- Status Closed
-
Assigned To
cbay - Private
Opened by ziadali - 24.02.2025
Last edited by cbay - 24.02.2025
FS#130 - Penetration Testing Summary Report
Target IP: 185.31.40.185Date: February 24, 2025Tester: Ziad Ali
1. Summary of Findings
The penetration test conducted on the target system revealed multiple vulnerabilities across different services, with a focus on Avahi, Exim, and MariaDB. Below is a high-level summary:
Avahi mDNS (CVE-2011-1002) – DoS Vulnerability Detected
Exim Mail Server (Version 4.92) – Multiple Exploits Available
MariaDB (Version 10.4.33) – Critical Privilege Escalation and RCE Vulnerabilities
2. Detailed Findings
2.1 Avahi mDNS (CVE-2011-1002)
Service: Avahi (Multicast DNS, UDP 5353)
Impact: Remote attackers can send NULL UDP packets to disrupt network service.
Proof of Concept:
The system responded to a NULL UDP packet sent to 224.0.0.251, indicating potential for exploitation.
Remediation:
Disable Avahi if not needed (systemctl stop avahi-daemon).
Update Avahi to the latest patched version.
Restrict multicast traffic using firewall rules (iptables -A INPUT -s 224.0.0.251 -j DROP).
2.2 Exim SMTP Server (Version 4.92)
Service: Exim SMTP (TCP 465)
Impact: Multiple privilege escalation and RCE vulnerabilities detected.
Vulnerabilities:
CVE-2019-16928 (Heap Overflow, RCE) – CVSS Score: 9.8
CVE-2019-15846 (Remote Code Execution) – CVSS Score: 9.8
Exploit Available: Metasploit modules exist for these exploits.
Remediation:
Upgrade Exim to the latest stable version.
Implement security best practices such as restricting access to SMTP services.
2.3 MariaDB Server (Version 10.4.33)
Service: MariaDB (TCP 3306)
Impact: Critical privilege escalation and remote code execution vulnerabilities.
Vulnerabilities:
CVE-2012-2750 (Authentication Bypass) – CVSS Score: 10.0
CVE-2016-9843 (Arbitrary Code Execution) – CVSS Score: 9.8
Exploit Available: Public exploits exist for privilege escalation.
Remediation:
Upgrade MariaDB to the latest stable version.
Restrict database access using firewall rules.
Implement strong authentication mechanisms.
3. Conclusion & Recommendations
The target system has multiple critical vulnerabilities that could lead to unauthorized access, privilege escalation, and denial-of-service attacks. The following actions should be prioritized:
Immediate Patch Deployment: Update Exim and MariaDB to secure versions.
Disable or Secure Avahi Service: Unless required, disable Avahi or limit its exposure.
Firewall Hardening: Restrict access to SMTP, IMAP, and database services.
Security Monitoring: Implement IDS/IPS solutions to detect exploit attempts.
Severity Assessment: Critical – Immediate action is recommended to mitigate risks.
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
Hello,
You seem to only use advertised version numbers to determine whether a vulnerability is fixed or not, but vulnerabilities are fixed by keeping version numbers unchanged.
Kind regards,
Cyril
SMTP port 587 open and no rate limit in ssh