Radmin (Remote Administrator) Port 10002 - Possible GDI Compromise

high Nessus Plugin ID 14834

Synopsis

The remote host may have been compromised

Description

The remote host is running radmin - a remote administration tool - on port 10002.

This indicates that an attacker may have exploited one of the flaws described in MS04-028 with a widely available exploit.

As a result, anyone may connect to the remote host and gain control by logging into the remote radmin server.

Solution

Re-install the operating system, as it has likely been compromised.

See Also

http://www.freerepublic.com/focus/f-news/1229010/posts

Plugin Details

Severity: High

ID: 14834

File Name: radmin_port_10002.nasl

Version: 1.21

Type: remote

Family: Backdoors

Published: 9/28/2004

Updated: 6/13/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/14/2004

Reference Information

CVE: CVE-2004-0200