP daemon based on netgraph(4)
mpd5-5.8 Multi-link PPP daemon based on netgraph(4)
mysql56-client-5.6.35_1 Multithreaded SQL database (client)
nettle-3.2 Low-level cryptographic library
nginx-1.10.1,2 Robust and small WWW server
ntp-4.2.8p8 The Network Time Protocol Distribution
oniguruma5-5.9.6_1 BSDL Regular Expressions library compatible with POSIX/GNU/Perl
openldap-client-2.4.44 Open source LDAP client implementation
openvpn-2.3.11 Secure IP/Ethernet tunnel daemon
p5-CGI-4.35 Handle Common Gateway Interface requests and responses
p5-GD-2.56_3 Perl5 interface to Gd Graphics Library version2
p5-HTML-Parser-3.72 Perl5 module for parsing HTML documents
p5-HTML-Tagset-3.20_1 Some useful data table in parsing HTML
pcre-8.39 Perl Compatible Regular Expressions library
pecl-radius-1.3.0 Radius client library for PHP
pecl-rrd-1.1.3_3 PHP bindings to rrd tool system
pecl-ssh2-0.12 PECL extension to the libssh2 library
pecl-zmq-1.1.3_1 PHP bindings for ZeroMQ
perl5-5.24.1.r4_1 Practical Extraction and Report Language
pfSense-2.3.2 Meta package to install pfSense required ports
pfSense-Status_Monitoring-1.4.4_2 pfSense Status Monitoring
pfSense-base-2.3.2 pfSense core files
pfSense-default-config-2.3.2 pfSense default config
pfSense-kernel-pfSense-2.3.2 pfSense kernel (pfSense)
pfSense-pkg-Lightsquid-3.0.6_4 pfSense package Lightsquid
pfSense-pkg-RRD_Summary-1.3.1_2 pfSense package RRD_Summary
pfSense-pkg-arping-1.2.2_1 pfSense package arping
pfSense-pkg-bind-9.11_3 BIND DNS suite with updated DNSSEC and DNS64
pfSense-pkg-freeradius2-1.7.8 pfSense package freeradius2
pfSense-pkg-squid-0.4.36_3 pfSense package squid
pfSense-pkg-squidGuard-1.16.1 pfSense package squidGuard
pfSense-rc-2.3.2 pfSense rc script
pfSense-repo-2.3.2_1 pfSense pkg repository configuration (stable)
pfsense-bind911-9.11.0P3 BIND DNS suite with updated DNSSEC and DNS64
pftop-0.7_6 Utility for real-time display of statistics for pf
php-suhosin-0.9.38 PHP extension that implements high-level protections
php-xdebug-2.4.0 Xdebug extension for PHP
php56-5.6.23 PHP Scripting Language
php56-bcmath-5.6.23 The bcmath shared extension for php
php56-bz2-5.6.23 The bz2 shared extension for php
php56-ctype-5.6.23 The ctype shared extension for php
php56-curl-5.6.23 The curl shared extension for php
php56-dom-5.6.23 The dom shared extension for php
php56-filter-5.6.23 The filter shared extension for php
php56-gettext-5.6.23 The gettext shared extension for php
php56-hash-5.6.23 The hash shared extension for php
php56-json-5.6.23 The json shared extension for php
php56-ldap-5.6.23 The ldap shared extension for php
php56-mbstring-5.6.23 The mbstring shared extension for php
php56-mcrypt-5.6.23 The mcrypt shared extension for php
php56-opcache-5.6.23_1 The opcache shared extension for php
php56-openssl-5.6.23 The openssl shared extension for php
php56-pcntl-5.6.23 The pcntl shared extension for php
php56-pdo-5.6.23 The pdo shared extension for php
php56-pdo_sqlite-5.6.23 The pdo_sqlite shared extension for php
php56-pfSense-module-0.12 Library for getting useful info
php56-posix-5.6.23 The posix shared extension for php
php56-readline-5.6.23 The readline shared extension for php
php56-session-5.6.23 The session shared extension for php
php56-shmop-5.6.23 The shmop shared extension for php
php56-simplexml-5.6.23 The simplexml shared extension for php
php56-sockets-5.6.23 The sockets shared extension for php
php56-sqlite3-5.6.23 The sqlite3 shared extension for php
php56-sysvmsg-5.6.23 The sysvmsg shared extension for php
php56-sysvsem-5.6.23 The sysvsem shared extension for php
php56-sysvshm-5.6.23 The sysvshm shared extension for php
php56-tokenizer-5.6.23 The tokenizer shared extension for php
php56-xml-5.6.23 The xml shared extension for php
php56-xmlreader-5.6.23 The xmlreader shared extension for php
php56-xmlwriter-5.6.23 The xmlwriter shared extension for php
php56-zlib-5.6.23 The zlib shared extension for php
pkg-1.9.4_1 Package manager
pkgconf-0.9.12_2 Utility to help to configure compiler and linker flags
png-1.6.21 Library for manipulating PNG images
postgresql93-client-9.3.15_1 PostgreSQL database (client)
python27-2.7.12 Interpreted object-oriented programming language
qstats-0.1_1 read dhpcd.lease file and add it to hosts file
radvd-1.9.1 Linux/BSD IPv6 router advertisement daemon
rate-0.9_1 Traffic analysis command-line utility
relayd-5.5.20140810_2 OpenBSD relay daemon
rrdtool-1.6.0_1 Round Robin Database Tools
scponly-4.8.20110526_2 Tiny shell that only permits scp and sftp
smartmontools-6.5_1 S.M.A.R.T. disk monitoring tools
sqlite3-3.13.0 SQL database engine in a C library
squid-3.5.23 HTTP Caching Proxy
squidGuard-1.4_15 Fast redirector for squid
squid_radius_auth-1.10 RADIUS authenticator for squid proxy 2.5 and later
squidclamav-6.14 Clamav c-icap service and redirector for Squid
ssh_tunnel_shell-0.1 SSH tunnel shell
sshlockout_pf-0.0.2 SSH lockout pf
strongswan-5.5.0 Open Source IKEv2 IPsec-based VPN solution
tiff-4.0.6_2 Tools and library routines for working with TIFF images
uclcmd-0.1 Command line tool for working with UCL config files
unbound-1.5.9 Validating, recursive, and caching DNS resolver
unzoo-4.4_2 ZOO archive extractor
voucher-0.1_2 Voucher support
vstr-1.0.15_1 General purpose string library for C
webp-0.5.2 Google WebP image format conversion tool
wol-0.7.1_2 Tool to wake up Wake-On-LAN compliant computers
wrapalixresetbutton-0.0.7 Utility to detect platform reset button state for use in scripting
xinetd-2.3.15_2 Replacement for inetd with better control and logging
25202 - Enumerate IPv6 Interfaces via SSH
Synopsis
Nessus was able to enumerate the IPv6 interfaces on the remote host.
Description
Nessus was able to enumerate the network interfaces configured with IPv6 addresses by connecting to the remote host via SSH using the supplied credentials.
Solution
Disable IPv6 if you are not actually using it. Otherwise, disable any unused IPv6 interfaces.
Risk Factor
None
Plugin Information:
Published: 2007/05/11, Modified: 2017/01/26
Plugin Output

tcp/0


The following IPv6 interfaces are set on the remote host :

- fe80::224:e8ff:fe42:6388 (on interface bce0)
- fe80::224:e8ff:fe42:638e (on interface bce3)
- ::1 (on interface lo0)
- fe80::1 (on interface lo0)
25203 - Enumerate IPv4 Interfaces via SSH
Synopsis
Nessus was able to enumerate the IPv4 interfaces on the remote host.
Description
Nessus was able to enumerate the network interfaces configured with IPv4 addresses by connecting to the remote host via SSH using the supplied credentials.
Solution
Disable any unused IPv4 interfaces.
Risk Factor
None
Plugin Information:
Published: 2007/05/11, Modified: 2017/01/26
Plugin Output

tcp/0


The following IPv4 addresses are set on the remote host :

- 36.66.212.106 (on interface bce0)
- 172.16.0.1 (on interface bce3)
- 127.0.0.1 (on interface lo0)
25220 - TCP/IP Timestamps Supported
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/05/16, Modified: 2011/03/20
Plugin Output

tcp/0

33276 - Enumerate MAC Addresses via SSH
Synopsis
Nessus was able to enumerate MAC addresses on the remote host.
Description
Nessus was able to enumerate MAC addresses by connecting to the remote host via SSH with the supplied credentials.
Solution
Disable any unused interfaces.
Risk Factor
None
Plugin Information:
Published: 2008/06/30, Modified: 2017/01/26
Plugin Output

tcp/0


The following MAC addresses exist on the remote host :

