WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
October 19, 2005
Symantec ESM 6.5 Network Assessment Security Updates

File(s)

Download the cumulative Symantec ESM Network Assessment Release Notes (PDF)

Description

This update for Symantec ESM Network Assessment detects and reports 15 additional vulnerabilities and 357 additional security exposures.

As of this release, security exposures have been added to the Network Assessment module. There is a new Network Assessment template entitled exposure.net that can be enabled to check for security exposures.

Use the LiveUpdate feature of Symantec ESM Network Assessment to download this security update.

Additional vulnerabilities

Bugtraq ID	Vulnerability name
12160		Microsoft Windows FTP Client Directory Traversal Vulnerability
14260		Microsoft Windows Network Connections Manager Library Local Denial of Service Vulnerability
14594		Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability
15056		Microsoft Windows MSDTC Memory Corruption Vulnerability
15057		Microsoft MSDTC COM+ Remote Code Execution Vulnerability
15058		Microsoft MSDTC TIP Denial Of Service Vulnerability
15059		Microsoft MSDTC TIP Distributed Denial Of Service Vulnerability
15061		Microsoft Internet Explorer COM Object Instantiation Variant Vulnerability
15063		Microsoft DirectX DirectShow AVI Processing Buffer Overflow Vulnerability
15064		Microsoft Windows Explorer Web View Script Injection Vulnerability
15065		Microsoft Windows Plug And Play UMPNPMGR.DLL wsprintfW Buffer Overflow Vulnerability
15066		Microsoft Windows Client Service For Netware Buffer Overflow Vulnerability
15067		Microsoft Collaboration Data Objects Remote Buffer Overflow Vulnerability
15069		Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability
15070		Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability

Additional security exposures

Bugtraq ID	Exposure Title
exp.4		Server can be compromised with physical access
exp.5		Access to a UNIX password file allows user profiling and possible password cracking
exp.6		MCI registry key does not conform to Microsoft-recommended security settings
exp.7		Windows NT password filter is not enabled
exp.8		Password is easy to guess
exp.9		Windows 95 .pwl file uses weak encryption
exp.10		CurrentVersion key has vulnerable default permissions
exp.11		Performance Monitor's Perflib registry key has inappropriate access controls
exp.12		Daytime service lets attackers probe system
exp.13		Poker service lets attackers profile a computer
exp.14		DCOM lets attackers run arbitrary programs remotely
exp.15		POP services let attackers profile a computer
exp.16		Portmap services let attackers profile a computer
exp.17		Admin user name and password are stored as plain text in registry
exp.18		WinGate allows attack by proxy with default configuration
exp.19		Dictionary service lets attackers profile computers
exp.20		A registry key that lists communication ports has inappropriate access controls
exp.21		Discard service lets attackers profile a computer
exp.22		POSIX subsystem subjects a host computer to Trojan horse attacks
exp.23		DNS denial of service attack is possible
exp.24		Domain Name Service lets attackers profile a network
exp.25		Echo service lets attackers probe a computer
exp.26		EFS service lets attackers profile a computer
exp.27		Password is insecure
exp.28		erlogin service lets attackers profile a computer
exp.29		Print-srv service lets attackers profile a computer
exp.30		Symantec Enterprise Security Manager is not installed
exp.31		No action can be taken when auditing is unavailable
exp.32		Printer service may profile a system for attack
exp.33		exec service allows remote command execution
exp.35		Finger service can be used in denial of service attack
exp.36		Qmaster service may help profile a system for attack
exp.37		Qotd service lets attackers profile a computer
exp.38		Finger service lets attackers execute arbitrary commands as root
exp.39		Finger service lets attackers profile a computer
exp.40		Finger service reveals information about user accounts
exp.41		Queue service may help profile a system for attack
exp.42		A registry key that configures applications to edit the registry has inappropriate access controls
exp.43		Finger service lists all active users accounts
exp.44		Finger service listing all users currently logged in
exp.45		Registry can be accessed remotely
exp.46		Finger service lists all inactive user accounts
exp.47		Registry files associated with the registry editor allows access to the registry.
exp.48		Remotefs service may help profile a system for attack
exp.49		Remp service may help profile a system for attack
exp.50		Network resource discovery helps identify systems for attack
exp.51		FTP service allows access
exp.52		ICMP replies help profile a system for attack.
exp.53		FTP service allows anonymous users to write to root directory
exp.54		Rje service may help profile a system for attack
exp.55		Rmt service may help profile a system for attack
exp.56		FTP service may create opportunity for attack
exp.57		FTP backdoor in wu-ftpd may allow anonymous root access
exp.58		Windows NT SP1 and SP2 are vulnerable to RPC denial of service attacks
exp.59		RPC registry settings have inappropriate access controls.
exp.60		Run key has inappropriate access controls
exp.61		RunOnce registry key has inappropriate access controls
exp.62		FTP service allows unauthorized file access
exp.63		SAP information may help profile a system for attack
exp.64		Apache version 1.2.4 and earlier are vulnerable to multiple buffer overflow attacks
exp.65		Pandora spoofing attack possible
exp.66		Sendmail 8.8.0-8.8.1 MIEM overflow allows remote root access
exp.67		Sendmail allows information obscuring via long HELO/EHLO
exp.68		Windows NT application event log can be accessed by the guest account
exp.69		Sendmail versions up to 8.8.0 allows e-mail re-directs
exp.70		Services identifiable by product or version allow them to be profiled for future attacks
exp.71		Sftp service may help profile a system for attack
exp.72		Windows NT security event log can be accessed by the guest account
exp.73		Windows NT guest account can access the system event log
exp.74		A registry key that configures shares has inappropriate access controls
exp.76		SL Mail service is vulnerable to a buffer overflow attack
exp.77		Registry keys under HKEY_LOCAL_MACHINE are vulnerable to attack
exp.78		SL Mail is vulnerable to a denial of service attack
exp.79		SMB can force the use of clear text passwords
