ID MCAFEE_EBSADMIN_DETECT.NASL
Type nessus
Reporter Tenable
Modified 2012-08-01T00:00:00
Description
An Administration Agent for McAfee E-Business Server is listening on the remote host. McAfee E-Business Server is an enterprise tool for digitally encrypting and signing electronic files, and the Administration Agent allows for remote administration of the E-Business Server on the remote host.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(25089);
script_version("$Revision: 1.8 $");
script_cvs_date("$Date: 2012/08/01 14:02:33 $");
script_name(english:"McAfee E-Business Administration Agent Detection");
script_summary(english:"Tries to perform initial handshake with EBSAdmin");
script_set_attribute(attribute:"synopsis", value:
"An administration server is listening on the remote host." );
script_set_attribute(attribute:"description", value:
"An Administration Agent for McAfee E-Business Server is listening on
the remote host. McAfee E-Business Server is an enterprise tool for
digitally encrypting and signing electronic files, and the
Administration Agent allows for remote administration of the
E-Business Server on the remote host." );
# http://web.archive.org/web/20081219142945/http://www.mcafee.com/us/enterprise/products/encryption/ebusiness_server.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?efe7f15e" );
script_set_attribute(attribute:"solution", value:
"Limit incoming traffic to this port as desired." );
script_set_attribute(attribute:"risk_factor", value:"None" );
script_set_attribute(attribute:"plugin_publication_date", value: "2007/04/27");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:mcafee:e-business_server");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Service detection");
script_copyright(english:"This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.");
script_dependencies("find_service1.nasl");
script_require_ports("Services/unknown", 1718);
exit(0);
}
include("byte_func.inc");
include("global_settings.inc");
include("misc_func.inc");
if (thorough_tests && ! get_kb_item("global_settings/disable_service_discovery") ) {
port = get_unknown_svc(1718);
if (!port) exit(0);
}
else port = 1718;
if (known_service(port:port)) exit(0);
if (!get_tcp_port_state(port)) exit(0);
soc = open_sock_tcp(port);
if (!soc) exit(0);
# Make sure we get the initial byte for a banner.
res = recv(socket:soc, length:2, min:1);
if (strlen(res) != 1 || getbyte(blob:res, pos:0) != 1) exit(0);
# Try to do the initial handshake.
req = raw_string(
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x25, 0x61, 0xa8, 0x4f, 0x21, 0x9e, 0x55, 0xc8,
0xca, 0x91, 0xc8, 0x88, 0x79, 0xa4, 0x31, 0xd5,
0x05, 0xff, 0x64, 0xc8, 0x8b, 0xac, 0x5a, 0x97,
0x18, 0x7e, 0x93, 0xa6, 0xa1, 0xed, 0x97, 0x79,
0x6e, 0x83, 0x30, 0xda, 0x91, 0xda, 0xc4, 0xd3,
0x46, 0x17, 0xb8, 0x1e, 0xf0, 0xf3, 0x8b, 0xd0,
0x6e, 0xb5, 0x9c, 0x37, 0x21, 0xe8, 0xeb, 0x7c,
0xd3, 0xc6, 0x9b, 0x63, 0xa2, 0x92, 0x21, 0x02,
0x2b, 0x3b, 0x0c, 0x9f, 0x08, 0x40, 0xd9, 0x29,
0x3f, 0x56, 0x06, 0x21, 0x1f, 0x86, 0x86, 0x21,
0xca, 0x06, 0xc6, 0x74, 0x15, 0x16, 0x4e, 0x37,
0x07, 0xdb, 0x01, 0x82, 0xc0, 0x20, 0xef, 0xff,
0x64, 0x74, 0x47, 0x59, 0x23, 0xa3, 0x80, 0xda,
0x21, 0x7e, 0x5f, 0x4f, 0x6d, 0x48, 0x89, 0x3f,
0xec, 0xec, 0xfd, 0x41, 0xdd, 0xb6, 0x2d, 0x76,
0x7b, 0xec, 0x7a, 0x5a, 0x00, 0xae, 0xc6, 0x47,
0x85, 0x06, 0xac, 0x58, 0xa3, 0x89, 0xa6, 0x50,
0x42, 0xb2, 0x82, 0x2a, 0xe7, 0xf6, 0x4a, 0xb6,
0x39, 0xbf, 0xd8, 0xaa, 0xe7, 0xc8, 0x4a, 0x3c,
0xc4, 0x69, 0xac, 0x89, 0x87, 0x68, 0xfc, 0x9f,
0x46, 0x63, 0x47, 0xee, 0x44, 0xc5, 0x03, 0xdf,
0x86, 0x5d, 0x9f, 0x34, 0xaf, 0x47, 0x46, 0x1e,
0x41, 0x60, 0xb4, 0x9e, 0x8e, 0x9e, 0x0e, 0xe8,
0xc8, 0x43, 0x6c, 0x35, 0xbb, 0x64, 0xe4, 0x2a,
0x76, 0x91, 0x5b, 0xaa, 0x0c, 0x8a, 0x21, 0x2d,
0xa6, 0x4c, 0x6b, 0xab, 0x2f, 0x6e, 0x8e, 0xd0,
0x08, 0xf7
);
req = mkbyte(1) + mkdword(strlen(req)) + req;
send(socket:soc, data:req);
res = recv(socket:soc, length:1024);
close(soc);
