File: healthd_detect.nasl

package info (click to toggle)
nessus-plugins 2.2.8-1.1
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 15,508 kB
  • ctags: 251
  • sloc: sh: 8,346; ansic: 4,452; pascal: 3,089; perl: 704; makefile: 172; php: 1
file content (94 lines) | stat: -rw-r--r-- 2,707 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
#
# Copyright 2001 by Noam Rathaus <noamr@securiteam.com> 
#
# Script audit and contributions from Carmichael Security <http://www.carmichaelsecurity.com>
#      Erik Anderson <eanders@carmichaelsecurity.com>
#      Should cover BID: 1107
#
# See the Nessus Scripts License for details
#
#

if(description)
{
 script_id(10731); 
 script_version ("$Revision: 1.9 $");
 
 name["english"] = "HealthD detection";
 script_name(english:name["english"]);
 
desc["english"] = "The FreeBSD Health Daemon was detected.
The HealthD provides remote administrators with information about the 
current hardware temperature, fan speed, etc, allowing them to monitor
the status of the server.

Such information about the hardware's current state might be sensitive; 
it is recommended that you do not allow access to this service from the 
network.

Solution: Configure your firewall to block access to this port.

Risk factor : Low";

 script_description(english:desc["english"]);
 
 summary["english"] = "HealthD detection";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_family(english: "Service detection");

 script_copyright(english:"This script is Copyright (C) 2001 SecuriTeam");
 script_dependencie("find_service.nes");
 script_require_ports("Services/healthd", 1281, 9669);
 exit(0);
}

#
# The script code starts here
#

l = get_kb_list("Services/healthd");
if ( isnull(l) ) l = make_list();
port_l = make_list(1281, 9669, l);
foreach port (port_l)
 if (port && get_port_state(port))
 {
  soctcphealthd = open_sock_tcp(port);

  if (soctcphealthd)
  {
   data = string("foobar");
   resultsend = send(socket:soctcphealthd, data:data);
   resultrecv = recv(socket:soctcphealthd, length:8192);
   if ("ERROR: Unsupported command" >< resultrecv)
   {
    data = string("VER d");
    resultsend = send(socket:soctcphealthd, data:data);
    resultrecv = recv(socket:soctcphealthd, length:8192);

    if ("ERROR: Unsupported command" >< resultrecv)
    {
     security_warning(port:port);
    }
    else
    {
data = string("The FreeBSD Health Daemon was detected.\n",
"The HealthD provides remote administrators with information about\n",
"the current hardware temperature, fan speed, etc, allowing them to monitor\n",
"the status of the server.\n",
"\n",
"Such information about the hardware's current state might be sensitive; \n",
"it is recommended that you do not allow access to this service from the \n",
"network.",
"\n\nThe HealthD version we found is: ", resultrecv, "\n\n",
"Solution: Configure your firewall to block access to this port.\n",
"\n",
"Risk factor : Low\n");
     security_warning(port:port, data:data);
    }
   close(soctcphealthd);
   }
  }
 }