exp.80		HP laserjet IP address can be changed without password
exp.82		SMB client message signing disabled
exp.83		SMB server has message signing disabled
exp.84		Finger client script in CGI directory of web server
exp.85		Perl interpreter accessible from web server
exp.87		Web server running
exp.88		SMTP allows user verification with rcpt field
exp.89		SMTP servers that allow mail relaying can be used to produce spam
exp.90		Firewall type identified
exp.91		SMTP servers that connect to clients quickly may facilitate vulnerability probing
exp.92		Service listening on non-standard port
exp.93		Sendmail allows file manipulation through e-mail sent to a decode alias
exp.94		Unexpected service behavior
exp.95		Network printer may be a target for attack
exp.96		Router or switch may be target for attack
exp.97		Intruder alert not installed
exp.98		Internal DNS information available to public network
exp.99		SMTP EXPN feature allows for username discovery
exp.100		Valid e-mail account obtainable
exp.101		Smtp service lets attackers profile a computer
exp.105		SSH service may help profile a system for attack
exp.106		Sunrpc service may help profile a system for attack
exp.107		Supdup service may help profile a system for attack
exp.108		Internet Explorer 3.0 and 3.01 are vulnerable to attack
exp.109		Internet explorer without year 2000 patch
exp.110		Systat service allows remote system monitoring
exp.111		Internet explorer 4.01 vulnerable to untrusted scripted paste
exp.112		Tcprepo service may help profile a system for attack
exp.113		Internet explorer 4.x security zones not preserved
exp.114		Telnet service communicates in clear text
exp.115		Tempo service may help profile a system for attack
exp.116		Tetrinet service may help profile a system for attack
exp.117		Time service may help profile a system for attack
exp.118		A registry key that configures PostScript fonts has inappropriate access controls
exp.119		A registry key that configures uninstall applications has inappropriate access controls
exp.120		NULL session connections allow user and domain server enumeration
exp.121		A registry key that configures UPS devices has inappropriate access controls
exp.122		Internet explorer 4.x without service pack 1 is vulnerable to attack
exp.123		Internet Relay Chat server lets attackers probe a computer
exp.124		Login dialogs that display the last user to log in facilitate user account attacks
exp.125		SMB lets anonymous connections read and write to shares
exp.127		Uucp service may help profile a system for attack
exp.128		Uucp-path service may help profile a system for attack.
exp.129		Netware 4.x vulnerable to denial of service attack
exp.130		LanManager passwords use weak encryption
exp.131		Legal notice banner at login makes prosecuting attackers easier
exp.132		Getadmin attack allows users to be added the administrators group
exp.133		Inappropriate registry access controls allow the SNMP community name to be read.
exp.134		Vmnet0 service may help profile a system for attack
exp.135		VNC service could be monitored to profile a computer
exp.136		Volrmmount utility allows shell users to gain root privileges
exp.137		The w service may help profile a system for attack.
exp.138		Whois service may help profile a system for attack
exp.139		Drivers registry key does not conform to Microsoft recommended security settings
exp.140		Apache win32 allows retrieval of files outside of document trees
exp.141		Embedding registry key does not conform to Microsoft recommended security settings
exp.142		Font Drivers registry key does not conform to Microsoft recommended security settings
exp.143		FontCache registry key does not conform to Microsoft recommended security settings
exp.144		Not clearing the Windows page file may provide attackers with sensitive system information.
exp.145		FontMapper registry key does not conform to Microsoft recommended security settings
exp.146		Fonts registry key does not conform to Microsoft recommended security settings
exp.147		FontSubstitutes registry key does not conform to Microsoft recommended security settings
exp.148		GRE_Initialize registry key does not conform to Microsoft recommended security settings
exp.149		MCI Extensions registry key does not conform to Microsoft recommended security settings
exp.150		Windows NT system caches logon credentials
exp.151		garcon service may allow attackers to profile for future attacks
exp.152		Windows PWL file uses weak encryption
exp.153		Gateway service may allow attackers to profile for future attacks
exp.154		WinGate pop3 proxy server is vulnerable to a buffer overflow
exp.155		Wingate telnet proxy service is vulnerable to a buffer overflow attack