# If the response looks ok...
if (
strlen(res) == 223 &&
getbyte(blob:res, pos:0) == 2 &&
getdword(blob:res, pos:1) + 5 == strlen(res)
)
{
# Register and report the service.
register_service(port:port, ipproto:"tcp", proto:"ebsadmin");
security_note(port);
}
{"id": "MCAFEE_EBSADMIN_DETECT.NASL", "bulletinFamily": "scanner", "title": "McAfee E-Business Administration Agent Detection", "description": "An Administration Agent for McAfee E-Business Server is listening on the remote host. McAfee E-Business Server is an enterprise tool for digitally encrypting and signing electronic files, and the Administration Agent allows for remote administration of the E-Business Server on the remote host.", "published": "2007-04-27T00:00:00", "modified": "2012-08-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25089", "reporter": "Tenable", "references": ["http://www.nessus.org/u?efe7f15e"], "cvelist": [], "type": "nessus", "lastseen": "2019-02-21T01:09:51", "history": [{"lastseen": "2019-01-16T20:07:17", "edition": 3, "differentElements": ["description"], "bulletin": {"lastseen": "2019-01-16T20:07:17", "references": ["http://www.nessus.org/u?efe7f15e"], "pluginID": "25089", "description": "An Administration Agent for McAfee E-Business Server is listening on\nthe remote host. McAfee E-Business Server is an enterprise tool for\ndigitally encrypting and signing electronic files, and the\nAdministration Agent allows for remote administration of the\nE-Business Server on the remote host.", "edition": 3, "reporter": "Tenable", "history": [], "published": "2007-04-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "dependencies": {"references": [], "modified": "2019-01-16T20:07:17"}}, "title": "McAfee E-Business Administration Agent Detection", "type": "nessus", "objectVersion": "1.3", "naslFamily": "Service detection", "bulletinFamily": "scanner", "cvelist": [], "cpe": ["cpe:/a:mcafee:e-business_server"], "modified": "2012-08-01T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25089", "id": "MCAFEE_EBSADMIN_DETECT.NASL", "viewCount": 4, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25089);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:02:33 $\");\n\n script_name(english:\"McAfee E-Business Administration Agent Detection\");\n script_summary(english:\"Tries to perform initial handshake with EBSAdmin\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administration server is listening on the remote host.\" );\n script_set_attribute(attribute:\"description\", value:\n\"An Administration Agent for McAfee E-Business Server is listening on\nthe remote host. McAfee E-Business Server is an enterprise tool for\ndigitally encrypting and signing electronic files, and the\nAdministration Agent allows for remote administration of the\nE-Business Server on the remote host.\" );\n # http://web.archive.org/web/20081219142945/http://www.mcafee.com/us/enterprise/products/encryption/ebusiness_server.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?efe7f15e\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Limit incoming traffic to this port as desired.