Table of Contents Introduction.........................................................................................................................................................1 PVS PLUGIN FAMILIES..................................................................................................................................2 Family Backdoors..............................................................................................................................................4 Family CGI.........................................................................................................................................................8 Family Database...............................................................................................................................................45 Family DNS Servers.........................................................................................................................................61 Family Finger...................................................................................................................................................65 Family FTP Servers.........................................................................................................................................66 Family FTP Clients..........................................................................................................................................71 Family Generic.................................................................................................................................................73 Family Operating System Detection.............................................................................................................106 Family IMAP Servers....................................................................................................................................113 Family Internet Messengers..........................................................................................................................116 Family IRC Clients........................................................................................................................................122 Family IRC Servers.......................................................................................................................................124 Family Peer-To-Peer File Sharing................................................................................................................125 Family POP Server........................................................................................................................................128 Family RPC....................................................................................................................................................130 Family Samba.................................................................................................................................................133 Family SMTP Clients....................................................................................................................................136 Family SMTP Servers....................................................................................................................................146 Family SNMP Traps......................................................................................................................................154 Family SSH.....................................................................................................................................................155
i
Passive Vulnerability Scanner (PVS) Signatures
Table of Contents Family Web Clients........................................................................................................................................158 Family Web Servers.......................................................................................................................................216 Family Abuse..................................................................................................................................................290 Family Policy..................................................................................................................................................291 Family Data Leakage.....................................................................................................................................299 Family SCADA...............................................................................................................................................308 Family Mobile Devices...................................................................................................................................318 Family Internet Services................................................................................................................................327
ii
Introduction PVS is a passive vulnerability scanner. Do you know what happens between the last time a vulnerability scan is completed and the next time a scan is completed? New hosts, new ports, new services, and new vulnerabilities can arrive on your networks faster than you may be allowed to scan for them. The PVS vulnerability monitor can find out what is happening on your network without actively scanning it. As PVS monitors your network, it also watches for potential application compromises, trust relationships, and open or browsed network protocols. A single PVS sensor can be placed in front of a network of 25,000 systems and continuously monitor the traffic for a variety of security related information including: • Keeping track of all client and server application vulnerabilities • Detecting when an application is compromised or subverted • Detecting when new hosts are added to the network • Detecting when an internal system begins to port scan other systems • Highlighting all interactive and encrypted network sessions • Tracking exactly which systems communicate with other internal systems • Detecting which ports are served and which ports are browsed for each individual system • Passively determining the type of operating system of each active host
This PDF is automatically generated as new plugins are made available for download from the Tenable Network Security Corporate Web Server. This PDF is organized into several sections. Initially, you have this introduction followed by an overview of plugin count for each plugin family. Finally, the PDF details specific information for each of the different plugin modules. This information includes a brief description, plugin ID, CVE cross-reference, Bugtraq ID cross-reference, Nessus cross-reference, and several other descriptive entries. For more information regarding PVS, please visit: http://www.tenablesecurity.com/products/tenable-passive-vulnerability-scanner