- 00:24:e8:42:63:8e (interface bce3)
- 00:24:e8:42:63:8c (interface bce2)
- 00:24:e8:42:63:88 (interface bce0)
- 00:24:e8:42:63:8a (interface bce1)
34098 - BIOS version (SSH)
Synopsis
The BIOS version could be read.
Description
Using the SMBIOS (aka DMI) interface, it was possible to get the BIOS vendor and version.
Solution
N/A
Risk Factor
None
Plugin Information:
Published: 2008/09/08, Modified: 2017/08/28
Plugin Output

tcp/0

Version : 1.1.4
Vendor : Dell Inc.
Release Date : 05/08/2009
UUID : 4C4C4544-0039-3110-8053-C2C04F323253
35351 - System Information Enumeration (via DMI)
Synopsis
Information about the remote system's hardware can be read.
Description
Using the SMBIOS (aka DMI) interface, it was possible to retrieve information about the remote system's hardware, such as its product name and serial number.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/01/12, Modified: 2016/08/17
Plugin Output

tcp/0

Chassis Information
Serial Number : B91S22S
Version : Not Specified
Manufacturer : Dell Inc.
Lock : Present
Type : Rack Mount Chassis

System Information
Serial Number : B91S22S
Version : Not Specified
Manufacturer : Dell Inc.
Product Name : PowerEdge R710
Family : Not Specified
35716 - Ethernet Card Manufacturer Detection
Synopsis
The manufacturer can be identified from the Ethernet OUI.
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are registered by IEEE.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/02/19, Modified: 2017/11/17
Plugin Output

tcp/0


The following card manufacturers were identified :

00:24:e8:42:63:8a : Dell Inc.
00:24:e8:42:63:8e : Dell Inc.
00:24:e8:42:63:88 : Dell Inc.
00:24:e8:42:63:8c : Dell Inc.
45432 - Processor Information (via DMI)
Synopsis
Nessus was able to read information about the remote system's processor.
Description
Nessus was able to retrieve information about the remote system's hardware, such as its processor type, by using the SMBIOS (aka DMI) interface.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/04/06, Modified: 2016/02/25
Plugin Output

tcp/0


Nessus detected 2 processors :

Current Speed : 2000 MHz
Version : Intel(R) Xeon(R) CPU E5504 @ 2.00GHz
Manufacturer : Intel
External Clock : 4800 MHz
Status : Populated, Enabled
Family : Xeon
Type : Central Processor

Current Speed : 2000 MHz
Version : Intel(R) Xeon(R) CPU E5504 @ 2.00GHz
Manufacturer : 80CE000080CE
External Clock : 4800 MHz
Status : Enabled
Family : Xeon
Type : Video
45433 - Memory Information (via DMI)
Synopsis
Information about the remote system's memory devices can be read.
Description
Using the SMBIOS (aka DMI) interface, it was possible to retrieve information about the remote system's memory devices, such as the total amount of installed memory.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/04/06, Modified: 2018/03/29
Plugin Output

tcp/0


Total memory : 2048 MB
45590 - Common Platform Enumeration (CPE)
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/04/21, Modified: 2017/06/06
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:freebsd:freebsd:10.3

Following application CPE matched on the remote system :

cpe:/a:openbsd:openssh:7.2
54615 - Device Type
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/05/23, Modified: 2011/05/23
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 100
55472 - Device Hostname
Synopsis
It was possible to determine the remote system hostname.
Description
This plugin reports a device's hostname collected via SSH or WMI.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/06/30, Modified: 2018/06/06
Plugin Output

tcp/0


Hostname : dino.poltekom.ac.id
dino.poltekom.ac.id (hostname command)
56310 - Firewall Rule Enumeration
Synopsis
A firewall is configured on the remote host.
Description
Using the supplied credentials, Nessus was able to get a list of firewall rules from the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/09/28, Modified: 2015/06/02
Plugin Output

tcp/0


By running "/sbin/pfctl -s queue", Nessus was able to get the
following list of firewall rules :

queue root_bce3 on bce3 bandwidth 1Gb priority 0 {qLink, qInternet}
queue qLink on bce3 bandwidth 200Mb qlimit 500 hfsc( red ecn default )
queue qInternet on bce3 bandwidth 5Mb hfsc( red ecn upperlimit 5Mb ) {qACK}
queue qACK on bce3 bandwidth 128Kb hfsc( red ecn linkshare 900Kb )
queue root_bce0 on bce0 bandwidth 4Mb priority 0 {qACK, qDefault}
queue qACK on bce0 bandwidth 720Kb hfsc( red ecn )
queue qDefault on bce0 bandwidth 360Kb hfsc( red ecn default )
By running "/sbin/pfctl -s nat", Nessus was able to get the
following list of firewall rules :

no nat proto carp all
nat-anchor "natearly/*" all
nat-anchor "natrules/*" all
nat on bce0 inet from 127.0.0.0/8 to any port = isakmp -> 36.66.212.106 static-port
nat on bce0 inet from 172.16.0.0/23 to any port = isakmp -> 36.66.212.106 static-port
nat on bce0 inet from 127.0.0.0/8 to any -> 36.66.212.106 port 1024:65535
nat on bce0 inet from 172.16.0.0/23 to any -> 36.66.212.106 port 1024:65535
no rdr proto carp all
rdr-anchor "relayd/*" all
rdr-anchor "tftp-proxy/*" all
rdr pass on bce3 inet proto udp from any to any port = tftp -> 127.0.0.1 port 6969
no rdr on bce3 inet proto tcp from 172.16.0.45 to any port = http
no rdr on bce3 inet proto tcp from 36.86.63.182 to any port = http
no rdr on bce3 inet proto tcp from any to 172.16.0.4 port = http
no rdr on bce3 inet proto tcp from any to 172.16.0.5 port = http
rdr pass on bce3 inet proto tcp from any to ! (bce3) port = http -> 127.0.0.1 port 3128
rdr-anchor "miniupnpd" all
By running "/sbin/pfctl -s rules", Nessus was able to get the
following list of firewall rules :

