サーバ脆弱性調査レポート

List of hosts

www.proserver.jp

Low Severity problem(s) found

www.proserver.jp

Scan time :

Start time :	Sat Aug 02 21:16:06 2008
End time :	Sat Aug 02 21:31:20 2008

Number of vulnerabilities :

Open ports :	3
Low :	19
Medium :	0
High :	0

Information about the remote host :

Operating system :	Linux Kernel 2.6
NetBIOS name :	(unknown)
DNS name :	dev.rentalserver-s.com.

[^] Back to www.proserver.jp

Port ssh (22/tcp)

Service detection
An SSH server is running on this port. Nessus ID : 22964

SSH Server type and version
Synopsis : An SSH server is listening on this port. Description : It is possible to obtain information about the remote SSH server by sending an empty authentication request. Risk factor : None Plugin output : SSH version : SSH-2.0-OpenSSH_4.3 SSH supported authentication : publickey,gssapi-with-mic,password Nessus ID : 10267

SSH protocol versions supported

Synopsis :

An SSH server is running on the remote host.

Description :

This plugin determines the versions of the SSH protocol supported by
the remote SSH daemon.

Risk factor :

None

Plugin output :

The remote SSH daemon supports the following versions of the
SSH protocol :

. 1.99
. 2.0

SSHv2 host key fingerprint : 2c:12:d2:1d:4c:dc:6a:57:0a:c0:3d:03:b8:c2:7c:56

Nessus ID : 10881

[^] Back to www.proserver.jp

Port general/udp

Traceroute
For your information, here is the traceroute from 172.16.2.94 to www.proserver.jp : 172.16.2.94 172.16.0.254 www.proserver.jp Nessus ID : 10287

[^] Back to www.proserver.jp

Port general/tcp

Ping the remote host
The remote host is up Nessus ID : 10180

TCP timestamps
Synopsis : The remote service implements TCP timestamps. Description : The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed. See also : http://www.ietf.org/rfc/rfc1323.txt Risk factor : None Nessus ID : 25220

Host FQDN
www.proserver.jp resolves as dev.rentalserver-s.com. Nessus ID : 12053

OS Identification
Remote operating system : Linux Kernel 2.6 Confidence Level : 70 Method : SinFP The remote host is running Linux Kernel 2.6 Nessus ID : 11936

Information about the scan

Information about this scan :

Nessus version : 3.2.0 (Nessus 3.2.1 is available - consider upgrading)

Plugin feed version : 200807261334
Type of plugin feed : Registered (7 days delay)

This scanner is using the Registered Feed which is going to be
discontinued on July 31st.

Please read http://www.nessus.org/products/directfeed/change.php

Scanner IP : 172.16.2.94
Port scanner(s) : synscan
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
Max hosts : 20
Max checks : 5
Recv timeout : 5
Scan Start Date : 2008/8/2 21:16
Scan duration : 909 sec

Nessus ID : 19506

[^] Back to www.proserver.jp

Port https (443/tcp)

Service detection
A TLSv1 server answered on this port. Nessus ID : 22964

Service detection
A web server is running on this port through TLSv1. Nessus ID : 22964

SSL Certificate

Here is the SSLv3 server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 585733 (0x8f005)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
Validity
Not Before: Mar 25 19:41:26 2008 GMT
Not After : Mar 26 19:41:26 2010 GMT
Subject: C=US, O=www.usifinder.com, OU=GT90416844, OU=See www.geotrust.com/resources/cps (c)08, OU=Domain Control Validated - QuickSSL Premium(R), CN=www.usifinder.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c5:9b:1f:f5:78:02:f9:29:74:d0:97:e6:f7:ae:
84:96:93:32:95:66:f3:24:a1:7d:20:52:6c:f3:13:
6b:4b:62:03:d9:25:f3:2b:c1:e4:df:53:c1:43:79:
3e:03:c3:42:ab:1c:92:77:06:0b:ac:bb:06:c3:28:
46:12:c6:ca:07:8e:5a:49:c3:4b:09:0a:d0:77:9d:
ff:a1:4d:32:b6:f0:9a:b6:44:e1:27:98:9c:0e:be:
05:d9:af:68:21:d2:55:26:d4:d3:e7:86:11:18:2e:
77:8f:ce:fa:31:9e:d5:54:06:f0:2d:29:6e:86:2a:
17:f3:fb:71:b5:c6:91:38:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
X509v3 Subject Key Identifier:
CB:1A:7F:68:57:B7:F6:62:48:8E:55:B3:91:39:D8:3C:4E:CA:92:D9
X509v3 CRL Distribution Points:
URI:http://crl.geotrust.com/crls/secureca.crl

