Monthly Archive: February 2000

The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can...

IP traceroute is allowed from arbitrary hosts. Date published : 2000-02-04

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. Date published : 2000-02-04 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 https://kc.mcafee.com/corporate/index?page=content&id=SB10053

ICMP echo (ping) is allowed from arbitrary hosts. Date published : 2000-02-04

The permissions for a system-critical NIS+ table (e.g. passwd) are inappropriate. Date published : 2000-02-04

An NIS domain name is easily guessable. Date published : 2000-02-04

A system-critical NETBIOS/SMB share has inappropriate access control. Date published : 2000-02-04

A NETBIOS/SMB share password is the default, null, or missing. Date published : 2000-02-04

A NETBIOS/SMB share password is guessable. Date published : 2000-02-04

An SNMP community name is the default (e.g. public), null, or missing. Date published : 2000-02-04

An SNMP community name is guessable. Date published : 2000-02-04

An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv. Date published : 2000-02-04

A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers. Date published : 2000-02-04

IP forwarding is enabled on a machine which is not a router or firewall. Date published : 2000-02-04