scrub on bce0 all fragment reassemble
scrub on bce3 all fragment reassemble
anchor "relayd/*" all
anchor "openvpn/*" all
anchor "ipsec/*" all
block drop in log quick inet from 169.254.0.0/16 to any label "Block IPv4 link-local"
block drop in log quick inet from any to 169.254.0.0/16 label "Block IPv4 link-local"
block drop in log inet all label "Default deny rule IPv4"
block drop out log inet all label "Default deny rule IPv4"
block drop in log inet6 all label "Default deny rule IPv6"
block drop out log inet6 all label "Default deny rule IPv6"
pass quick inet6 proto ipv6-icmp all icmp6-type unreach keep state
pass quick inet6 proto ipv6-icmp all icmp6-type toobig keep state
pass quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state
pass quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echorep keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echorep keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state
pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type echoreq keep state
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routersol keep state
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routeradv keep state
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbrsol keep state
pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbradv keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state
block drop log quick inet proto tcp from any port = 0 to any label "Block traffic from port 0"
block drop log quick inet proto udp from any port = 0 to any label "Block traffic from port 0"
block drop log quick inet proto tcp from any to any port = 0 label "Block traffic to port 0"
block drop log quick inet proto udp from any to any port = 0 label "Block traffic to port 0"
block drop log quick inet6 proto tcp from any port = 0 to any label "Block traffic from port 0"
block drop log quick inet6 proto udp from any port = 0 to any label "Block traffic from port 0"
block drop log quick inet6 proto tcp from any to any port = 0 label "Block traffic to port 0"
block drop log quick inet6 proto udp from any to any port = 0 label "Block traffic to port 0"
block drop log quick from <snort2c> to any label "Block snort2c hosts"
block drop log quick from any to <snort2c> label "Block snort2c hosts"
block drop in log quick proto tcp from <sshlockout> to (self) port = anet label "sshlockout"
block drop in log quick proto tcp from <webConfiguratorlockout> to (self) port = http label "webConfiguratorlockout"
block drop in log quick from <virusprot> to any label "virusprot overload table"
block drop in log quick on bce0 from <bogons> to any label "block bogon IPv4 networks from WAN"
block drop in log quick on bce0 from <bogonsv6> to any label "block bogon IPv6 networks from WAN"
block drop in log on ! bce0 inet from 36.66.212.104/29 to any
block drop in log inet from 36.66.212.106 to any
block drop in log on bce0 inet6 from fe80::224:e8ff:fe42:6388 to any
block drop in log quick on bce0 inet from 10.0.0.0/8 to any label "Block private networks from WAN block 10/8"
block drop in log quick on bce0 inet from 127.0.0.0/8 to any label "Block private networks from WAN block 127/8"
block drop in log quick on bce0 inet from 172.16.0.0/12 to any label "Block private networks from WAN block 172.16/12"
block drop in log quick on bce0 inet from 192.168.0.0/16 to any label "Block private networks from WAN block 192.168/16"
block drop in log quick on bce0 inet6 from fc00::/7 to any label "Block ULA networks from WAN block fc00::/7"
block drop in log on ! bce3 inet from 172.16.0.0/23 to any
block drop in log inet from 172.16.0.1 to any
block drop in log on bce3 inet6 from fe80::224:e8ff:fe42:638e to any
pass in quick on bce3 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
pass in quick on bce3 inet proto udp from any port = bootpc to 172.16.0.1 port = bootps keep state label "allow access to DHCP server"
pass out quick on bce3 inet proto udp from 172.16.0.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
pass quick on bce3 inet6 proto udp from fe80::/10 to fe80::/10 port = dhcpv6-client keep state label "allow access to DHCPv6 server"
pass quick on bce3 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-client keep state label "allow access to DHCPv6 server"
pass quick on bce3 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-server keep state label "allow access to DHCPv6 server"
pass quick on bce3 inet6 proto udp from ff02::/16 to fe80::/10 port = dhcpv6-server keep state label "allow access to DHCPv6 server"
pass in on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
pass out on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
pass in on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
pass out on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
pass out inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself"
pass out inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself"
pass out route-to (bce0 36.66.212.105) inet from 36.66.212.106 to ! 36.66.212.104/29 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass in quick on bce3 proto tcp from any to (bce3) port = http flags S/SA keep state label "anti-lockout rule"
pass in quick on bce3 proto tcp from any to (bce3) port = anet flags S/SA keep state label "anti-lockout rule"
anchor "userrules/*" all
block drop in log on bce3 inet from <hotspot_mhs> to any label "USER_RULE: Penalty Box"
block drop in quick on bce0 reply-to (bce0 36.66.212.105) inet proto udp from any port = netbios-ns to any port = netbios-ns label "USER_RULE: wannacry block port 5"
block drop in quick on bce0 reply-to (bce0 36.66.212.105) inet proto tcp from any port = rdp to any port = rdp flags S/SA label "USER_RULE: wannacry block port 4"
block drop in quick on bce0 reply-to (bce0 36.66.212.105) inet proto tcp from any port = microsoft-ds to any port = microsoft-ds flags S/SA label "USER_RULE: wannacry block port 3"
block drop in log quick on bce0 reply-to (bce0 36.66.212.105) inet proto tcp from any port = netbios-ssn to any port = netbios-ssn flags S/SA label "USER_RULE: wannacry block port 2"
block drop in log quick on bce0 reply-to (bce0 36.66.212.105) inet proto tcp from any port = netbios-ns to any port = netbios-ns flags S/SA label "USER_RULE: wannacry block port 1"
pass in log quick on bce3 inet proto tcp all flags S/SA keep state label "USER_RULE"
pass in log quick on bce3 inet proto udp all keep state label "USER_RULE"
pass in quick on bce3 inet proto tcp from any to any port = 1234 flags S/SA keep state label "USER_RULE: proxysquid"
pass in quick on bce3 inet proto tcp from any to any port 79 >< 444 flags S/SA keep state label "USER_RULE: Default allow LAN to any rule"
pass in quick on bce3 inet proto udp from any to any port 79 >< 444 keep state label "USER_RULE: Default allow LAN to any rule"
pass in quick on bce3 inet proto tcp from any to any port = domain flags S/SA keep state label "USER_RULE: Allow DNS Port"
pass in quick on bce3 inet proto udp from any to any port = domain keep state label "USER_RULE: Allow DNS Port"
pass in quick on bce3 inet proto icmp all keep state label "USER_RULE: Allow ICMP"
pass in quick on bce3 inet proto tcp from any to any port 20 >< 70 flags S/SA keep state label "USER_RULE: Allow FTP Port"
pass in quick on bce3 inet proto udp from any to any port 20 >< 70 keep state label "USER_RULE: Allow FTP Port"
pass in quick on bce3 inet proto tcp from any to any port 109 >< 996 flags S/SA keep state label "USER_RULE: Allow POP Port"
pass in quick on bce3 inet proto udp from any to any port 109 >< 996 keep state label "USER_RULE: Allow POP Port"
pass in quick on bce3 inet proto tcp from any to any port 24 >< 466 flags S/SA keep state label "USER_RULE: Allow Port SMTP"
pass in quick on bce3 inet proto udp from any to any port 24 >< 466 keep state label "USER_RULE: Allow Port SMTP"
pass in quick on bce3 inet proto tcp from any to any port = ntp flags S/SA keep state label "USER_RULE: Allow NTP Port"
pass in quick on bce3 inet proto udp from any to any port = ntp keep state label "USER_RULE: Allow NTP Port"
pass in quick on bce3 inet proto tcp from any to any port = ssh flags S/SA keep state label "USER_RULE: Allow SSH Port"
pass in quick on bce3 inet proto tcp from any to any port 2081 >< 2084 flags S/SA keep state label "USER_RULE: Allow CPanel Port"
pass in quick on bce3 inet proto udp from any to any port 2081 >< 2084 keep state label "USER_RULE: Allow CPanel Port"
pass in quick on bce3 inet proto tcp from 172.16.0.0/23 to any port = ldap flags S/SA keep state label "USER_RULE: allow LDAP"
pass in quick on bce3 inet proto udp from 172.16.0.0/23 to any port = ldap keep state label "USER_RULE: allow LDAP"
pass in quick on bce3 inet proto tcp from 172.16.0.0/23 to any port = mysql flags S/SA keep state label "USER_RULE: Allow MySQL"
pass in quick on bce3 inet proto udp from 172.16.0.0/23 to any port = mysql keep state label "USER_RULE: Allow MySQL"
pass in quick on bce3 inet proto tcp from 172.16.0.0/23 to any port = 1812 flags S/SA keep state label "USER_RULE: Allow Radius"
pass in quick on bce3 inet proto udp from 172.16.0.0/23 to any port = radius keep state label "USER_RULE: Allow Radius"
pass in quick on bce3 inet proto tcp from 172.16.0.0/23 to any port = 1813 flags S/SA keep state label "USER_RULE: Allow Radius Accounting"
pass in quick on bce3 inet proto udp from 172.16.0.0/23 to any port = radacct keep state label "USER_RULE: Allow Radius Accounting"
pass in quick on bce3 inet proto tcp from any to any port = snmp flags S/SA keep state label "USER_RULE: Allow SNMP service"
pass in quick on bce3 inet proto udp from any to any port = snmp keep state label "USER_RULE: Allow SNMP service"
anchor "tftp-proxy/*" all
pass in quick on bce3 proto tcp from any to (bce3) port = 3128 flags S/SA keep state
pass in quick on bce3 proto tcp from any to (bce3) port = 3129 flags S/SA keep state
pass in quick on lo0 proto tcp from any to (lo0) port = 3128 flags S/SA keep state
pass in quick on lo0 proto tcp from any to (lo0) port = 3129 flags S/SA keep state
56468 - Time of Last System Startup
Synopsis
The system has been started.
Description
Using the supplied credentials, Nessus was able to determine when the host was last started.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/10/12, Modified: 2015/08/21
Plugin Output

tcp/0


shutdown time Tue Apr 25 12:38
shutdown time Tue Apr 25 11:28
shutdown time Wed Jan 25 11:50
shutdown time Fri Oct 28 07:36

utx.log begins Thu Oct 27 07:48:23 WIB 2016
58651 - Netstat Active Connections
Synopsis
Active connections are enumerated via the 'netstat' command.
Description
This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2012/04/10, Modified: 2018/05/16
Plugin Output

