quote:

Originally posted by gonzuelez:
I recently did a scan of my internal network using NESSUS. It came up with some interesting results. Background on my network first:
2 - laptops
2 - desktops
1 - linksys NAS

If someone can decypher and explain to me what is mis-configured hopefully it would be appreciated.
----------------------------------------------------------------------------------------------------------
1)
http (80/tcp)


The remote proxy is vulnerable to format strings attacks
when issued a badly formed user name.

This flaw allows an attacker to execute arbitrary code on this
host.

Solution: if you are using NSM, see http://www.solsoft.org/nsm/news/972559672/index_html
or else contact your vendor for a patch

Risk Factor : High
Plugin ID : 10540

Synopsis :

The remote web server might transmit credentials over clear text

Description :

The remote web server contains several HTML forms containing
an input of type 'password' which transmit their information to
a remote web server over plain text.

An attacker eavesdropping the traffic might use this setup to
obtain logins and passwords of valid users.

----------------------------------------------------------------------------------------------------------
2)
https (443/tcp)

The remote system appears vulnerable to an invalid Options field
within a TCP packet. At least one vendor firewall (Symantec) has
been reported prone to such a bug. An attacker, utilizing this flaw,
would be able to remotely shut down the remote firewall (stopping all
network-based transactions) by sending a single packet to any port.

See Also :

http://www.eeye.com/html/Research/Advisories/AD20040423.html

Risk Factor : High
CVE : CVE-2004-0375
BID : 10204
Other references : IAVA:2004-A-0010, OSVDB:5596
Plugin ID : 12216



I understand this is internal so these might be exceptable risks within a home environment. If someone has a little more understanding I to would like understand

Thanks