CDK port tcp/79 detection 1.0
 
Plugin ID286
Plugin nameCDK port tcp/79 detection
Plugin filenameCDK port tcp-79 detection.plugin
Plugin filesize2069 bytes
Plugin familyBackdoors
Plugin created nameMarc Ruef
Plugin created emailmarc.ruef at computec.ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2005/01/02
Plugin version1.0
Plugin protocoltcp
Plugin port79
Plugin procedure exploitopen|sleep|send ypi0ca\n|close|pattern_exists bash
Plugin exploit accuracy99
Plugin commentThe NASL script is Copyright (C) 2000 Renaud Deraison
Bug vulnerability classConfiguration
Bug descriptionThe remote host appears to be running CDK, which is a backdoor that can be used to control your system. To use it, an attacker just has to connect onto this port, and send the password 'ypi0ca'. It is very likely that this host has been compromised
Bug solutionRestore your system from backups, contact CERT and your local authorities.
Bug fixing timeApprox. 2 days
Bug exploit availabilityYes
Bug remoteYes
Bug localYes
Bug severityHigh
Bug popularity3
Bug simplicity7
Bug impact9
Bug risk6
Bug Nessus riskCritical
Bug check toolsNessus can check this flaw with the plugin 10036 (CDK Detect).
Source CVECAN-1999-0660
Source Nessus ID10036
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.