tcp/0


Netstat output :
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 172.16.0.1.212 172.16.1.201.42440 ESTABLISHED
tcp4 0 0 172.16.0.1.80 172.16.1.201.37634 ESTABLISHED
tcp4 0 0 36.66.212.106.50985 36.66.212.108.80 ESTABLISHED
tcp4 0 0 172.16.0.1.212 172.16.1.201.35242 FIN_WAIT_2
tcp4 0 0 36.66.212.106.50980 36.66.212.108.80 ESTABLISHED
tcp4 440 0 127.0.0.1.3128 172.16.1.201.47750 CLOSED
tcp4 0 0 172.16.0.1.212 172.16.1.201.34402 ESTABLISHED
tcp4 0 0 127.0.0.1.3128 172.16.1.7.16537 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.7.16501 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.7.16494 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.7.16014 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.7.16000 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.7.15999 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.7.15998 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.7.15995 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.7.15852 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.7.15851 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.7.15621 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.7.15619 CLOSED
tcp4 233 0 127.0.0.1.3128 172.16.1.15.54888 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.15.54852 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.15.54832 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.15.54830 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.15.54787 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38548 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38547 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38492 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38389 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38388 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38375 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38374 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38343 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38341 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38331 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38330 CLOSED
tcp4 238 0 127.0.0.1.3128 172.16.1.8.38329 CLOSED
tcp4 238 0 127.0.0.1.3128 172.16.1.8.38328 CLOSED
tcp4 238 0 127.0.0.1.3128 172.16.1.8.38327 CLOSED
tcp4 238 0 127.0.0.1.3128 172.16.1.8.38326 CLOSED
tcp4 238 0 127.0.0.1.3128 172.16.1.8.38325 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38324 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38323 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38322 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38307 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38306 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38296 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38253 CLOSED
tcp4 230 0 127.0.0.1.3128 172.16.1.8.38252 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38245 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38243 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38242 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38241 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38240 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38239 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38238 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38192 CLOSED
tcp4 0 0 127.0.0.1.3128 172.16.1.8.38187 CLOSED
tcp4 0 0 127.0.0.1.953 *.* LISTEN
tcp6 0 0 *.1234 *.* LISTEN
tcp4 0 0 *.1234 *.* LISTEN
tcp4 0 0 127.0.0.1.3128 *.* LISTEN
tcp4 0 0 172.16.0.1.3128 *.* LISTEN
tcp6 0 0 *.53 *.* LISTEN
tcp4 0 0 *.53 *.* LISTEN
tcp6 0 0 *.80 *.* LISTEN
tcp4 0 0 *.80 *.* LISTEN
tcp4 0 0 *.212 *.* LISTEN
tcp6 0 0 *.212 *.* LISTEN
udp4 0 0 *.67 *.*
udp6 0 0 *.43430 *.*
udp4 0 0 *.9824 *.*
udp4 0 0 *.50549 *.*
udp46 0 0 *.1776 *.*
udp4 0 0 *.514 *.*
udp6 0 0 *.514 *.*
udp6 0 0 *.53 *.*
udp4 0 0 *.53 *.*
udp6 0 0 fe80::1%lo0.123 *.*
udp6 0 0 ::1.123 *.*
udp4 0 0 127.0.0.1.123 *.*
udp4 0 0 172.16.0.1.123 *.*
udp6 0 0 fe80::224:e8ff:f.123 *.*
udp4 0 0 36.66.212.106.123 *.*
udp6 0 0 fe80::224:e8ff:f.123 *.*
udp4 0 0 *.123 *.*
udp6 0 0 *.123 *.*
udp4 0 0 127.0.0.1.6969 *.*
udp6 0 0 *.* *.*
udp4 0 0 *.* *.*
ip 4 0 0 *.* *.*
icm4 0 0 *.* *.*
icm4 0 0 36.66.212.106.* *.*
icm4 90168 0 36.66.212.106.* *.*
ip64 0 0 *.* *.*
Netgraph sockets
Type Recv-Q Send-Q Node Address #Hooks
ctrl 0 0 [7]: 0
64582 - Netstat Connection Information
Synopsis
Nessus was able to parse the results of the 'netstat' command on the remote host.
Description
The remote host has listening ports or established connections that Nessus was able to extract from the results of the 'netstat' command.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/02/13, Modified: 2018/05/16
Plugin Output

tcp/0

tcp4 (established)
src: [host=172.16.0.1, port=212]
dst: [host=172.16.1.201, port=42440]

tcp4 (established)
src: [host=172.16.0.1, port=80]
dst: [host=172.16.1.201, port=37634]

tcp4 (established)
src: [host=36.66.212.106, port=50985]
dst: [host=36.66.212.108, port=80]

tcp4 (established)
src: [host=172.16.0.1, port=212]
dst: [host=172.16.1.201, port=35242]

tcp4 (established)
src: [host=36.66.212.106, port=50980]
dst: [host=36.66.212.108, port=80]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.201, port=47750]

tcp4 (established)
src: [host=172.16.0.1, port=212]
dst: [host=172.16.1.201, port=34402]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.7, port=16537]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.7, port=16501]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.7, port=16494]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.7, port=16014]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.7, port=16000]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.7, port=15999]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.7, port=15998]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.7, port=15995]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.7, port=15852]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.7, port=15851]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.7, port=15621]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.7, port=15619]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.15, port=54888]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.15, port=54852]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.15, port=54832]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.15, port=54830]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.15, port=54787]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38548]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38547]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38492]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38389]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38388]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38375]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38374]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38343]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38341]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38331]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38330]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38329]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38328]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38327]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38326]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38325]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38324]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38323]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38322]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38307]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38306]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38296]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38253]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38252]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38245]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38243]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38242]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38241]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38240]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38239]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38238]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38192]

tcp4 (established)
src: [host=127.0.0.1, port=3128]
dst: [host=172.16.1.8, port=38187]

tcp4 (listen)
src: [host=127.0.0.1, port=953]
dst: [host=*, port=*]

tcp6 (listen)
src: [host=*, port=1234]
dst: [host=*, port=*]

tcp4 (listen)
src: [host=*, port=1234]
dst: [host=*, port=*]

tcp4 (listen)
src: [host=127.0.0.1, port=3128]
dst: [host=*, port=*]

tcp4 (listen)
src: [host=172.16.0.1, port=3128]
dst: [host=*, port=*]

tcp6 (listen)
src: [host=*, port=53]
dst: [host=*, port=*]

tcp4 (listen)
src: [host=*, port=53]
dst: [host=*, port=*]

tcp6 (listen)
src: [host=*, port=80]
dst: [host=*, port=*]

tcp4 (listen)
src: [host=*, port=80]
dst: [host=*, port=*]

tcp4 (listen)
src: [host=*, port=212]
dst: [host=*, port=*]

tcp6 (listen)
src: [host=*, port=212]
dst: [host=*, port=*]

udp4 (listen)
src: [host=*, port=67]
dst: [host=*, port=*]

udp6 (listen)
src: [host=*, port=43430]
dst: [host=*, port=*]

udp4 (listen)
src: [host=*, port=9824]
dst: [host=*, port=*]

udp4 (listen)
src: [host=*, port=50549]
dst: [host=*, port=*]

udp46 (listen)
src: [host=*, port=1776]
dst: [host=*, port=*]

udp4 (listen)
src: [host=*, port=514]
dst: [host=*, port=*]

udp6 (listen)
src: [host=*, port=514]
dst: [host=*, port=*]

udp6 (listen)
src: [host=*, port=53]
dst: [host=*, port=*]

udp4 (listen)
src: [host=*, port=53]
dst: [host=*, port=*]

udp6 (listen)
src: [host=fe80::1%lo0, port=123]
dst: [host=*, port=*]

udp6 (listen)
src: [host=::1, port=123]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=123]
dst: [host=*, port=*]

udp4 (listen)
src: [host=172.16.0.1, port=123]
dst: [host=*, port=*]

udp6 (listen)
src: [host=fe80::224:e8ff:f, port=123]
dst: [host=*, port=*]

udp4 (listen)
src: [host=36.66.212.106, port=123]
dst: [host=*, port=*]

udp6 (listen)
src: [host=fe80::224:e8ff:f, port=123]
dst: [host=*, port=*]

udp4 (listen)
src: [host=*, port=123]
dst: [host=*, port=*]

udp6 (listen)
src: [host=*, port=123]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=6969]
dst: [host=*, port=*]

udp46 (listen)
src: [host=36.66.212.106, port=*]
dst: [host=*, port=*]

udp4 (listen)
src: [host=36.66.212.106, port=*]
dst: [host=*, port=*]
66334 - Patch Report
Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.
Solution
Install the patches listed below.
Risk Factor
None
Plugin Information:
Published: 2013/07/08, Modified: 2018/06/08
Plugin Output

tcp/0



. You need to take the following 28 actions :


[ FreeBSD : FreeRADIUS -- TLS resumption authentication bypass (673dce46-46d0-11e7-a539-0050569f7e80) (100581) ]

+ Action to take : Update the affected packages.


[ FreeBSD : OpenVPN -- out-of-bounds write in legacy key-method 1 (3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8) (103523) ]

+ Action to take : Update the affected packages.

+Impact : Taking this action will resolve 8 different vulnerabilities (CVEs).



[ FreeBSD : PHP -- denial of service attack (de7a2b32-bd7d-11e7-b627-d43d7e971a1b) (104266) ]

+ Action to take : Update the affected packages.

+Impact : Taking this action will resolve 20 different vulnerabilities (CVEs).



[ FreeBSD : PostgreSQL vulnerabilities (414c18bf-3653-11e7-9550-6cc21735f730) (100141) ]

+ Action to take : Update the affected packages.

+Impact : Taking this action will resolve 2 different vulnerabilities (CVEs).



[ FreeBSD : SQLite -- Corrupt DB can cause a NULL pointer dereference (6d52bda1-2e54-11e8-a68f-485b3931c969) (108574) ]

+ Action to take : Update the affected package.

+Impact : Taking this action will resolve 2 different vulnerabilities (CVEs).



[ FreeBSD : arj -- multiple vulnerabilities (b95e5674-b4d6-11e7-b895-0cc47a494882) (103999) ]

+ Action to take : Update the affected package.

+Impact : Taking this action will resolve 3 different vulnerabilities (CVEs).



[ FreeBSD : cURL -- multiple vulnerabilities (04fe6c8d-2a34-4009-a81e-e7a7e759b5d2) (109877) ]

+ Action to take : Update the affected package.

+Impact : Taking this action will resolve 28 different vulnerabilities (CVEs).



[ FreeBSD : clamav -- multiple vulnerabilities (b464f61b-84c7-4e1c-8ad4-6cf9efffd025) (106427) ]

+ Action to take : Update the affected package.

