Plugin ID | 285 |
Plugin name | CDK port tcp/15858 detection |
Plugin filename | CDK port tcp-15858 detection.plugin |
Plugin filesize | 2078 bytes |
Plugin family | Backdoors |
Plugin created name | Marc Ruef |
Plugin created email | marc.ruef at computec.ch |
Plugin created web | http://www.computec.ch |
Plugin created company | computec.ch |
Plugin created date | 2005/01/02 |
Plugin version | 1.0 |
Plugin protocol | tcp |
Plugin port | 15858 |
Plugin procedure exploit | open|sleep|send ypi0ca\n|close|pattern_exists Welcome |
Plugin exploit accuracy | 99 |
Plugin comment | The NASL script is Copyright (C) 2000 Renaud Deraison |
Bug vulnerability class | Configuration |
Bug description | The remote host appears to be running CDK, which is a backdoor that can be used to control your system. To use it, an attacker just has to connect onto this port, and send the password 'ypi0ca'. It is very likely that this host has been compromised |
Bug solution | Restore your system from backups, contact CERT and your local authorities. |
Bug fixing time | Approx. 2 days |
Bug exploit availability | Yes |
Bug remote | Yes |
Bug local | Yes |
Bug severity | High |
Bug popularity | 3 |
Bug simplicity | 7 |
Bug impact | 9 |
Bug risk | 6 |
Bug Nessus risk | Critical |
Bug check tools | Nessus can check this flaw with the plugin 10036 (CDK Detect). |
Source CVE | CAN-1999-0660 |
Source Nessus ID | 10036 |
Source Literature | Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427 |
Source Misc. | http://www.computec.ch |