\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"None\" );\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/04/27\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:mcafee:e-business_server\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Service detection\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\");\n script_require_ports(\"Services/unknown\", 1718);\n\n exit(0);\n}\n\n\ninclude(\"byte_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (thorough_tests && ! get_kb_item(\"global_settings/disable_service_discovery\") ) {\n port = get_unknown_svc(1718);\n if (!port) exit(0);\n}\nelse port = 1718;\nif (known_service(port:port)) exit(0);\nif (!get_tcp_port_state(port)) exit(0);\n\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\n\n# Make sure we get the initial byte for a banner.\nres = recv(socket:soc, length:2, min:1);\nif (strlen(res) != 1 || getbyte(blob:res, pos:0) != 1) exit(0);\n\n\n# Try to do the initial handshake.\nreq = raw_string(\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \n 0x25, 0x61, 0xa8, 0x4f, 0x21, 0x9e, 0x55, 0xc8, \n 0xca, 0x91, 0xc8, 0x88, 0x79, 0xa4, 0x31, 0xd5, \n 0x05, 0xff, 0x64, 0xc8, 0x8b, 0xac, 0x5a, 0x97, \n 0x18, 0x7e, 0x93, 0xa6, 0xa1, 0xed, 0x97, 0x79, \n 0x6e, 0x83, 0x30, 0xda, 0x91, 0xda, 0xc4, 0xd3, \n 0x46, 0x17, 0xb8, 0x1e, 0xf0, 0xf3, 0x8b, 0xd0, \n 0x6e, 0xb5, 0x9c, 0x37, 0x21, 0xe8, 0xeb, 0x7c, \n 0xd3, 0xc6, 0x9b, 0x63, 0xa2, 0x92, 0x21, 0x02, \n 0x2b, 0x3b, 0x0c, 0x9f, 0x08, 0x40, 0xd9, 0x29, \n 0x3f, 0x56, 0x06, 0x21, 0x1f, 0x86, 0x86, 0x21, \n 0xca, 0x06, 0xc6, 0x74, 0x15, 0x16, 0x4e, 0x37, \n 0x07, 0xdb, 0x01, 0x82, 0xc0, 0x20, 0xef, 0xff, \n 0x64, 0x74, 0x47, 0x59, 0x23, 0xa3, 0x80, 0xda, \n 0x21, 0x7e, 0x5f, 0x4f, 0x6d, 0x48, 0x89, 0x3f, \n 0xec, 0xec, 0xfd, 0x41, 0xdd, 0xb6, 0x2d, 0x76, \n 0x7b, 0xec, 0x7a, 0x5a, 0x00, 0xae, 0xc6, 0x47, \n 0x85, 0x06, 0xac, 0x58, 0xa3, 0x89, 0xa6, 0x50, \n 0x42, 0xb2, 0x82, 0x2a, 0xe7, 0xf6, 0x4a, 0xb6, \n 0x39, 0xbf, 0xd8, 0xaa, 0xe7, 0xc8, 0x4a, 0x3c, \n 0xc4, 0x69, 0xac, 0x89, 0x87, 0x68, 0xfc, 0x9f, \n 0x46, 0x63, 0x47, 0xee, 0x44, 0xc5, 0x03, 0xdf, \n 0x86, 0x5d, 0x9f, 0x34, 0xaf, 0x47, 0x46, 0x1e, \n 0x41, 0x60, 0xb4, 0x9e, 0x8e, 0x9e, 0x0e, 0xe8, \n 0xc8, 0x43, 0x6c, 0x35, 0xbb, 0x64, 0xe4, 0x2a, \n 0x76, 0x91, 0x5b, 0xaa, 0x0c, 0x8a, 0x21, 0x2d, \n 0xa6, 0x4c, 0x6b, 0xab, 0x2f, 0x6e, 0x8e, 0xd0, \n 0x08, 0xf7\n);\nreq = mkbyte(1) + mkdword(strlen(req)) + req;\nsend(socket:soc, data:req);\nres = recv(socket:soc, length:1024);\nclose(soc);\n\n\n# If the response looks ok...\nif (\n strlen(res) == 223 && \n getbyte(blob:res, pos:0) == 2 && \n getdword(blob:res, pos:1) + 5 == strlen(res)\n)\n{\n # Register and report the service.\n register_service(port:port, ipproto:\"tcp\", proto:\"ebsadmin\");\n security_note(port);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}, "hashmap": [{"hash": "f2c61fa60020b4cfbb27c4aadbe1a600", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a3d3c73c01505d0383b007174b5bb5ac", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "a778b97a5c23ecf2bfff314ba933deb5", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "1cb6f99bf9adca74f84a17f6e5498bd6", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "10e2ea8c0343f51d194183a1f66bb2d2", "key": "cpe"}, {"hash": "c904c166fba890042ced548f33e672d6", "key": "published"}, {"hash": "7aac673bca5b4ed91182c38a72e62ef5", "key": "title"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "modified"}, {"hash": "1de61ec68a32ee1fd97884f458d4930b", "key": "sourceData"}, {"hash": "6e0ac49db48f2b74b919ae365f9b3582", "key": "references"}], "hash": "9fd16eaa5f25f1b210c86305116ee358a48956071cf756f950942975832db746"}}, {"lastseen": "2017-10-29T13:34:44", "edition": 