+Impact : Taking this action will resolve 7 different vulnerabilities (CVEs).



[ FreeBSD : dnsmasq -- multiple vulnerabilities (b77b5646-a778-11e7-ac58-b499baebfeaf) (103620) ]

+ Action to take : Update the affected packages.

+Impact : Taking this action will resolve 7 different vulnerabilities (CVEs).



[ FreeBSD : freetype2 -- buffer overflows (4a088d67-3af2-11e7-9d75-c86000169601) (100283) ]

+ Action to take : Update the affected package.

+Impact : Taking this action will resolve 2 different vulnerabilities (CVEs).



[ FreeBSD : isc-dhcp -- Multiple vulnerabilities (2040c7f5-1e3a-11e8-8ae9-0050569f0b83) (107126) ]

+ Action to take : Update the affected packages.

+Impact : Taking this action will resolve 2 different vulnerabilities (CVEs).



[ FreeBSD : krb5 -- Multiple vulnerabilities (3f3837cc-48fb-4414-aa46-5b1c23c9feae) (103953) ]

+ Action to take : Update the affected packages.

+Impact : Taking this action will resolve 2 different vulnerabilities (CVEs).



[ FreeBSD : libevent -- multiple vulnerabilities (b8ee7a81-a879-4358-9b30-7dd1bd4c14b1) (99556) ]

+ Action to take : Update the affected packages.

+Impact : Taking this action will resolve 3 different vulnerabilities (CVEs).



[ FreeBSD : libgd -- Denial of servica via double free (a60a2e95-acba-4b11-bc32-ffb47364e07d) (103480) ]

+ Action to take : Update the affected package.


[ FreeBSD : libidn -- multiple vulnerabilities (cb5189eb-572f-11e6-b334-002590263bf5) (92652) ]

+ Action to take : Update the affected package.

+Impact : Taking this action will resolve 4 different vulnerabilities (CVEs).



[ FreeBSD : libxml2 -- Multiple Issues (76e59f55-4f7a-4887-bcb0-11604004163a) (105216) ]

+ Action to take : Update the affected package.

+Impact : Taking this action will resolve 19 different vulnerabilities (CVEs).



[ FreeBSD : nginx -- a specially crafted request might result in an integer overflow (b28adc5b-6693-11e7-ad43-f0def16c5c1b) (101381) ]

+ Action to take : Update the affected packages.


[ FreeBSD : ntp -- multiple vulnerabilities (af485ef4-1c58-11e8-8477-d05099c0ae8c) (107046) ]

+ Action to take : Update the affected packages.

+Impact : Taking this action will resolve 16 different vulnerabilities (CVEs).



[ FreeBSD : oniguruma -- multiple vulnerabilities (b396cf6c-62e6-11e7-9def-b499baebfeaf) (101332) ]

+ Action to take : Update the affected packages.

+Impact : Taking this action will resolve 4 different vulnerabilities (CVEs).



[ FreeBSD : perl -- multiple vulnerabilities (41c96ffd-29a6-4dcc-9a88-65f5038fa6eb) (109051) ]

+ Action to take : Update the affected packages.

+Impact : Taking this action will resolve 6 different vulnerabilities (CVEs).



[ FreeBSD : php-gd and gd -- Buffer over-read into uninitialized memory (5033e2fc-98ec-4ef5-8e0b-87cfbbc73081) (103478) ]

+ Action to take : Update the affected packages.


[ FreeBSD : python 2.7 -- multiple vulnerabilities (8719b935-8bae-41ad-92ba-3c826f651219) (109594) ]

+ Action to take : Update the affected package.

+Impact : Taking this action will resolve 8 different vulnerabilities (CVEs).



[ FreeBSD : squid -- Vulnerable to Denial of Service attack (d5b6d151-1887-11e8-94f7-9c5c8e75236a) (106995) ]

+ Action to take : Update the affected packages.

+Impact : Taking this action will resolve 2 different vulnerabilities (CVEs).



[ FreeBSD : strongswan -- Fix Denial-of-Service Vulnerability strongSwan (CVE-2018-10811, CVE-2018-5388) (7fc3e827-64a5-11e8-aedb-00224d821998) (110274) ]

+ Action to take : Update the affected package.

+Impact : Taking this action will resolve 4 different vulnerabilities (CVEs).



[ FreeBSD : tiff -- multiple vulnerabilities (2a96e498-3234-4950-a9ad-419bc84a839d) (99551) ]

+ Action to take : Update the affected packages.

+Impact : Taking this action will resolve 20 different vulnerabilities (CVEs).



[ FreeBSD : tiff -- multiple vulnerabilities (b38e8150-0535-11e8-96ab-0800271d4b9c) (106700) ]

+ Action to take : Update the affected package.

+Impact : Taking this action will resolve 3 different vulnerabilities (CVEs).



[ FreeBSD : unbound -- vulnerability in the processing of wildcard synthesized NSEC records (8d3bae09-fd28-11e7-95f2-005056925db4) (106214) ]

+ Action to take : Update the affected package.


[ Network Time Protocol Daemon (ntpd) read_mru_list() Remote DoS (95389) ]

+ Action to take : Upgrade to NTP version 4.2.8p9 or later.

83303 - Unix / Linux - Local Users Information : Passwords Never Expire
Synopsis
At least one local user has a password that never expires.
Description
Using the supplied credentials, Nessus was able to list local users that are enabled and whose passwords never expire.
Solution
Allow or require users to change their passwords regularly.
Risk Factor
None
References
XREF OSVDB:755
Plugin Information:
Published: 2015/05/10, Modified: 2018/05/16
Plugin Output

tcp/0


Nessus found the following unlocked users with passwords that do not expire :
- root
- admin
97993 - OS Identification and Installed Software Enumeration over SSH v2 (Using New SSH Library)
Synopsis
Information about the remote host can be disclosed via an authenticated session.
Description
Nessus was able to login to the remote host using SSH or local commands and extract the list of installed packages.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2017/05/30, Modified: 2018/06/11
Plugin Output

tcp/0


It was possible to log into the remote host via SSH using 'password' authentication.

The output of "uname -a" is :
FreeBSD dino.poltekom.ac.id 10.3-RELEASE-p5 FreeBSD 10.3-RELEASE-p5 #0 7307492(RELENG_2_3_2): Tue Jul 19 13:29:35 CDT 2016 root@ce23-amd64-builder:/builder/pfsense-232/tmp/obj/builder/pfsense-232/tmp/FreeBSD-src/sys/pfSense amd64

Local security checks have been enabled for this host.
Runtime : 3.582170 seconds
102094 - SSH Commands Require Privilege Escalation
Synopsis
This plugin reports the SSH commands that failed with a response indicating that privilege escalation is required to run them.
Description
This plugin reports the SSH commands that failed with a response indicating that privilege escalation is required to run them. Either privilege escalation credentials were not provided, or the command failed to run with the provided privilege escalation credentials.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2017/08/01, Modified: 2018/05/24
Plugin Output

tcp/0


Login account : root
Commands failed due to lack of privilege escalation :
- Escalation account : (none)
Escalation method : (none)
Plugins :
- Plugin Filename : eset_nod32av_installed_linux.nasl
Plugin ID : 105255
Plugin Name : ESET NOD32 Antivirus for Linux Installed
- Command : "perl -pe 's/[^ -~]/\\n/g' < /opt/eset/esets/sbin/esets_scan | grep 'ESET Command-line scanner, version %s' -A2 | tail -1"
Response : null
Error : "\ncannot open /opt/eset/esets/sbin/esets_scan: No such file or directory\n"
- Plugin Filename : symantec_backup_exec_ralus_installed.nasl
Plugin ID : 69261
Plugin Name : Symantec Backup Exec Remote Agent for Linux and UNIX Servers (RALUS) Installed
- Command : "perl -pe 's/[^ -~]/\\n/g' < /opt/VRTSralus/bin/beremote | grep Version"
Response : null
Error : "\ncannot open /opt/VRTSralus/bin/beremote: No such file or directory\n"
- Command : "perl -pe 's/[^ -~]/\\n/g' </etc/bkupexec/agent.be | grep Version"
Response : null
Error : "\ncannot open /etc/bkupexec/agent.be: No such file or directory\n"
106952 - pfSense Detection
Synopsis
The remote host is a firewall.
Description
The remote host is pfSense, an open source firewall based on FreeBSD.

