CERT Coordination Center
HomeSite IndexSearchContactFrequently Asked Questions
Vulnerabilities, Incidents & FixesSecurity Practices and EvaluationsSurvivability Research and AnalysisTraining and Education
Options

 Advisories

US-CERT Vulnerability Notes Database

Incident Notes

Current Activity

 Related
Summaries

Tech Tips

AirCERT

Employment Opportunities

 more links
CERT Statistics

Vulnerability Disclosure Policy

CERT Knowledgebase

System Administrator courses

CSIRT courses

Other Sources of Security Information

Channels

 Message
wap.cert.org
Visit wap.cert.org for wireless advisories.

Related Sites
Link to US-CERT
cylab

Ports Associated with Known Vulnerabilities and Exploits

Last updated: March 04, 2005

Our advisories, incident notes, and current activity often include information regarding services that have been targeted for exploitation. The following table lists services and ports that have been mentioned in documents we have published since August 1, 2002.


Service Port/Protocol Related Information
ICMP Echo Request Type 8, Code 0/icmp Current Activity 08/18/2003: W32/Welchia Worm
ssh 22/tcp CA-2002-36: Multiple Vulnerabilities in SSH Implementations
CA-2003-24: Buffer Management Vulnerability in OpenSSH
smtp 25/tcp CA-2003-07: Remote Buffer Overflow in Sendmail
CA-2003-12: Buffer Overflow in Sendmail
CA-2003-25: Buffer Overflow in Sendmail
domain 53/tcp
53/udp 		CA-2002-31: Multiple Vulnerabilities in BIND
bootps 67/tcp
67/udp 		CA-2003-01: Buffer Overflows in ISC DHCPD Minires Library
bootpc 68/tcp
68/udp 		CA-2003-01: Buffer Overflows in ISC DHCPD Minires Library
tftp 69/udp CA-2003-20: W32/Blaster worm
http 80/tcp CA-2002-27: Apache/mod_ssl Worm
CA-2002-33: Heap Overflow Vulnerability in Microsoft Data Access Components (MDAC)
CA-2003-09: Buffer Overflow in Core Microsoft Windows DLL
Current Activity 08/18/2003: W32/Welchia Worm
hosts2-ns 81/tcp CA-2002-35: Vulnerability in RaQ Server Appliances
sunrpc 111/tcp
11/udp 		CA-2002-26: Buffer Overflow in CDE ToolTalk
epmap 135/tcp
135/udp 		CA-2003-16: Buffer Overflow in Microsoft RPC
CA-2003-19: Exploitation of Vulnerabilities in Microsoft RPC Interface
CA-2003-20: W32/Blaster worm
Current Activity 08/18/2003: W32/Welchia Worm
CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows
netbios-ns 137/udp CA-2003-08: Increased Activity Targeting Windows Shares
CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows
netbios-dgm 138/udp CA-2003-08: Increased Activity Targeting Windows Shares
CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows
netbios-ssn 139/tcp
139/udp 		CA-2003-03: Buffer Overflow in Windows Locator Service
CA-2003-08: Increased Activity Targeting Windows Shares
CA-2003-16: Buffer Overflow in Microsoft RPC
CA-2003-19: Exploitation of Vulnerabilities in Microsoft RPC Interface
CA-2003-20: W32/Blaster worm
CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows
https 443/tcp CA-2002-27: Apache/mod_ssl Worm
snpp 444/tcp CA-2002-35: Vulnerability in RaQ Server Appliances
microsoft-ds 445/tcp
445/udp 		CA-2003-03: Buffer Overflow in Windows Locator Service
CA-2003-08: Activity Targeting Windows Shares
CA-2003-16: Buffer Overflow in Microsoft RPC
CA-2003-19: Exploitation of Vulnerabilities in Microsoft RPC Interface
CA-2003-20: W32/Blaster worm
CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows
rtsp 554/tcp VU#934932: RealNetworks media server RTSP protocol parser buffer overflow
http-rpc-epmap 593/tcp CA-2003-20: W32/Blaster worm
CA-2003-23: RPCSS Vulnerabilities in Microsoft Windows
kerberos-adm 749/tcp
749/udp 		CA-2002-29: Buffer Overflow in Kerberos Administration Daemon
pump 751/tcp
751/udp 		CA-2002-29: Buffer Overflow in Kerberos Administration Daemon
unassigned* 1052/tcp CA-2002-27: Apache/mod_ssl Worm
lotusnote 1352/tcp CA-2003-11: Multiple Vulnerabilities in Lotus Notes and Domino
ms-sql-m 1434/udp CA-2003-04: MS-SQL Server Worm
h323hostcall 1720/tcp
1720/udp 		CA-2004-01: Multiple H.323 Message Vulnerabilities
unassigned* 1978/udp CA-2002-27: Apache/mod_ssl Worm
globe 2002/udp CA-2002-27: Apache/mod_ssl Worm
ctx-bridge 3127/tcp Current Activity 01/26/04: W32/Mydoom.A or W32/Novarg
Current Activity 02/10/04: W32/Mydoom.C or W32.HLLW.Doomjuice
unassigned* 4156/udp CA-2002-27: Apache/mod_ssl Worm
unassigned* 4444/tcp CA-2003-20: W32/Blaster worm
sip 5060/tcp
5060/udp 		CA-2003-06: Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP)
sip 5061/tcp CA-2003-06: Multiple vulnerabilities in implementations of the Session Initiation Protocol (SIP)
unassigned* 6129/tcp Current Activity 12/26/2003: Systems compromised via buffer overflow in DameWare
unassigned* 6778/tcp CA-2002-32: Backdoor in Alcatel OmniSwitch AOS
font-service 7100/tcp CA-2002-34: Buffer Overflow in Solaris X Window Font Service

* Services marked with an asterisk are known to be used by malicious software or non-standard services

Copyright 2004 Carnegie Mellon University.

Disclaimers and copyright information

CERT® and CERT Coordination Center® are registered in the U.S. Patent and Trademark office.