exp.156		hostnames service may allow attackers to profile for future attacks
exp.157		Inappropriate WinLogin registry key access controls may allow trojan applications to be executed.
exp.158		ingreslock service may allow attackers to profile for future attacks
exp.159		iso-tsap service may allow attackers to profile for future attacks
exp.160		kerberos service may allow attackers to profile for future attacks
exp.161		A registry key that configures how 16 bit processes are executed has inappropriate access controls.
exp.162		X400 service may help profile a system for attack
exp.163		X400-snd service may help profile a system for attack.
exp.164		Malformed broadcast packets can cause a denial of service in older NetWare client software
exp.165		Kerberos master service may allow attackers to profile for future attacks
exp.166		NFS allows device creation
exp.167		NFS is vulnerable to directory traversals that grant access to files that are not exported
exp.168		klogin service may allow attackers to profile for future attacks
exp.169		knetd service may allow attackers to profile for future attacks
exp.170		krb_prop service may allow attackers to profile for future attacks
exp.171		kshell service may allow attackers to profile for future attacks
exp.172		link service may allow attackers to profile for future attacks
exp.173		rlogin service uses plain text passwords
exp.174		NFS allows root access by failing to properly validate UIDs.
exp.175		NFS services that export writable directories are vulnerable to attack.
exp.176		Exporting hosts.equiv and .rhosts files through NFS as writable makes a system vulnerable to attack
exp.177		Exporting hosts.cshrc and .login files through NFS as writable makes a system vulnerable to attack.
exp.178		Exporting .netrc through NFS as writable makes a system vulnerable to attack.
exp.179		Portmap can be used to create NFS mounts.
exp.180		Access to mountd allows access to local and remote file systems.
exp.181		Mountd service allows discovery of network resources.
exp.182		Mountd service may allow NFS client enumeration
exp.183		Mountd service allows directory to be mounted by anyone.
exp.184		NFS mounts that grant access to .netrc files may compromise user passwords.
exp.185		NFS may publish host names  when exporting .netrc files.
exp.186		Passwd files that are exported by NFS compromise user account information.
exp.187		Passwd files that are exported by NFS with encrypted passwords compromise user account information.
exp.188		Sendmail is vulnerable to a denial of service attack through a malformed message header.
exp.190		Append actions can overwrite a file in older Linux kernels with securelevel protection enabled.
exp.191		SLmailNT 3.1-3.2 allows file restrictions to be bypassed by users.
exp.192		SLmailNT 3.1 and prior can be terminated by remote users.
exp.193		NIS client can be identified via passwd file.
exp.194		Maitrd service may help profile a system for attack
exp.195		Man service may help profile a system for attack
exp.196		Mantst service may help profile a system for attack
exp.199		Mtb service may help profile a system for attack
exp.200		Mtp service may help profile a system for attack
exp.201		Name service may help profile a system for attack.
exp.202		Windows NT 4 is vulnerable to a denial of service attack through named pipes.
exp.203		Nameserver service may help profile a system for attack
exp.204		Nbname service may help profile a system for attack.
exp.205		Nbsession service may help profile a system for attack.
exp.206		NetBus backdoor service allows remote attackers system level access.
exp.207		Netnews service may help profile a system for attack.
exp.208		NetWare console grants system level access without authentication.
exp.209		NetWare password intercept possible via trojan horse
exp.210		Netstat service my help profile a system for attack.
exp.211		Rconsole passwords stored in clear text.
exp.212		NetWare serves with DOS loaded allow access to DOS partitions.
exp.213		NetWare telnet server allows insecure remote console access
exp.215		Windows could allow network access to the floppy drive.
exp.216		Networks can be identified through NIS.
exp.217		Network Peripherals switching hub is vulnerable to a denial of service attack.
exp.218		Network Peripherals switching hub's IP address can be changed without a password.
exp.219		NeWS service may help profile a system for attack
exp.220		Windows NT 4.0 is vulnerable to newtear
exp.221		NFS may help profile a system for attack
exp.222		Windows NT 4.0 allows network access to the CD-ROM
exp.223		NIS may help profile a system for attack