It is possible to read the version by either using SNMP or viewing the web interface after logging in.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2018/02/22, Modified: 2018/05/21
Plugin Output

tcp/0


Source : HTTPS
Version : unknown

10287 - Traceroute Information
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 1999/11/27, Modified: 2017/08/22
Plugin Output

udp/0

For your information, here is the traceroute from 172.16.1.201 to 172.16.0.1 :
172.16.1.201
172.16.0.1

Hop Count: 1

104410 - Authentication Failure(s) for Provided Credentials
Synopsis
Nessus was unable to log into the detected operating system or database, using the provided credentials, in order to perform credentialed checks.
Description
Nessus was not able to execute credentialed checks because it was not possible to log into the detected operating system or database using the credentials that have been provided.
Solution
Address the reported problem(s) so that credentialed checks can be executed.
Risk Factor
None
Plugin Information:
Published: 2017/11/06, Modified: 2017/12/19
Plugin Output

tcp/22


Nessus was unable to log into the following host for which
credentials have been provided :

Protocol : SSH
Port : 22
Failure details :
root > Server did not reply with SSH_MSG_USERAUTH_INFO_REQUEST during keyboard-interactive exchange.

11002 - DNS Server Detection
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.
See Also
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information:
Published: 2003/02/13, Modified: 2017/05/16
Plugin Output

tcp/53

72779 - DNS Server Version Detection
Synopsis
Nessus was able to obtain version information on the remote DNS server.
Description
Nessus was able to obtain version information by sending a special TXT record query to the remote host.

Note that this version is not necessarily accurate and could even be forged, as some DNS servers send the information based on a configuration file.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2014/03/03, Modified: 2014/11/05
Plugin Output

tcp/53


DNS server answer for "version.bind" (over TCP) :

dnsmasq-2.76

12217 - DNS Server Cache Snooping Remote Information Disclosure
Synopsis
The remote DNS server is vulnerable to cache snooping attacks.
Description
The remote DNS server responds to queries for third-party domains that do not have the recursion bit set.

This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited.

For instance, if an attacker was interested in whether your company utilizes the online services of a particular financial institution, they would be able to use this attack to build a statistical model regarding company usage of that financial institution. Of course, the attack can also be used to find B2B partners, web-surfing patterns, external mail servers, and more.

Note: If this is an internal DNS server not accessible to outside networks, attacks would be limited to the internal network. This may include employees, consultants and potentially users on a guest network or WiFi connection if supported.
See Also
Solution
Contact the vendor of the DNS software for a fix.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2004/04/27, Modified: 2016/12/06
Plugin Output

udp/53


Nessus sent a non-recursive query for example.com
and received 1 answer :

93.184.216.34
14272 - Netstat Portscanner (SSH)
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/05/30
Plugin Output

udp/53

Port 53/udp was found to be open

14272 - Netstat Portscanner (SSH)
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/05/30
Plugin Output

udp/67

Port 67/udp was found to be open

10107 - HTTP Server Type and Version
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/01/04, Modified: 2018/05/23
Plugin Output

tcp/80

The remote web server type is :

nginx
14272 - Netstat Portscanner (SSH)
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/05/30
Plugin Output

tcp/80

Port 80/tcp was found to be open
22964 - Service Detection
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2018/05/03
Plugin Output

tcp/80

A web server is running on this port.
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/01/30, Modified: 2017/11/13
Plugin Output

tcp/80


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Server: nginx
Date: Mon, 25 Jun 2018 10:23:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 25 Jun 2018 10:23:38 GMT
X-Frame-Options: SAMEORIGIN
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: SAMEORIGIN

Response Body :

<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="/css/pfSense.css" />
<title>Login</title>
<script type="text/javascript">
//<![CDATA{
var events = events || [];
//]]>
</script>
<script type="text/javascript">if (top != self) {top.location.href = self.location.href;}</script><script type="text/javascript">var csrfMagicToken = "sid:d37bba340ac36b488736362bb94b9954513e9ec8,1529922218";var csrfMagicName = "__csrf_magic";</script><script src="/csrf/csrf-magic.js" type="text/javascript"></script></head>
<body id="login" class="no-menu">
<div id="jumbotron">
<div class="container">
<div class="col-sm-offset-3 col-sm-6 col-xs-12">

<div class="panel panel-default">
<div class="panel-heading">
<h2 class="panel-title">Login to pfSense</h2>
</div>

<div class="panel-body">
<div class="alert alert-warning hidden" id="no_cookies">The browser must support cookies to login.</div>

<form method="post" action="/index.php" class="form-horizontal"><input type='hidden' name='__csrf_magic' value="sid:d37bba340ac36b488736362bb94b9954513e9ec8,1529922218" />
<div class="form-group">
<label for="usernamefld" class="col-sm-3 control-label">Username</label>
<div class="col-sm-9 col-md-7">
<input type="text" class="form-control" name="usernamefld" id="usernamefld" placeholder="Enter your username" autocorrect="off" autocapitalize="none" spellcheck="false">
</div>
</div>

<div class="form-group">
<label for="passwordfld" class="col-sm-3 control-label">Password</label>
<div class="col-sm-9 col-md-7">
<input type="password" class="form-control" name="passwordfld" id="passwordfld" placeholder="Enter your password">
</div>
</div>

<div class="form-group">
<div class="col-sm-offset-3 col-sm-9 col-md-7">
<button type="submit" class="btn btn-primary" name="login">Login</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>

<script type="text/javascript">
//!<[CDATA[
events.push(function() {
document.cookie=
"cookie_test=1" +
"";

if (document.cookie.indexOf("cookie_test") == -1)
document.getElementById("no_cookies").style.display="";
else
document.getElementById("no_cookies").style.display="none";

// Delete it
document.cookie = "cookie_test=1; expires=Thu, 01-Jan-1970 00:00:01 GMT";
});
//]]>
</script>
</div>
<footer class="footer">
<div class="container">
<p class="text-muted">
<a id="tpl" style="display: none;" href="#" title="Top of page"><i class="fa fa-caret-square-o-up pull-left"></i></a>
<a target="_blank" href="https://www.pfsense.org/?gui=bootstrap">pfSense</a> is &copy;
2004 - 2018 by <a href="https://pfsense.org/license" class="tblnk">Electric Sheep Fencing LLC</a>. All Rights Reserved.
[<a href="/license.php" class="tblnk">view license</a>]
<a id="tpr" style="display: none;" href="#" title="Top of page"><i class="fa fa-caret-square-o-up pull-right"></i></a>
</p>
</div>
</footer>

<script src="/vendor/jquery/jquery-1.12.0.min.js"></script>
<script src="/vendor/jquery/jquery-ui-1.11.4.min.js"></script>
<script src="/vendor/bootstrap/js/bootstrap.min.js"></script>
<script src="/js/pfSense.js"></script>
<script src="/js/pfSenseHelpers.js"></script>
<script src="/js/polyfills.js"></script>
<script src="/vendor/sortable/sortable.js"></script>

<script type="text/javascript">
//<![CDATA[
// Un-hide the "Top of page" icons if the page is larger than the window
if ($(document).height() > $(window).height()) {
$('[id^=tp]').show();
}
//]]>
</script>
<script type="text/javascript">CsrfMagic.end();</script></body>
</html>
106198 - pfSense Web Interface Detection
Synopsis
The web interface for a firewall was detected on the remote host.
Description
The web interface for pfSense was detected on the remote host.
pfSense is an open source firewall based on FreeBSD.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2018/01/19, Modified: 2018/06/01
Plugin Output

tcp/80


URL : http://dino.poltekom.ac.id/
Version : unknown
Note : Please specify HTTP username and password to retrieve version information.
106375 - nginx HTTP Server Detection
Synopsis
The nginx HTTP server was detected on the remote host.
Description
Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2018/01/26, Modified: 2018/01/26
Plugin Output

tcp/80


URL : http://dino.poltekom.ac.id/
Version : unknown
source : Server: nginx
106658 - JQuery Detection
Synopsis
The web server on the remote host uses JQuery.
Description
Nessus was able to detect JQuery on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2018/02/07, Modified: 2018/02/07
Plugin Output

tcp/80


URL : http://dino.poltekom.ac.id/vendor/jquery/jquery-1.12.0.min.js
Version : 1.12.0

95389 - Network Time Protocol Daemon (ntpd) read_mru_list() Remote DoS
Synopsis
The remote NTP server is affected by a denial of service vulnerability.
Description
The remote NTP server is affected by a denial of service vulnerability due to improper validation of mrulist queries. An unauthenticated, remote attacker can exploit this, via a specially crafted NTP mrulist query packet, to terminate the ntpd process.

