Documente Academic
Documente Profesional
Documente Cultură
ABC S.A.
Realizado por:
Endless Wave Ca. Ltda.
Fecha:
2012-06-23
Responsable:
Ing. Pablo Pazmio N.
Contenido
Tareas realizadas:.................................................................................................. 3
Objetivo de control:............................................................................................... 4
Hallazgos:........................................................................................................... 4
Vulnerabilidades encontradas:...........................................................................5
Plan de remediacin........................................................................................... 6
Responsable del anlisis:.................................................................................6
Tareas realizadas:
Objetivo de control:
Hallazgos:
Host script results:
| nbstat:
| NetBIOS name: ENDLESS-CQYWW54, NetBIOS user: <unknown>, NetBIOS
MAC: 00:0c:29:cb:6c:a3 (VMware)
| Names
|
ENDLESS-CQYWW54<00> Flags: <unique><active>
|
WORKGROUP<00>
Flags: <group><active>
|
ENDLESS-CQYWW54<20> Flags: <unique><active>
|_ WORKGROUP<1e>
Flags: <group><active>
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
| OS: Windows Server 2003 3790 (Windows Server 2003 5.2)
| Computer name: endless-cqyww54
| NetBIOS computer name: ENDLESS-CQYWW54
| Workgroup: WORKGROUP
|_ System time: 2012-06-23 12:24:21 UTC-4
Con los hallazgos anteriores se ha determinado una posible vulnerabilidad de
inyeccin de Shell en el kernel de Windows (2003 server) detectado.
Vulnerabilidades encontradas:
Vulnerabilidad
OSVDB-49243
Riesgo
Prdida de Integridad
Impacto
ALTO: Riegos asociados al
ingreso/borrado arbitrario de
informacin en el servidor.
Plan de remediacin
Vulnerabilidad
encontrada
OSVDB-49243
Responsable de
remediacin
Administrador del
servidor Active directory
Tiempo
2 das mximo