|
| TC: | 12005 | |
| Description: | NetBus is a "remote administration tool", usually installed through a trojan. It usually listens on ports 12345 or 20034. | |
| TC Impact: | Attack |
| Vulnerability Publication: | N.A. | |
| Advisory Copyright: | N.A. | |
| Summary: | A popular remote administration and spy tool is installed on a system. An attacker may take complete control of this system. | |
| Risk: | High | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete | |
| CVSS 2.0 Base Score: | 10 |
| Vulnerability Impact: |
Gain Root |
|---|
| Host Impact: | The system can be controlled remotely. | |
| Nature of Remediation: | Remove unsecured or unwanted software. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Reinstall System (root kit found) ***** Use only remote administration tools with very strong encryption protocols and strong authentication capabilities. To remove NetBus, use an anti-virus tool correctly upgraded, or uninstall the NetBus procedure. Change all passwords. More generally, to protect the network against backdoors deliberately installed through a Trojan horse: install an anti-virus tool on every machine. Install anti-virus software to scan the mail directly on the mail server. Upgrade all anti-virus software every 3 weeks (minimum). Inform all users about the danger of files with .exe, .com or .doc extensions received by e-mail - such as patch.exe, picture.exe, happyny.com, prettygirl.exe and confidential.doc - or other files from untrusted sources. Finally, block all unused ports at Firewall. |
| References: | ||
| * CIAC: J-032 CIAC information bulletin http://ciac.llnl.gov/ciac/bulletins/j-032.shtml * MISC: Information about NetBus tool http://www.netbus.org |
| CVE Link: |
CVE-1999-0660 |
 |
|---|
| Glossary: |
Backdoor TCP port Trojan Horse |
|---|