Note that the NTP server is reportedly affected by additional vulnerabilities as well; however, Nessus has not tested for these.
See Also
Solution
Upgrade to NTP version 4.2.8p9 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.9 (CVSS:3.0/E:F/RL:O/RC:X)
CVSS Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score
6.4 (CVSS2#E:F/RL:OF/RC:ND)
References
BID 94448
CVE CVE-2016-7434
XREF OSVDB:147600
XREF CERT:633847
XREF EDB-ID:40806
Plugin Information:
Published: 2016/11/29, Modified: 2018/05/21
Plugin Output

udp/123

97861 - Network Time Protocol (NTP) Mode 6 Scanner
Synopsis
The remote NTP server responds to mode 6 queries.
Description
The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used in NTP amplification attacks. An unauthenticated, remote attacker could potentially exploit this, via a specially crafted mode 6 query, to cause a reflected denial of service condition.
See Also
Solution
Restrict NTP mode 6 queries.
Risk Factor
Medium
CVSS v3.0 Base Score
5.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
Plugin Information:
Published: 2017/03/21, Modified: 2018/05/07
Plugin Output

udp/123


Nessus elicited the following response from the remote
host by sending an NTP mode 6 query :

'version="ntpd 4.2.8p8@1.3265-o Tue Jul 19 16:25:02 UTC 2016 (1)",
processor="amd64", system="FreeBSD/10.3-RELEASE-p5", leap=0, stratum=12,
precision=-23, rootdelay=0.000, rootdisp=0.000, refid=127.0.0.1,
reftime=0x00000000.00000000, clock=0xdedb40f0.3fa15756, peer=0, tc=3,
mintc=3, offset=0.000000, frequency=62.014, sys_jitter=0.000000,
clk_jitter=0.000, clk_wander=0.000'
10884 - Network Time Protocol (NTP) Server Detection
Synopsis
An NTP server is listening on the remote host.
Description
An NTP server is listening on port 123. If not securely configured, it may provide information about its version, current date, current time, and possibly system information.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2015/03/20, Modified: 2018/05/07
Plugin Output

udp/123


An NTP service has been discovered, listening on port 123.

Version : 4.2.8p8
14272 - Netstat Portscanner (SSH)
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/05/30
Plugin Output

udp/123

Port 123/udp was found to be open

10267 - SSH Server Type and Version Information
Synopsis
An SSH server is listening on this port.
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 1999/10/12, Modified: 2017/12/19
Plugin Output

tcp/212


SSH version : SSH-2.0-OpenSSH_7.2
SSH supported authentication : publickey,password,keyboard-interactive
10881 - SSH Protocol Versions Supported
Synopsis
A SSH server is running on the remote host.
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/03/06, Modified: 2017/05/30
Plugin Output

tcp/212

The remote SSH daemon supports the following versions of the
SSH protocol :

- 1.99
- 2.0
14272 - Netstat Portscanner (SSH)
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/05/30
Plugin Output

tcp/212

Port 212/tcp was found to be open
22964 - Service Detection
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2018/05/03
Plugin Output

tcp/212

An SSH server is running on this port.
39520 - Backported Security Patch Detection (SSH)
Synopsis
Security patches are backported.
Description
Security patches may have been 'backported' to the remote SSH server without changing its version number.

Banner-based checks have been disabled to avoid false positives.

Note that this test is informational only and does not denote any security problem.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/06/25, Modified: 2015/07/07
Plugin Output

tcp/212


Local checks have been enabled.
70657 - SSH Algorithms and Languages Supported
Synopsis
An SSH server is listening on this port.
Description
This script detects which algorithms and languages are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/10/28, Modified: 2017/08/28
Plugin Output

tcp/212


Nessus negotiated the following encryption algorithm with the server :

The server supports the following options for kex_algorithms :

curve25519-sha256@libssh.org
diffie-hellman-group-exchange-sha256

The server supports the following options for server_host_key_algorithms :

rsa-sha2-256
rsa-sha2-512
ssh-ed25519
ssh-rsa

The server supports the following options for encryption_algorithms_client_to_server :

aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

The server supports the following options for encryption_algorithms_server_to_client :

aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

The server supports the following options for mac_algorithms_client_to_server :

hmac-ripemd160
hmac-ripemd160-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com

The server supports the following options for mac_algorithms_server_to_client :

hmac-ripemd160
hmac-ripemd160-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com

The server supports the following options for compression_algorithms_client_to_server :

none
zlib
zlib@openssh.com

The server supports the following options for compression_algorithms_server_to_client :

none
zlib
zlib@openssh.com
90707 - SSH SCP Protocol Detection
Synopsis
The remote host supports the SCP protocol over SSH.
Description
The remote host supports the Secure Copy (SCP) protocol over SSH.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2016/04/26, Modified: 2017/08/28
Plugin Output

tcp/212

110385 - Authentication Success Insufficient Access
Synopsis
Nessus was able to log into the remote host using the provided credentials. The provided credentials were not sufficient to do all requested local checks.
Description
Nessus was able to execute credentialed checks because it was possible to log into the remote host using provided credentials, however the credentials were not sufficiently privileged to allow all requested local checks.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2018/06/06, Modified: 2018/06/06
Plugin Output

tcp/212


Nessus was able to log into the following host, however
the supplied credentials did not have sufficient privileges
for all planned checks:

Protocol : SSH
Port : 212

14272 - Netstat Portscanner (SSH)
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/05/30
Plugin Output

udp/514

Port 514/udp was found to be open

10107 - HTTP Server Type and Version
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/01/04, Modified: 2018/05/23
Plugin Output

tcp/1234

The remote web server type is :

lighttpd/1.4.44
14272 - Netstat Portscanner (SSH)
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/05/30
Plugin Output

tcp/1234

Port 1234/tcp was found to be open
22964 - Service Detection
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2018/05/03
Plugin Output

tcp/1234

A web server is running on this port.
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/01/30, Modified: 2017/11/13
Plugin Output

tcp/1234


Response Code : HTTP/1.1 401 Unauthorized

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : OPTIONS, GET, HEAD, POST
Headers :

WWW-Authenticate: Basic realm="Password Required", charset="UTF-8"
Content-Type: text/html
Content-Length: 351
Connection: close
Date: Mon, 25 Jun 2018 10:23:38 GMT
Server: lighttpd/1.4.44

Response Body :

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>401 - Unauthorized</title>
</head>
<body>
<h1>401 - Unauthorized</h1>
</body>
</html>
106628 - lighttpd HTTP Server Detection
Synopsis
The lighttpd HTTP server was detected on the remote host.
Description
Nessus was able to detect the lighttpd HTTP server by looking at the HTTP banner on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2018/02/06, Modified: 2018/02/06
Plugin Output

tcp/1234


URL : http://dino.poltekom.ac.id:1234/
Version : 1.4.44
source : Server: lighttpd/1.4.44

14272 - Netstat Portscanner (SSH)
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/05/30
Plugin Output

udp/1776

Port 1776/udp was found to be open

10107 - HTTP Server Type and Version
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/01/04, Modified: 2018/05/23
Plugin Output

tcp/3128

The remote web server type is :

squid
10192 - HTTP Proxy CONNECT Request Relaying
Synopsis
An HTTP proxy running on the remote host can be used to establish interactive sessions.
Description
The proxy allows users to perform CONNECT requests such as :

CONNECT http://cvs.example.org:23

This request gives the person who made it the ability to have an interactive session with a third-party site.

This issue may allow attackers to bypass your firewall by connecting to sensitive ports such as 23 (telnet) via the proxy, or it may allow internal users to bypass the firewall rules and connect to ports or sites they should not be allowed to.

In addition, your proxy may be used to perform attacks against other networks.
Solution
Reconfigure your proxy to refuse CONNECT requests.
Risk Factor
None
Plugin Information:
Published: 1999/06/22, Modified: 2016/04/27
Plugin Output

tcp/3128

10195 - HTTP Proxy Open Relay Detection
Synopsis
The remote web proxy server accepts requests.
Description
The remote web proxy accepts unauthenticated HTTP requests from the Nessus scanner. By routing requests through the affected proxy, a user may be able to gain some degree of anonymity while browsing websites, which will see requests as originating from the remote host itself rather than the user's host.
Solution
Make sure access to the proxy is limited to valid users / hosts.
Risk Factor
None
Plugin Information:
Published: 1999/06/22, Modified: 2014/04/25
Plugin Output

tcp/3128

11040 - HTTP Reverse Proxy Detection
Synopsis
A transparent or reverse HTTP proxy is running on this port.
Description
This web server is reachable through a reverse HTTP proxy.
Solution
n/a
Risk Factor
None
References
CVE CVE-2004-2320
CVE CVE-2005-3398
CVE CVE-2005-3498
CVE CVE-2007-3008
XREF OSVDB:877
XREF OSVDB:3726
XREF OSVDB:35511
XREF OSVDB:50485
XREF CWE:200
XREF CWE:79
Plugin Information:
Published: 2002/07/02, Modified: 2018/05/21
Plugin Output

tcp/3128

The GET method revealed those proxies on the way to this web server :
HTTP/1.1 puskom (squid)
14272 - Netstat Portscanner (SSH)
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/05/30
Plugin Output

tcp/3128

Port 3128/tcp was found to be open
22964 - Service Detection
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2018/05/03
Plugin Output

tcp/3128

A web server is running on this port.

tcp/3128

An HTTP proxy is running on this port.
24260 - HyperText Transfer Protocol (HTTP) Information
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/01/30, Modified: 2017/11/13
Plugin Output

tcp/3128


Response Code : HTTP/1.1 400 Bad Request

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Server: squid
Mime-Version: 1.0
Date: Mon, 25 Jun 2018 10:23:38 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3447
X-Squid-Error: ERR_INVALID_URL 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from puskom
X-Cache-Lookup: NONE from puskom:3128
Via: 1.1 puskom (squid)
Connection: close