2, "differentElements": ["description"], "bulletin": {"lastseen": "2017-10-29T13:34:44", "references": ["http://www.nessus.org/u?efe7f15e"], "pluginID": "25089", "description": "An Administration Agent for McAfee E-Business Server is listening on the remote host. McAfee E-Business Server is an enterprise tool for digitally encrypting and signing electronic files, and the Administration Agent allows for remote administration of the E-Business Server on the remote host.", "edition": 2, "reporter": "Tenable", "history": [], "published": "2007-04-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "McAfee E-Business Administration Agent Detection", "type": "nessus", "objectVersion": "1.3", "naslFamily": "Service detection", "bulletinFamily": "scanner", "cvelist": [], "cpe": ["cpe:/a:mcafee:e-business_server"], "modified": "2012-08-01T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25089", "id": "MCAFEE_EBSADMIN_DETECT.NASL", "viewCount": 4, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25089);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:02:33 $\");\n\n script_name(english:\"McAfee E-Business Administration Agent Detection\");\n script_summary(english:\"Tries to perform initial handshake with EBSAdmin\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administration server is listening on the remote host.\" );\n script_set_attribute(attribute:\"description\", value:\n\"An Administration Agent for McAfee E-Business Server is listening on\nthe remote host. McAfee E-Business Server is an enterprise tool for\ndigitally encrypting and signing electronic files, and the\nAdministration Agent allows for remote administration of the\nE-Business Server on the remote host.\" );\n # http://web.archive.org/web/20081219142945/http://www.mcafee.com/us/enterprise/products/encryption/ebusiness_server.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?efe7f15e\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Limit incoming traffic to this port as desired.\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"None\" );\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/04/27\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:mcafee:e-business_server\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Service detection\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\");\n script_require_ports(\"Services/unknown\", 1718);\n\n exit(0);\n}\n\n\ninclude(\"byte_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (thorough_tests && ! get_kb_item(\"global_settings/disable_service_discovery\") ) {\n port = get_unknown_svc(1718);\n if (!port) exit(0);\n}\nelse port = 1718;\nif (known_service(port:port)) exit(0);\nif (!get_tcp_port_state(port)) exit(0);\n\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\n\n# Make sure we get the initial byte for a banner.\nres = recv(socket:soc, length:2, min:1);\nif (strlen(res) != 1 || getbyte(blob:res, pos:0) != 1) exit(0);\n\n\n# Try to do the initial handshake.