Nmap Development mailing list archives
Re: sslv2 script bug
From: Matt Selsky <selsky () columbia edu>
Date: Sat, 10 Jul 2010 01:44:56 -0400 (EDT)
It seems like if no ciphers are offered for SSLv2, then it should be considered off. Maybe in verbose mode, if would report "supports SSLv2, but no ciphers".
I came up with a patch to do this.Patch 1 reports "supports SSLv2 protocol, but no cyphers". Patch 2 considers "no cyphers" to be equivalent to "no SSLv2" and reports nothing.
Before: PORT STATE SERVICE VERSION 465/tcp open ssl/smtp Sendmail 8.14.4/8.14.3/CUIT |_sslv2: server still supports SSLv2 PORT STATE SERVICE VERSION 443/tcp open ssl/http Sassafras KeyReporter 6.2 |_sslv2: server still supports SSLv2 Before in verbose mode: PORT STATE SERVICE VERSION 465/tcp open ssl/smtp Sendmail 8.14.4/8.14.3/CUIT | sslv2: server still supports SSLv2 |_ the server didn't offer any cyphers PORT STATE SERVICE VERSION 443/tcp open ssl/http Sassafras KeyReporter 6.2 | sslv2: server still supports SSLv2 | SSL2_RC4_128_WITH_MD5 | SSL2_DES_192_EDE3_CBC_WITH_MD5 | SSL2_RC2_CBC_128_CBC_WITH_MD5 | SSL2_DES_64_CBC_WITH_MD5 |_ SSL2_RC4_128_EXPORT40_WITH_MD5 After: PORT STATE SERVICE VERSION 465/tcp open ssl/smtp Sendmail 8.14.4/8.14.3/CUIT PORT STATE SERVICE VERSION 443/tcp open ssl/http Sassafras KeyReporter 6.2 |_sslv2: server still supports SSLv2 After in verbose mode: PORT STATE SERVICE VERSION 465/tcp open ssl/smtp Sendmail 8.14.4/8.14.3/CUIT PORT STATE SERVICE VERSION 443/tcp open ssl/http Sassafras KeyReporter 6.2 | sslv2: server still supports SSLv2 | SSL2_RC4_128_WITH_MD5 | SSL2_DES_192_EDE3_CBC_WITH_MD5 | SSL2_RC2_CBC_128_CBC_WITH_MD5 | SSL2_DES_64_CBC_WITH_MD5 |_ SSL2_RC4_128_EXPORT40_WITH_MD5I'm not sure if that's correct from an auditing perspective. Let me know what you think. I also also update the NSE doc to mention that we're really checking for cyphers, not just protocol support.
Cheers, -- Matt
Attachment:
sslv2-fix1.patch
Description:
Attachment:
sslv2-fix2.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: sslv2 script bug Matt Selsky (Jul 09)
- Re: sslv2 script bug Matt Selsky (Jul 09)
- Re: sslv2 script bug David Fifield (Aug 08)
- Re: sslv2 script bug Matt Selsky (Jul 09)