Nmap Development mailing list archives

Re: sslv2 script bug

From: Matt Selsky <selsky () columbia edu>
Date: Sat, 10 Jul 2010 01:44:56 -0400 (EDT)

It seems like if no ciphers are offered for SSLv2, then it should beconsidered off. Maybe in verbose mode, if would report "supports SSLv2, butno ciphers".


I came up with a patch to do this.

Patch 1 reports "supports SSLv2 protocol, but no cyphers". Patch 2considers "no cyphers" to be equivalent to "no SSLv2" and reports nothing.


Before:

PORT    STATE  SERVICE  VERSION
465/tcp open   ssl/smtp Sendmail 8.14.4/8.14.3/CUIT
|_sslv2: server still supports SSLv2

PORT    STATE    SERVICE  VERSION
443/tcp open     ssl/http Sassafras KeyReporter 6.2
|_sslv2: server still supports SSLv2

Before in verbose mode:

PORT    STATE  SERVICE  VERSION
465/tcp open   ssl/smtp Sendmail 8.14.4/8.14.3/CUIT
| sslv2: server still supports SSLv2
|_      the server didn't offer any cyphers

PORT    STATE    SERVICE  VERSION
443/tcp open     ssl/http Sassafras KeyReporter 6.2
| sslv2: server still supports SSLv2
|       SSL2_RC4_128_WITH_MD5
|       SSL2_DES_192_EDE3_CBC_WITH_MD5
|       SSL2_RC2_CBC_128_CBC_WITH_MD5
|       SSL2_DES_64_CBC_WITH_MD5
|_      SSL2_RC4_128_EXPORT40_WITH_MD5

After:

PORT    STATE  SERVICE  VERSION
465/tcp open   ssl/smtp Sendmail 8.14.4/8.14.3/CUIT

PORT    STATE    SERVICE  VERSION
443/tcp open     ssl/http Sassafras KeyReporter 6.2
|_sslv2: server still supports SSLv2

After in verbose mode:

PORT    STATE  SERVICE  VERSION
465/tcp open   ssl/smtp Sendmail 8.14.4/8.14.3/CUIT

PORT    STATE    SERVICE  VERSION
443/tcp open     ssl/http Sassafras KeyReporter 6.2
| sslv2: server still supports SSLv2
|       SSL2_RC4_128_WITH_MD5
|       SSL2_DES_192_EDE3_CBC_WITH_MD5
|       SSL2_RC2_CBC_128_CBC_WITH_MD5
|       SSL2_DES_64_CBC_WITH_MD5
|_      SSL2_RC4_128_EXPORT40_WITH_MD5

I'm not sure if that's correct from an auditing perspective. Let me knowwhat you think. I also also update the NSE doc to mention that we'rereally checking for cyphers, not just protocol support.


Cheers,


--
Matt

Attachment: sslv2-fix1.patch
Description:

Attachment: sslv2-fix2.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: sslv2 script bug Matt Selsky (Jul 09)
- Re: sslv2 script bug Matt Selsky (Jul 09)
  - Re: sslv2 script bug David Fifield (Aug 08)