\nreq = raw_string(\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \n 0x25, 0x61, 0xa8, 0x4f, 0x21, 0x9e, 0x55, 0xc8, \n 0xca, 0x91, 0xc8, 0x88, 0x79, 0xa4, 0x31, 0xd5, \n 0x05, 0xff, 0x64, 0xc8, 0x8b, 0xac, 0x5a, 0x97, \n 0x18, 0x7e, 0x93, 0xa6, 0xa1, 0xed, 0x97, 0x79, \n 0x6e, 0x83, 0x30, 0xda, 0x91, 0xda, 0xc4, 0xd3, \n 0x46, 0x17, 0xb8, 0x1e, 0xf0, 0xf3, 0x8b, 0xd0, \n 0x6e, 0xb5, 0x9c, 0x37, 0x21, 0xe8, 0xeb, 0x7c, \n 0xd3, 0xc6, 0x9b, 0x63, 0xa2, 0x92, 0x21, 0x02, \n 0x2b, 0x3b, 0x0c, 0x9f, 0x08, 0x40, 0xd9, 0x29, \n 0x3f, 0x56, 0x06, 0x21, 0x1f, 0x86, 0x86, 0x21, \n 0xca, 0x06, 0xc6, 0x74, 0x15, 0x16, 0x4e, 0x37, \n 0x07, 0xdb, 0x01, 0x82, 0xc0, 0x20, 0xef, 0xff, \n 0x64, 0x74, 0x47, 0x59, 0x23, 0xa3, 0x80, 0xda, \n 0x21, 0x7e, 0x5f, 0x4f, 0x6d, 0x48, 0x89, 0x3f, \n 0xec, 0xec, 0xfd, 0x41, 0xdd, 0xb6, 0x2d, 0x76, \n 0x7b, 0xec, 0x7a, 0x5a, 0x00, 0xae, 0xc6, 0x47, \n 0x85, 0x06, 0xac, 0x58, 0xa3, 0x89, 0xa6, 0x50, \n 0x42, 0xb2, 0x82, 0x2a, 0xe7, 0xf6, 0x4a, 0xb6, \n 0x39, 0xbf, 0xd8, 0xaa, 0xe7, 0xc8, 0x4a, 0x3c, \n 0xc4, 0x69, 0xac, 0x89, 0x87, 0x68, 0xfc, 0x9f, \n 0x46, 0x63, 0x47, 0xee, 0x44, 0xc5, 0x03, 0xdf, \n 0x86, 0x5d, 0x9f, 0x34, 0xaf, 0x47, 0x46, 0x1e, \n 0x41, 0x60, 0xb4, 0x9e, 0x8e, 0x9e, 0x0e, 0xe8, \n 0xc8, 0x43, 0x6c, 0x35, 0xbb, 0x64, 0xe4, 0x2a, \n 0x76, 0x91, 0x5b, 0xaa, 0x0c, 0x8a, 0x21, 0x2d, \n 0xa6, 0x4c, 0x6b, 0xab, 0x2f, 0x6e, 0x8e, 0xd0, \n 0x08, 0xf7\n);\nreq = mkbyte(1) + mkdword(strlen(req)) + req;\nsend(socket:soc, data:req);\nres = recv(socket:soc, length:1024);\nclose(soc);\n\n\n# If the response looks ok...\nif (\n strlen(res) == 223 && \n getbyte(blob:res, pos:0) == 2 && \n getdword(blob:res, pos:1) + 5 == strlen(res)\n)\n{\n # Register and report the service.\n register_service(port:port, ipproto:\"tcp\", proto:\"ebsadmin\");\n security_note(port);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}, "hashmap": [{"hash": "f2c61fa60020b4cfbb27c4aadbe1a600", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ec6dbbfd408205f903e6cf33140aff8f", "key": "description"}, {"hash": "a3d3c73c01505d0383b007174b5bb5ac", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "1cb6f99bf9adca74f84a17f6e5498bd6", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "10e2ea8c0343f51d194183a1f66bb2d2", "key": "cpe"}, {"hash": "c904c166fba890042ced548f33e672d6", "key": "published"}, {"hash": "7aac673bca5b4ed91182c38a72e62ef5", "key": "title"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "modified"}, {"hash": "1de61ec68a32ee1fd97884f458d4930b", "key": "sourceData"}, {"hash": "6e0ac49db48f2b74b919ae365f9b3582", "key": "references"}], "hash": "c744b7c2afe10ee482950837778375b1ceaef44f1319de77c7db181094a81fa0"}}, {"lastseen": "2016-09-26T17:23:36", "edition": 1, "differentElements": ["cpe"], "bulletin": {"lastseen": "2016-09-26T17:23:36", "references": ["http://www.nessus.org/u?efe7f15e"], "pluginID": "25089", "description": "An Administration Agent for McAfee E-Business Server is listening on the remote host. McAfee E-Business Server is an enterprise tool for digitally encrypting and signing electronic files, and the Administration Agent allows for remote administration of the E-Business Server on the remote host.", "edition": 1, "reporter": "Tenable", "history": [], "published": "2007-04-27T00:00:00", "enchantments": {}, "title": "McAfee E-Business Administration Agent