Response Body :


<html><head>
<meta type="copyright" content="Copyright (C) 1996-2016 The Squid Software Foundation and contributors">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--
/*
* Copyright (C) 1996-2016 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
* Please see the COPYING and CONTRIBUTORS files for details.
*/

/*
Stylesheet for Squid Error pages
Adapted from design by Free CSS Templates
http://www.freecsstemplates.org
Released for free under a Creative Commons Attribution 2.5 License
*/

/* Page basics */
* {
font-family: verdana, sans-serif;
}

html body {
margin: 0;
padding: 0;
background: #efefef;
font-size: 12px;
color: #1e1e1e;
}

/* Page displayed title area */
#titles {
margin-left: 15px;
padding: 10px;
padding-left: 100px;
background: url('/squid-internal-static/icons/SN.png') no-repeat left;
}

/* initial title */
#titles h1 {
color: #000000;
}
#titles h2 {
color: #000000;
}

/* special event: FTP success page titles */
#titles ftpsuccess {
background-color:#00ff00;
width:100%;
}

/* Page displayed body content area */
#content {
padding: 10px;
background: #ffffff;
}

/* General text */
p {
}

/* error brief description */
#error p {
}

/* some data which may have caused the problem */
#data {
}

/* the error message received from the system or other software */
#sysmsg {
}

pre {
font-family:sans-serif;
}

/* special event: FTP / Gopher directory listing */
#dirmsg {
font-family: courier;
color: black;
font-size: 10pt;
}
#dirlisting {
margin-left: 2%;
margin-right: 2%;
}
#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
border-bottom: groove;
}
#dirlisting td.size {
width: 50px;
text-align: right;
padding-right: 5px;
}

/* horizontal lines */
hr {
margin: 0;
}

/* page displayed footer area */
#footer {
font-size: 9px;
padding-left: 10px;
}


body
:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
:lang(he) { direction: rtl; }
--></style>
</head><body id="ERR_INVALID_URL">
<div id="titles">
<h1>ERROR</h1>
<h2>The requested URL could not be retrieved</h2>
</div>
<hr>

<div id="content">
<p>The following error was encountered while trying to retrieve the URL: <a href="/">/</a></p>

<blockquote id="error">
<p><b>Invalid URL</b></p>
</blockquote>

<p>Some aspect of the requested URL is incorrect.</p>

<p>Some possible problems are:</p>
<ul>
<li><p>Missing or incorrect access protocol (should be <q>http://</q> or similar)</p></li>
<li><p>Missing hostname</p></li>
<li><p>Illegal double-escape in the URL-Path</p></li>
<li><p>Illegal character in hostname; underscores are not allowed.</p></li>
</ul>

<p>Your cache administrator is <a href="mailto:puskom@poltekom.ac.id?subject=CacheErrorInfo%20-%20ERR_INVALID_URL&amp;body=CacheHost%3A%20puskom%0D%0AErrPage%3A%20ERR_INVALID_URL%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Mon,%2025%20Jun%202018%2010%3A23%3A38%20GMT%0D%0A%0D%0AClientIP%3A%20172.16.1.201%0D%0A%0D%0AHTTP%20Request%3A%0D%0A%0D%0A%0D%0A">puskom@poltekom.ac.id</a>.</p>
<br>
</div>

<hr>
<div id="footer">
<p>Generated Mon, 25 Jun 2018 10:23:38 GMT by puskom (squid)</p>
<!-- ERR_INVALID_URL -->
</div>
</body></html>
49692 - Squid Proxy Version Detection
Synopsis
It was possible to obtain the version number of the remote Squid proxy server.
Description
The remote host is running the Squid proxy server, an open source proxy server. It was possible to read the version number from the banner.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/09/28, Modified: 2015/04/02
Plugin Output

tcp/3128


Source : Squid
Version : Server: squid

14272 - Netstat Portscanner (SSH)
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/05/30
Plugin Output

udp/9824

Port 9824/udp was found to be open

14272 - Netstat Portscanner (SSH)
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/05/30
Plugin Output

udp/43430

Port 43430/udp was found to be open

14272 - Netstat Portscanner (SSH)
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/05/30
Plugin Output

udp/50549

Port 50549/udp was found to be open
Remediations
Suggested Remediations
Taking the following actions across 1 hosts would resolve 94% of the vulnerabilities on the network.
Action to take Vulns Hosts
FreeBSD : cURL -- multiple vulnerabilities (04fe6c8d-2a34-4009-a81e-e7a7e759b5d2): Update the affected package. 28 1
FreeBSD : PHP -- denial of service attack (de7a2b32-bd7d-11e7-b627-d43d7e971a1b): Update the affected packages. 20 1
FreeBSD : tiff -- multiple vulnerabilities (2a96e498-3234-4950-a9ad-419bc84a839d): Update the affected packages. 20 1
FreeBSD : libxml2 -- Multiple Issues (76e59f55-4f7a-4887-bcb0-11604004163a): Update the affected package. 19 1
FreeBSD : ntp -- multiple vulnerabilities (af485ef4-1c58-11e8-8477-d05099c0ae8c): Update the affected packages. 16 1
FreeBSD : OpenVPN -- out-of-bounds write in legacy key-method 1 (3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8): Update the affected packages. 8 1
FreeBSD : python 2.7 -- multiple vulnerabilities (8719b935-8bae-41ad-92ba-3c826f651219): Update the affected package. 8 1
FreeBSD : clamav -- multiple vulnerabilities (b464f61b-84c7-4e1c-8ad4-6cf9efffd025): Update the affected package. 7 1
FreeBSD : dnsmasq -- multiple vulnerabilities (b77b5646-a778-11e7-ac58-b499baebfeaf): Update the affected packages. 7 1
FreeBSD : perl -- multiple vulnerabilities (41c96ffd-29a6-4dcc-9a88-65f5038fa6eb): Update the affected packages. 6 1
FreeBSD : libidn -- multiple vulnerabilities (cb5189eb-572f-11e6-b334-002590263bf5): Update the affected package. 4 1
FreeBSD : oniguruma -- multiple vulnerabilities (b396cf6c-62e6-11e7-9def-b499baebfeaf): Update the affected packages. 4 1
FreeBSD : strongswan -- Fix Denial-of-Service Vulnerability strongSwan (CVE-2018-10811, CVE-2018-5388) (7fc3e827-64a5-11e8-aedb-00224d821998): Update the affected package. 4 1
FreeBSD : arj -- multiple vulnerabilities (b95e5674-b4d6-11e7-b895-0cc47a494882): Update the affected package. 3 1
FreeBSD : libevent -- multiple vulnerabilities (b8ee7a81-a879-4358-9b30-7dd1bd4c14b1): Update the affected packages. 3 1
FreeBSD : tiff -- multiple vulnerabilities (b38e8150-0535-11e8-96ab-0800271d4b9c): Update the affected package. 3 1
FreeBSD : PostgreSQL vulnerabilities (414c18bf-3653-11e7-9550-6cc21735f730): Update the affected packages. 2 1
FreeBSD : SQLite -- Corrupt DB can cause a NULL pointer dereference (6d52bda1-2e54-11e8-a68f-485b3931c969): Update the affected package. 2 1
FreeBSD : freetype2 -- buffer overflows (4a088d67-3af2-11e7-9d75-c86000169601): Update the affected package. 2 1
FreeBSD : isc-dhcp -- Multiple vulnerabilities (2040c7f5-1e3a-11e8-8ae9-0050569f0b83): Update the affected packages. 2 1
FreeBSD : krb5 -- Multiple vulnerabilities (3f3837cc-48fb-4414-aa46-5b1c23c9feae): Update the affected packages. 2 1
FreeBSD : squid -- Vulnerable to Denial of Service attack (d5b6d151-1887-11e8-94f7-9c5c8e75236a): Update the affected packages. 2 1
FreeBSD : FreeRADIUS -- TLS resumption authentication bypass (673dce46-46d0-11e7-a539-0050569f7e80): Update the affected packages. 1 1
FreeBSD : libgd -- Denial of servica via double free (a60a2e95-acba-4b11-bc32-ffb47364e07d): Update the affected package. 1 1
FreeBSD : nginx -- a specially crafted request might result in an integer overflow (b28adc5b-6693-11e7-ad43-f0def16c5c1b): Update the affected packages. 1 1
FreeBSD : php-gd and gd -- Buffer over-read into uninitialized memory (5033e2fc-98ec-4ef5-8e0b-87cfbbc73081): Update the affected packages. 1 1
Network Time Protocol Daemon (ntpd) read_mru_list() Remote DoS: Upgrade to NTP version 4.2.8p9 or later. 1 1
FreeBSD : unbound -- vulnerability in the processing of wildcard synthesized NSEC records (8d3bae09-fd28-11e7-95f2-005056925db4): Update the affected package. 0 1
© 2018 Tenable™, Inc. All rights reserved.