Criticality: 
| Groups and Contacts | |||
|---|---|---|---|
| Region | EMEA | Systems Architect | cuthbert@yourcompany.com |
| Platform | Microsoft | ||
Scan Information
|
|
|---|---|
| Scan Type | Enterprise |
| Started at | 13-Apr-15 11:54 |
| Finished at | 13-Apr-15 12:54 |
Ports: 2 (High:2 Low:0)
| Port | Protocol | Service | Details | ||
|---|---|---|---|---|---|
| 1433 | tcp | ms-sql-s | No banner found | ||
| 1434 | udp | mssql | Response Received |
Vulnerabilities: 4 (High:1 Medium:3 Low:0)
| Vulnerability | 90027 | High Risk Ports Open | High Risk |
|---|
| Description | The following high risk ports are open: PORT SERVICE 1433/tcp ms-sql-s 1434/udp mssql Note: Even if the ports are immediately closed after being opened, this is still a security risk as packets are reaching the destination host. It is recommended to completely drop packets from untrusted sources instead. |
||||
|---|---|---|---|---|---|
| Solution | Ensure that the ports are filtered by your router or firewall or close the ports on the affected systems. | ||||
| Category | Hosting or infrastructure flaw. | ||||
| CVE Reference | CVE-MAP-NOMATCH | CVSS2 6.4 (Medium) (AV:N/AC:L/Au:N/C:P/I:P/A:N) | |||
| First Found | 13 November 2014 | Port | general | Last 6 Assessments | 
|
| Vulnerability | 11299 | MySQL < 3.23.55 Multiple Vulnerabilities | Medium Risk |
|---|
| Description | This system is running a vulnerable version of MySQL, according to its banner. Insufficient permissions checking related to the "select into outfile" SQL command allows a database user to escalate their priviliges to root. There is also a double free vulnerability that allows a database user to crash the service. A "database user" could be a remote attacker who has valid database credentials. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. | ||||
| CVE References | CVE-2003-0073 | CVSS2 5.0 (Medium) (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
| CVE-2003-0150 | CVSS2 9.0 (High) (AV:N/AC:L/Au:S/C:C/I:C/A:C) | ||||
| First Found | 13 November 2014 | Port | 1434/udp | Last 6 Assessments | 
|
| Vulnerability | 11378 | MySQL < 3.23.56 Privilege Escalation | Medium Risk |
|---|
| Description | This system is running a vulnerable version of MySQL, according to its banner. There is insufficient permissions checking in code related to the "select into outfile" SQL command. A database user could use this to overwrite configuration files and escalate privileges. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. | ||||
| Category | Hosting or infrastructure flaw. | ||||
| References | Bugtraq ID 7052 | ||||
| CVE Reference | CVE-2003-0150 | CVSS2 9.0 (High) (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
| First Found | 13 December 2014 | Port | 1434/udp | Last 6 Assessments | 
|
| Vulnerability | 11842 | MySQL < 3.23.58, 4.0.15 Password Overflow | Medium Risk |
|---|
| Description | This system is running a vulnerable version of MySQL, according to its banner. There is a buffer overrun vulnerability in code related to passwords. A database user could use this to crash the service and take control of the system, by changing their password to a carefully crafted value. | ||||
|---|---|---|---|---|---|
| Solution | Upgrade to an unaffected version, or apply a patch. | ||||
| References | Bugtraq ID 8590 | ||||
| CVE Reference | CVE-2003-0780 | CVSS2 9.0 (High) (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
| First Found | 13 February 2015 | Port | 1434/udp | Last 6 Assessments |
|
Historical Information