Detection", "type": "nessus", "objectVersion": "1.2", "naslFamily": "Service detection", "bulletinFamily": "scanner", "cvelist": [], "cpe": [], "modified": "2012-08-01T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=25089", "id": "MCAFEE_EBSADMIN_DETECT.NASL", "viewCount": 1, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25089);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:02:33 $\");\n\n script_name(english:\"McAfee E-Business Administration Agent Detection\");\n script_summary(english:\"Tries to perform initial handshake with EBSAdmin\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administration server is listening on the remote host.\" );\n script_set_attribute(attribute:\"description\", value:\n\"An Administration Agent for McAfee E-Business Server is listening on\nthe remote host. McAfee E-Business Server is an enterprise tool for\ndigitally encrypting and signing electronic files, and the\nAdministration Agent allows for remote administration of the\nE-Business Server on the remote host.\" );\n # http://web.archive.org/web/20081219142945/http://www.mcafee.com/us/enterprise/products/encryption/ebusiness_server.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?efe7f15e\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Limit incoming traffic to this port as desired.\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"None\" );\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/04/27\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:mcafee:e-business_server\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Service detection\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\");\n script_require_ports(\"Services/unknown\", 1718);\n\n exit(0);\n}\n\n\ninclude(\"byte_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (thorough_tests && ! get_kb_item(\"global_settings/disable_service_discovery\") ) {\n port = get_unknown_svc(1718);\n if (!port) exit(0);\n}\nelse port = 1718;\nif (known_service(port:port)) exit(0);\nif (!get_tcp_port_state(port)) exit(0);\n\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\n\n# Make sure we get the initial byte for a banner.\nres = recv(socket:soc, length:2, min:1);\nif (strlen(res) != 1 || getbyte(blob:res, pos:0) != 1) exit(0);\n\n\n# Try to do the initial handshake.\nreq = raw_string(\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \n 0x25, 0x61, 0xa8, 0x4f, 0x21, 0x9e, 0x55, 0xc8, \n 0xca, 0x91, 0xc8, 0x88, 0x79, 0xa4, 0x31, 0xd5, \n 0x05, 0xff, 0x64, 0xc8, 0x8b, 0xac, 0x5a, 0x97, \n 0x18, 0x7e, 0x93, 0xa6, 0xa1, 0xed, 0x97, 0x79, \n 0x6e, 0x83, 0x30, 0xda, 0x91, 0xda, 0xc4, 0xd3, \n 0x46, 0x17, 0xb8, 0x1e, 0xf0, 0xf3, 0x8b, 0xd0, \n 0x6e, 0xb5, 0x9c, 0x37, 0x21, 0xe8, 0xeb, 0x7c, \n 0xd3, 0xc6, 0x9b, 0x63, 0xa2, 0x92, 0x21, 0x02, \n 0x2b, 0x3b, 0x0c, 0x9f, 0x08, 0x40, 0xd9, 0x29, \n 0x3f, 0x56, 0x06, 0x21, 0x1f, 0x86, 0x86, 0x21, \n 0xca, 0x06, 0xc6, 0x74, 0x15, 0x16, 0x4e, 0x37, \n 0x07, 0xdb, 0x01, 0x82, 0xc0, 0x20, 0xef, 0xff, \n 0x64, 0x74, 0x47, 0x59, 0x23, 0xa3, 0x80, 0xda, \n 0x21, 0x7e, 0x5f, 0x4f, 0x6d, 0x48, 0x89, 0x3f, \n 0xec, 0xec, 0xfd, 0x41, 0xdd, 0xb6, 0x2d, 0x76, \n 0x7b, 0xec, 0x7a, 0x5a, 0x00, 0xae, 0xc6, 0x47, \n 0x85, 0x06, 0xac, 0x58, 0xa3, 0x89, 0xa6, 0x50, \n 0x42, 0xb2, 0x82, 0x2a, 0xe7, 0xf6, 0x4a, 0xb6, \n 0x39, 0xbf, 0xd8, 