CVE Database

The rpc.rquotad service is running.

The rstat/rstatd service is running.

The rexec service is running.

The rpc.sprayd service is running.

A system-critical Windows NT registry key has an inappropriate value.

In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc.

A network intrusion detection system (IDS) does not properly reassemble fragmented packets.

A network intrusion detection system (IDS) does not properly handle data within TCP handshake packets.

A network intrusion detection system (IDS) does not verify the checksum on a packet.

A network intrusion detection system (IDS) does not properly handle packets with improper sequence numbers.

A network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection.

A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire.

A Windows NT log file has an inappropriate maximum size or retention period.

A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive.

The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.

The Logon box of a Windows NT system displays the name of the last user who logged in.

An event log in Windows NT has inappropriate access permissions.

A system-critical Windows NT registry key has inappropriate permissions.

A filter in a router or firewall allows unusual fragmented packets.

A WWW server is not running in a restricted file system, e.g. through a chroot, thus allowing access to system-critical data.

A network service is running on a nonstandard port.

A Windows NT file system is not NTFS.

There is a one-way or two-way trust relationship between Windows NT domains.

The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.

The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, system-critical permissions.

A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.

A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.

A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.

A router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts.

Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.

A URL for a WWW directory allows auto-indexing, which provides a list of all files in that directory if it does not contain an index.html file.

rpc.admind in Solaris is not running in a secure mode.

A Sendmail alias allows input to be piped to a program.

An attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled.

IIS has the #exec function enabled for Server Side Include (SSI) files.

A system-critical Windows NT file or directory has inappropriate permissions.

A system-critical Unix file or directory has inappropriate permissions.

Two or more Unix accounts have the same UID.

A Unix account with a name other than "root" has UID 0, i.e. root privileges.

NFS exports system-critical data to the world, e.g. / or a password file.

Windows NT automatically logs in an administrator upon rebooting.

A superfluous NFS server is running, but it is not importing or exporting any file systems.

An SSH server allows authentication through the .rhosts file.

A trust relationship exists between two Unix hosts.

A system is operating in "promiscuous" mode which allows it to perform packet sniffing.

A router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc.

A router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of.

The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten.

ICMP echo (ping) is allowed from arbitrary hosts.

A system-critical NETBIOS/SMB share has inappropriate access control.