exp.224		NIS map ethers.byname may help profile a system for attack
exp.225		NIS map ethers.byaddr may help profile a system for attack
exp.226		NIS map bootparams may help profile a system for attack.
exp.227		NIS map auto.master may help profile a system for attack
exp.228		NIS map auto.home may help profile a system for attack
exp.229		NIS map auto.direct may help profile a system for attack.
exp.230		NIS map auto.src may help profile a system for attack
exp.231		RPC services let attackers profile a computer
exp.232		Portmap service identifies running RPC services
exp.233		Trinoo agent daemons allow denial of service attacks by proxy.
exp.234		Trinoo master daemons allow denial  of service attacks by proxy.
exp.235		Tfn trojan horse daemon allows attack-by-proxy
exp.236		Stacheldraht trojan horse agent allows attack-by-proxy.
exp.237		Stacheldraht trojan horse handler allows attack-by-proxy.
exp.238		Stacheldraht trojan horse component allows attack-by-proxy.
exp.239		Mstream trojan horse master allows attack-by-proxy
exp.240		Mstream server allows attack by proxy.
exp.241		Cold Fusion sourcewindow.cfm allows remote file access
exp.242		Cold Fusion evaluate.cfm may allow unauthorized access
exp.243		Cold Fusion fileexists.cfm allows remote file detection access
exp.244		Cold Fusion sample file cfmlsyntaxcheck.cfm is vulnerable to a denial of service attack.
exp.245		Cold Fusion mainframeset.cfm allows local http access by proxy.
exp.246		Linux kernel capability bug allows shell users to gain root access.
exp.247		Personal Mail Server is vulnerable to a buffer overflow attack
exp.248		University of Washington POP/IMAP server are vulnerable to buffer overflow attacks.
exp.249		Unsigned ActiveX controls marked safe for scripting in Restricted Sites zone
exp.250		Active scripting enabled in Restricted Sites zone
exp.251		Microsoft Outlook is not in the Restricted Sites zone.
exp.252		Microsoft Outlook Express is not in the Restricted Sites zone.
exp.253		SNMP community names provide write access to MIB entries
exp.254		BIND is vulnerable to a fdmax denial of service attack
exp.255		BIND is vulnerable to a maxdname buffer overflow attack.
exp.257		BIND is vulnerable to a sig denial of service attack.
exp.258		BIND is vulnerable to a solinger denial of service attack.
exp.259		BIND is vulnerable to a sigdiv0 denial of service attack.
exp.260		BIND is vulnerable to a srv denial of service attack.
exp.261		BIND discloses system information.
exp.262		Girlfriend backdoor program listens on port 21554.
exp.263		Deep Throat client grants remote attackers administrative system access.
exp.264		Subseven back door gives administrative control to remote attackers
exp.265		A Jana HTTP server CGI allows directory traversals to reference files outside of the document root.
exp.266		HTTP allows CGI access to config.sys
exp.267		ICQ-WebServer allows access to files outside of the document root.
exp.268		_AuthChangeUrl.cgi allows password attacks by proxy.
exp.269		HTTP allows CGI access to _vti_inf.html
exp.270		HTTP allows CGI access to _vti_pvt/service.grp
exp.271		HTTP allows execution of catalog_type.asp CGI
exp.272		HTTP server allows execution of sendmail.cfm CGI
exp.274		HTTP service allows execution of AnyBoard.cgi CGI
exp.275		HTTP service allows execution of AT-admin.cgi CGI
exp.276		HTTP service allows execution of ax-admin.cgi CGI
exp.277		HTTP service allows execution of ax.cgi CGI
exp.278		HTTP service allows execution of bb-hist.sh CGI
exp.280		HTTP service allows execution of day5datacopier.cgi CGI
exp.281		HTTP service allows execution of day5datanotifier.cgi CGI
exp.283		HTTP service allows execution of dumpenv.pl CGI
exp.284		HTTP service allows execution of environ.cgi CGI
exp.285		HTTP service allows execution of filemail.pl CGI
exp.288		HTTP service allows execution of fpexplore.exe CGI
exp.289		HTTP service allows execution of gH.cgi CGI
exp.293		HTTP service allows execution of maillist.pl CGI
exp.294		HTTP service allows execution of nph-publish CGI
exp.295		HTTP service allows CGI access to passwd.
exp.296		HTTP service allows CGI access to passwd.pwd
exp.297		HTTP service allows CGI access to passwd.txt.
exp.298		HTTP service allows CGI access to password
exp.299		HTTP service allows CGI access to password.pwd
exp.300		HTTP service allows CGI access to password.pwl
exp.301		HTTP service allows execution of perlshop.cgi CGI
exp.303		HTTP service allows execution of ppdscgi.exe CGI
exp.304		HTTP service allows execution of rwwwshell.pl CGI
exp.305		HTTP service allows execution of sendform.cgi CGI
exp.310		HTTP service allows execution of tst.bat CGI
exp.311		HTTP service allows execution of unlg1.1 CGI