0xaa, 0xe7, 0xc8, 0x4a, 0x3c, \n 0xc4, 0x69, 0xac, 0x89, 0x87, 0x68, 0xfc, 0x9f, \n 0x46, 0x63, 0x47, 0xee, 0x44, 0xc5, 0x03, 0xdf, \n 0x86, 0x5d, 0x9f, 0x34, 0xaf, 0x47, 0x46, 0x1e, \n 0x41, 0x60, 0xb4, 0x9e, 0x8e, 0x9e, 0x0e, 0xe8, \n 0xc8, 0x43, 0x6c, 0x35, 0xbb, 0x64, 0xe4, 0x2a, \n 0x76, 0x91, 0x5b, 0xaa, 0x0c, 0x8a, 0x21, 0x2d, \n 0xa6, 0x4c, 0x6b, 0xab, 0x2f, 0x6e, 0x8e, 0xd0, \n 0x08, 0xf7\n);\nreq = mkbyte(1) + mkdword(strlen(req)) + req;\nsend(socket:soc, data:req);\nres = recv(socket:soc, length:1024);\nclose(soc);\n\n\n# If the response looks ok...\nif (\n strlen(res) == 223 && \n getbyte(blob:res, pos:0) == 2 && \n getdword(blob:res, pos:1) + 5 == strlen(res)\n)\n{\n # Register and report the service.\n register_service(port:port, ipproto:\"tcp\", proto:\"ebsadmin\");\n security_note(port);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}, "hashmap": [{"hash": "f2c61fa60020b4cfbb27c4aadbe1a600", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ec6dbbfd408205f903e6cf33140aff8f", "key": "description"}, {"hash": "a3d3c73c01505d0383b007174b5bb5ac", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "1cb6f99bf9adca74f84a17f6e5498bd6", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c904c166fba890042ced548f33e672d6", "key": "published"}, {"hash": "7aac673bca5b4ed91182c38a72e62ef5", "key": "title"}, {"hash": "3ff4afbf9eedf98937c2e5c5cf13456f", "key": "modified"}, {"hash": "1de61ec68a32ee1fd97884f458d4930b", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "6e0ac49db48f2b74b919ae365f9b3582", "key": "references"}], "hash": "19bf48d04ee5a0778d04db8db1af5d059a12d82441348400e375b03bb8556c20"}}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "10e2ea8c0343f51d194183a1f66bb2d2"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "ec6dbbfd408205f903e6cf33140aff8f"}, {"key": "href", "hash": "f2c61fa60020b4cfbb27c4aadbe1a600"}, {"key": "modified", "hash": "3ff4afbf9eedf98937c2e5c5cf13456f"}, {"key": "naslFamily", "hash": "a3d3c73c01505d0383b007174b5bb5ac"}, {"key": "pluginID", "hash": "1cb6f99bf9adca74f84a17f6e5498bd6"}, {"key": "published", "hash": "c904c166fba890042ced548f33e672d6"}, {"key": "references", "hash": "6e0ac49db48f2b74b919ae365f9b3582"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "1de61ec68a32ee1fd97884f458d4930b"}, {"key": "title", "hash": "7aac673bca5b4ed91182c38a72e62ef5"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "c744b7c2afe10ee482950837778375b1ceaef44f1319de77c7db181094a81fa0", "viewCount": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2019-01-16T20:07:17"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25089);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2012/08/01 14:02:33 $\");\n\n script_name(english:\"McAfee E-Business Administration Agent Detection\");\n script_summary(english:\"Tries to perform initial handshake with EBSAdmin\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An administration server is listening on the remote host.\" );\n script_set_attribute(attribute:\"description\", value:\n\"An Administration Agent for McAfee E-Business Server is listening on\nthe remote host. McAfee E-Business Server is an enterprise tool for\ndigitally encrypting and signing electronic files, and the\nAdministration Agent allows for remote administration of the\nE-Business Server on the remote host.