------------------------------------------------------------------------------------------------ Check Status for Application ------------------------------------------------------------------------------------------------ COMPANY NAME: PRINT DATE : 9/10/2004 TEST DATE : 9/10/2004 3:53:04 PM - 9/10/2004 3:54:15 PM APPLICATION : DB2 6.1 (db2inst2:SAMPLE) on 172.16.0.64, port 50000 ------------------------------------------------------------------------------------------------ REPORT DESCRIPTION: A number of penetration tests and audits were performed on the application in your network. Below is a list of checks that were executed along with an indication of whether any violations of the check were found. Also listed is the start and end time of when the check ran. If at least one vulnerability was found for a check, the 'Status' field will read 'Violation Found'. For checks in which no vulnerabilities were found, the 'Status' field will read 'No Violation Found'. If a check failed for any reason, the 'Status' field will read 'Failed' and a short description of what caused the check to fail will be displayed. If the 'Status' field has a value of 'Working', then the check is still running. If a check was not able to be performed for any reason, the 'Status' field contains a value of 'Skipped' and a status message should be provided containing details about why the check was skipped. The Check Status report can be used to review which checks were run as well as which checks may have failed. SUMMARY: ------------------------------------------------------------------------------------------------ Check Name Status Time Run ------------------------------------------------------------------------------------------------ Auditing buffer size No Violation Found 3:53:31 PM - 3:53:31 PM Authentication type Violation Found 3:54:09 PM - 3:54:09 PM CLIENT authentication No Violation Found 3:54:09 PM - 3:54:10 PM Connect handshake overflow (Verify version) Violation Found 3:54:13 PM - 3:54:13 PM Control Center buffer overflow (Verify version) No Violation Found 3:54:08 PM - 3:54:08 PM CREATE_NOT_FENCED privilege granted Violation Found 3:54:09 PM - 3:54:09 PM Date/Varchar DoS (Verify version) Skipped 3:54:08 PM - 3:54:08 PM db2ckpwd buffer overflow (Verify version) Skipped 3:54:08 PM - 3:54:08 PM db2dart buffer overflow (Verify version) Violation Found 3:54:13 PM - 3:54:13 PM db2job file overwrite (Verify version) Failed 3:54:12 PM - 3:54:12 PM db2licm buffer overflow (Verify version) Violation Found 3:54:14 PM - 3:54:14 PM db2start buffer overflow (Verify version) Violation Found 3:54:13 PM - 3:54:13 PM DCS authentication No Violation Found 3:54:10 PM - 3:54:10 PM Discovery service DoS (Verify version) Skipped 3:54:14 PM - 3:54:14 PM INVOKE buffer overflow (Verify version) Skipped 3:54:13 PM - 3:54:13 PM Latest FixPak not installed Skipped 3:54:11 PM - 3:54:11 PM LOAD buffer overflow (Verify version) No Violation Found 3:54:12 PM - 3:54:12 PM Multiple setuid buffer overflows (Verify version) Violation Found 3:54:11 PM - 3:54:12 PM Not using NTFS partition Skipped 3:54:12 PM - 3:54:12 PM Password in registry Skipped 3:54:13 PM - 3:54:13 PM Permissions grantable Violation Found 3:53:56 PM - 3:54:08 PM Permissions granted to PUBLIC Violation Found 3:53:31 PM - 3:53:50 PM Permissions granted to user Violation Found 3:53:50 PM - 3:53:55 PM Query compiler DoS (Verify version) Violation Found 3:54:08 PM - 3:54:08 PM Remote Command Priv Escalation (Verify version) No Violation Found 3:54:14 PM - 3:54:14 PM SERVER authentication Violation Found 3:54:10 PM - 3:54:10 PM SYSADM_GROUP configuration option Violation Found 3:54:11 PM - 3:54:11 PM Trust all clients No Violation Found 3:54:11 PM - 3:54:11 PM Weak permissions on DMS (Verify version) No Violation Found 3:54:14 PM - 3:54:14 PM ------------------------------------------------------------------------------------------------ Powered by Application Security, Inc.