exp.312		HTTP service allows execution of unlg1.2 CGI
exp.313		HTTP service allows execution of upload.pl CGI
exp.318		HTTP service allows execution of wwwadmin.pl CGI
exp.319		HTTP service allows execution of args.bat CGI
exp.320		HTTP service allows execution of args.cmd CGI
exp.321		HTTP service allows execution of default.asp CGI
exp.322		HTTP service allows view of the doc directory.
exp.323		HTTP service allows execution of domcfg.nsf CGI
exp.324		HTTP service allows access to etc/group
exp.325		HTTP service allows access to etc/passwd
exp.337		HTTP service allows execution of fpcount.exe CGI that is vulnerable to a buffer overflow attack
exp.338		HTTP service allows execution of pfieffer.bat CGI that may help profile the system for attack.
exp.339		HTTP service allows execution of pfieffer.cmd CGI
exp.342		HTTP service allows execution of queryhit.htm CGI
exp.343		HTTP service allows execution of adminlogin CGI
exp.344		HTTP service allows execution of tools/getdrvs.exe CGI
exp.346		NAVCE service not detected
exp.347		NAVCE service Identified
exp.348		Shaft distributed denial of service daemon allows attack by proxy
exp.349		Packaging Anomaly Could Cause Hotfixes to be removed
exp.350		Carbon Copy can provide remote access to a computer
exp.351		CaptureScreen can provide remote access to a computer
exp.352		Desktop Delivery can provide remote access to a computer
exp.353		IKS (Invisible Keylogger Stealth) will keep a log of all keystrokes typed
exp.354		NetBus backdoor program allows remote administrative access.
exp.355		Netlook allows a remote capture of screenshots
exp.356		PC Protect Stealth logs stored locally
exp.357		Serv-U FTP-Server v2.5e is vulnerable to a denial of service attack
exp.358		Serv-U FTP-Server version 2.3x is vulnerable to a buffer overflow attack
exp.360		Microsoft IIS Malformed HTR Request vulnerable to buffer overflow attack
exp.361		Microsoft SQL Server 2000 stored procedure is vulnerable to an input validation attack
exp.362		Microsoft MSSQL server may help profile a system for attack.
exp.363		Microsoft SQL Server 2000 is vulnerable to a OpenDataSource buffer overflow attack
exp.364		VPN service enabled
exp.365		Embedded web servers may help profile a host for attack
exp.366		Wireless access point may allow unauthorized network access
exp.367		D-Link wireless access point can reveal version information
exp.368		Netgear wireless access point may real version information.
exp.369		SMC wireless access point may reveal version information.
exp.370		Cisco-Aironet Wireless Access Point Identified
exp.371		Corega wireless access point may reveal version information.
exp.372		IOData wireless access point may reveal version information.
exp.373		Melco wireless access point may reveal version information.
exp.374		Melco wireless access point can be identified through SNMP.
exp.375		SESA agent not installed.
exp.376		SESA agent identified.
exp.377		SESA Manager detected.
exp.382		BackOrifice allows remote system access with administrator privileges
exp.391		Unauthorized users can add printer drivers
exp.401		Unauthorized users can shut down system
exp.407		Weak passwords allow compromise
exp.408		Rlogin allows remote root access
exp.409		User rights not being audited
exp.410		Open TCP and UDP port allows system profiling
exp.411		Auth service running
exp.413		Base system objects are not protected from modification
exp.414		Chargen service found to be running
exp.450		System may be susceptible to burn attack
exp.452		Busboy service found to be running
exp.470		Registry key \HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Compatibility
exp.501		Microsoft Windows NULL session logon can enumerate users
exp.503		Registry key \HKEY_USERS\.Default has inappropriate security settings
exp.504		Parent of shared directory can be accessed by remote attacker
exp.505		anonymous FTP access is enabled
exp.506		Windows shares can be enumerated remotely
exp.507		Registry key \HKEY_LOCAL_MACHINE\Software\Classes\AppId has vulnerable default permissions
exp.508		NIS allows user account and system information to be obtained
exp.509		Bnews service found to be running
exp.511		Unnecessary services on a host may present opportunities for attack
exp.512		nntp service may profile a host for attack
exp.514		Registry key for Ole has inappropriate access settings
exp.515		OS/2 subsystem enabled on windows
exp.516		Default user automatically logged in through autologin feature
exp.545		SNMP community name is guessable
exp.547		Remote access to shell interpreters in cgi-bin directory

Initial Post on: Thursday, 20-Oct-05 15:10:00
Last modified on: Thursday, 20-Oct-05 16:24:15