\" );\n # http://web.archive.org/web/20081219142945/http://www.mcafee.com/us/enterprise/products/encryption/ebusiness_server.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?efe7f15e\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Limit incoming traffic to this port as desired.\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"None\" );\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/04/27\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:mcafee:e-business_server\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Service detection\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.\");\n\n script_dependencies(\"find_service1.nasl\");\n script_require_ports(\"Services/unknown\", 1718);\n\n exit(0);\n}\n\n\ninclude(\"byte_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (thorough_tests && ! get_kb_item(\"global_settings/disable_service_discovery\") ) {\n port = get_unknown_svc(1718);\n if (!port) exit(0);\n}\nelse port = 1718;\nif (known_service(port:port)) exit(0);\nif (!get_tcp_port_state(port)) exit(0);\n\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\n\n# Make sure we get the initial byte for a banner.\nres = recv(socket:soc, length:2, min:1);\nif (strlen(res) != 1 || getbyte(blob:res, pos:0) != 1) exit(0);\n\n\n# Try to do the initial handshake.\nreq = raw_string(\n 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \n 0x25, 0x61, 0xa8, 0x4f, 0x21, 0x9e, 0x55, 0xc8, \n 0xca, 0x91, 0xc8, 0x88, 0x79, 0xa4, 0x31, 0xd5, \n 0x05, 0xff, 0x64, 0xc8, 0x8b, 0xac, 0x5a, 0x97, \n 0x18, 0x7e, 0x93, 0xa6, 0xa1, 0xed, 0x97, 0x79, \n 0x6e, 0x83, 0x30, 0xda, 0x91, 0xda, 0xc4, 0xd3, \n 0x46, 0x17, 0xb8, 0x1e, 0xf0, 0xf3, 0x8b, 0xd0, \n 0x6e, 0xb5, 0x9c, 0x37, 0x21, 0xe8, 0xeb, 0x7c, \n 0xd3, 0xc6, 0x9b, 0x63, 0xa2, 0x92, 0x21, 0x02, \n 0x2b, 0x3b, 0x0c, 0x9f, 0x08, 0x40, 0xd9, 0x29, \n 0x3f, 0x56, 0x06, 0x21, 0x1f, 0x86, 0x86, 0x21, \n 0xca, 0x06, 0xc6, 0x74, 0x15, 0x16, 0x4e, 0x37, \n 0x07, 0xdb, 0x01, 0x82, 0xc0, 0x20, 0xef, 0xff, \n 0x64, 0x74, 0x47, 0x59, 0x23, 0xa3, 0x80, 0xda, \n 0x21, 0x7e, 0x5f, 0x4f, 0x6d, 0x48, 0x89, 0x3f, \n 0xec, 0xec, 0xfd, 0x41, 0xdd, 0xb6, 0x2d, 0x76, \n 0x7b, 0xec, 0x7a, 0x5a, 0x00, 0xae, 0xc6, 0x47, \n 0x85, 0x06, 0xac, 0x58, 0xa3, 0x89, 0xa6, 0x50, \n 0x42, 0xb2, 0x82, 0x2a, 0xe7, 0xf6, 0x4a, 0xb6, \n 0x39, 0xbf, 0xd8, 0xaa, 0xe7, 0xc8, 0x4a, 0x3c, \n 0xc4, 0x69, 0xac, 0x89, 0x87, 0x68, 0xfc, 0x9f, \n 0x46, 0x63, 0x47, 0xee, 0x44, 0xc5, 0x03, 0xdf, \n 0x86, 0x5d, 0x9f, 0x34, 0xaf, 0x47, 0x46, 0x1e, \n 0x41, 0x60, 0xb4, 0x9e, 0x8e, 0x9e, 0x0e, 0xe8, \n 0xc8, 0x43, 0x6c, 0x35, 0xbb, 0x64, 0xe4, 0x2a, \n 0x76, 0x91, 0x5b, 0xaa, 0x0c, 0x8a, 0x21, 0x2d, \n 0xa6, 0x4c, 0x6b, 0xab, 0x2f, 0x6e, 0x8e, 0xd0, \n 0x08, 0xf7\n);\nreq = mkbyte(1) + mkdword(strlen(req)) + req;\nsend(socket:soc, data:req);\nres = recv(socket:soc, length:1024);\nclose(soc);\n\n\n# If the response looks ok...\nif (\n strlen(res) == 223 && \n getbyte(blob:res, pos:0) == 2 && \n getdword(blob:res, pos:1) + 5 == strlen(res)\n)\n{\n # Register and report the service.\n register_service(port:port, ipproto:\"tcp\", proto:\"ebsadmin\");\n security_note(port);\n}\n", "naslFamily": "Service detection", "pluginID": "25089", "cpe": ["cpe:/a:mcafee:e-business_server"], "scheme": null}
{}