Closed teusink closed 6 years ago
Found vulnerabilities:
IP Forwarding Enabled Risk Factor: Medium CVSS Base Score: 5.8 CVSS Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P
The remote host has IP forwarding enabled. An attacker can exploit this to route packets through the host and potentially bypass some firewalls / routers / NAC filtering. Unless the remote host is a router, it is recommended that you disable IP forwarding.
Because it has "router-like" features I am not going to disable this.
DNS Server Cache Snooping Remote Information Disclosure Risk Factor: Medium CVSS Base Score: 5.0 CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
The remote DNS server responds to queries for third-party domains that do not have the recursion bit set. This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited.
Because it only can be fixed by the vendor (with a patch) I cannot do anything about it, other than staying up-to-date and hope to get it fixed.
The IP Forwarding Vulnerability has been fixed with the addition of iptables and ip6tables.
Execute Nessus Security Tests