stack

1. Asset IP Address,Service Protocol,Service Port,Vulnerability CVSS Score,Vulnerability Risk Score,Vulnerability Description,Vulnerability CVE URLs,Vulnerability Solution
2. 89.20.93.250,tcp,22,7.8,709,"A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.",http://nvd.nist.gov/vuln/detail/CVE-2008-0166,"Upgrade the OpenSSL packages and regenerate all key material
3.  
4.  
5. Upgrade the OpenSSL package to the version recomended below to fix the random number generator and stop generating weak keys
6.  
7. * For Debian 4.0 etch, upgrade to 0.9.8c-4etch3
8.  
9. * For Debian testing (lenny), upgrade to 0.9.8g-9
10.  
11. * For Debian unstable (sid), upgrade to 0.9.8g-9
12.  
13. * For Ubuntu 7.0.4 (feisty), upgrade to 0.9.8c-4ubuntu0.3
14.  
15. * For Ubuntu 7.10 (gusty), upgrade to 0.9.8e-5ubuntu3.2
16.  
17. * For Ubuntu 8.0.4 (hardy), upgrade to 0.9.8g-4ubuntu3.1
18.  
19. Then regenerate all cryptographic key material which has been created by vulnerable OpenSSL versions on Debian-based systems. Affected keys include SSH server and user keys, OpenVPN keys, DNSSEC keys, keys associated to X.509 certificates, etc.
20.  
21. Optionally, Debian and Ubuntu have released updated OpenSSH, OpenSSL and OpenVPN packages to automatically blacklist known weak keys. It is recomended to install these upgrades on all systems."
22. 89.20.93.250,tcp,5900,7.5,739,"AT&T Virtual Network Computing (VNC) provides remote users with access to the system it is installed on. If this service is compromised, the user can gain complete control of the system.",,"Fix VNC remote control service installed
23.  
24.  
25. Remove or disable this service. If it is necessary, be sure to use well thought out (hard to crack) passwords. It is important to note that VNC truncates passwords to 8 bytes (http://www.realvnc.com/faq.html#password8can) when authenticating, making it more susceptible to brute force attacks.
26.  
27. To protect data from eaves-droppers, tunneling VNC through SSH (http://www.realvnc.com/faq.html#firewall) is recommended.
28.  
29. Additionally, restricting access to specific IP addresses using TCP wrappers (http://www.uk.research.att.com/vnc/extras.html#tcpwrapper) is also recommended.
30.  
31. For more information on VNC, visit the VNC website (http://www.realvnc.com/) ."
32. 89.20.93.250,tcp,23,4.3,498,"Telnet is an unencrypted protocol, as such it sends sensitive data (usernames, passwords) in clear text.",,"Disable Telnet