Lion Worm Detection

critical Nessus Plugin ID 10646

Synopsis

The remote host has a suspicious application installed.

Description

This host seems to be infected by the lion worm, because it has root shells running on extra ports and a copy of SSH running on port 33568.

Solution

Remove the application or re-install this system from scratch

See Also

http://www.nessus.org/u?8a812683

Plugin Details

Severity: Critical

ID: 10646

File Name: lion.nasl

Version: 1.21

Type: remote

Family: Backdoors

Published: 4/5/2001

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ThoroughTests