X509v3 Authority Key Identifier:
keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4

X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha1WithRSAEncryption
7e:ca:32:f0:01:7b:2d:1e:4e:9b:7d:9f:49:27:09:98:67:b5:
37:98:b3:44:f1:2d:f9:ae:07:39:01:84:64:6c:5f:86:0a:6c:
d1:4e:55:86:a9:04:46:68:3c:ab:e1:62:c2:20:6a:79:8c:f9:
1f:81:39:42:47:a3:18:d3:f0:a0:02:ab:c6:da:fd:f6:1c:fb:
9e:04:eb:9c:49:95:38:c2:10:0a:ea:02:96:e5:94:67:c6:17:
e7:ba:47:91:e0:fc:96:db:09:03:b8:aa:17:1b:cd:08:a2:fe:
1c:74:c5:2f:b6:b4:d5:2f:83:05:8a:cf:d7:43:e6:34:ce:2e:
ec:b1
This TLSv1 server does not accept SSLv2 connections.
This TLSv1 server also accepts SSLv3 connections.

Nessus ID : 10863

Supported SSL Ciphers Suites

Synopsis :

The remote service encrypts communications using SSL.

Description :

This script detects which SSL ciphers are supported by the remote
service for encrypting communications.

See also :

http://www.openssl.org/docs/apps/ciphers.html

Risk factor :

None

Plugin output :

Here is the list of SSL ciphers supported by the remote server :

Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv3
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
TLSv1
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1

High Strength Ciphers (>= 112-bit key)
SSLv3
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
TLSv1
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}

Nessus ID : 21643

[^] Back to www.proserver.jp

Port http (80/tcp)

Service detection
A web server is running on this port. Nessus ID : 22964

Directory Scanner

Synopsis :

It is possible to enumerate web directories.

Description :

This plugin attempts to determine the presence of various
common dirs on the remote web server.

Risk factor :

None

Plugin output :

The following directories were discovered:
/css, /error, /img, /js

While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards

The following directories require authentication:
/adm
Other references : OWASP:OWASP-CM-006

Nessus ID : 11032

Web mirroring
The following CGI have been discovered : Syntax : cginame (arguments [default value]) /page.php (s [31] ) Nessus ID : 10662

HTTP Server type and version
Synopsis : A web server is running on the remote host. Description : This plugin attempts to determine the type and the version of the remote web server. Risk factor : None Plugin output : The remote web server type is : Apache and the 'ServerTokens' directive is ProductOnly Apache does not offer a way to hide the server type. Nessus ID : 10107

HyperText Transfer Protocol Information

Synopsis :

Some information about the remote HTTP configuration can be extracted.

Description :

This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...

This test is informational only and does not denote any security
problem

Solution :

None.

Risk factor :

None

Plugin output :

Protocol version : HTTP/1.1
SSL : no
Pipelining : yes
Keep-Alive : yes
Options allowed : GET,HEAD,POST,OPTIONS,TRACE
Headers :

Date: Sun, 03 Aug 2008 04:26:13 GMT
Server: Apache
Content-Length: 7201
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

Nessus ID : 24260

[^] Back to www.proserver.jp

Port general/icmp

icmp timestamp request

Synopsis :

It is possible to determine the exact time set on the remote host.

Description :

The remote host answers to an ICMP timestamp request. This allows an
attacker to know the date which is set on your machine.

This may help him to defeat all your time based authentication
protocols.

Solution :

Filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).

Risk factor :

None

Plugin output :

The difference between the local and remote clocks is 125 seconds

CVE : CVE-1999-0524, CVE-1999-0524

Nessus ID : 10114