安全性扫描结果

Synology 重视您的系统安全性。我们致力于提供用户可信赖的操作系统及服务。为以更积极主动的方式确保安全性,我们采用了知名且可靠的安全性扫描解决方案 QualysGuard,于每次 DSM 发布重大更新时,对系统进行完整扫描并采取相关修复措施。

扫描环境

  • 扫描软件: Qualysguard Vulnerability Management (VM)
  • DSM 版本: DSM 5.2 - 5589
  • 扫描日期: 2015/6/26
  • 准备作业: 本次扫描是以通过 Synology 安全咨询中心之企业模式验证的 DSM 为基础。
  • Scanner Version: 7.14.37-1
  • Vulnerability Signatures: 2.3.50-2
  • 已启动之套件清单: 显示
    • Antivirus Essential
    • Audio Station
    • CardDAV Server
    • Cloud Station
    • Cloud Station Client
    • Cloud Sync
    • Directory Server
    • DNS Server
    • Download Station
    • Glacier Backup
    • HiDrive Backup
    • iTunes Server
    • Java Manager
    • Mail Server
    • Mail Station
    • MariaDB
    • Media Server
    • Note Station
    • Photo Station
    • Proxy Server
    • Python Module
    • Radius Server
    • SSO Server
    • Surveillance Station
    • TimeBackup
    • Video Station
    • VPN Center

安全性弱点摘要

Synology has listed a summary of the scan results below.

严重性层级 已确认 潜在
5 0 0
4 0 1
3 17 4
2 22 1
1 0 5
总计 39 11

According to Qualy’s Severity Level Knowledge Base, vulnerabilities rated level 4 and level 5 are considered critical and could lead to unauthorized access to the system. All major DSM releases since DSM 5.2-5592 have been tested to ensure there are no vulnerabilities of these two levels. Level 1, level 2, and level 3 are considered lower in severity, Synology’s comments aside for risk management.

In addition, items listed in Potential Vulnerabilities were not fully identified as vulnerabilities and could be detected because of certain conditions necessary for vulnerability detection. Thus the severity of these items is considered relatively low.

安全性弱点

严重性层级 主题 端口 / 服务 批注
3 Squid Proxy X509 Sever Certification Validation Bypass Vulnerability Proxy Server Synology Proxy Server does not support the feature that is being affected by the vulnerability on Squid Proxy X509 Sever, so this shall not raise such security issue.
3 Web Server Uses Plain-Text Form Based Authentication port 80/tcp
mail
HTTPS connection can be enabled to avoid this vulnerability.
3 Mail Server Accepts Plaintext Credentials port 25/tcp It is to be compatible with clients with non-SSl/TLS connections.
3 POP3 Server Allows Plain Text Authentication Vulnerability port 110/tcp
3 SSL/TLS use of weak RC4 cipher port 993/tcp over SSL
Mail Server (IMAPS)
Weak RC4 cipher is kept to ensure backward compatibility.
3 SSL Server Supports Weak Encryption Vulnerability port 636/tcp over SSL
LDAP
Weak encryption is kept for compatibility with other LDAP clients.
3 SSL/TLS use of weak RC4 cipher port 636/tcp over SSL
LDAP
Weak RC4 cipher is kept to ensure backward compatibility.
3 SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE) port 636/tcp over SSL
LDAP
SSLv3 is supported to be compatible with IBM Domino LDAP Server.
3 SSL Server Has SSLv3 Enabled Vulnerability port 636/tcp over SSL
LDAP
3 SSL/TLS use of weak RC4 cipher port 995/tcp over SSL Weak RC4 cipher is kept to ensure backward compatibility.
3 DNS Zone Transfer port 53/tcp
DNS server
DNS zone transfer is an option that can be disabled or enabled by users when needed.
3 SSL Server Supports Weak Encryption Vulnerability port 21/tcp over SSL
FTP
Weak RC4 cipher is kept to ensure backward compatibility.
3 SSL/TLS use of weak RC4 cipher port 21/tcp over SSL
FTP
3 SSL Server Supports Weak Encryption Vulnerability port 25/tcp over SSL
Mail Server (SMTP)
3 SSL/TLS use of weak RC4 cipher port 143/tcp over SSL
Mail Server (IMAP)
3 port 110/tcp over SSL
Mail Server (POP3)
3 NFS Exported Filesystems List Vulnerability NFS This warning exists as long as NFS service is enabled. Synology NAS shall be safe if NFS rules are properly set, and if it may only be connected by specific IP addresses.
2 SSL Certificate - Subject Common Name Does Not Match Server FQDN port 443/tcp over SSL This warning will not exist after system administrator signs an identified certificate.
2 port 993/tcp over SSL
2 port 636/tcp over SSL
2 port 995/tcp over SSL
2 port 8001/tcp over SSL
2 port 465/tcp over SSL
2 port 9351/tcp over SSL
2 port 5002/tcp over SSL
2 port 8801/tcp over SSL
2 port 9901/tcp over SSL
2 port 7001/tcp over SSL
2 port 9008/tcp over SSL
2 port 21/tcp over SSL
2 port 25/tcp over SSL
2 port 143/tcp over SSL
2 port 110/tcp over SSL
2 port 587/tcp over SSL
2 port 5006/tcp over SSL
2 Hidden RPC Services NFS This warning exists as long as NFS service is enabled. Synology NAS shall be safe if NFS rules are properly set, and if it may only be connected by specific IP addresses.
2 NFS RPC Services Listening on Non-Privileged Ports NFS This option is disabled by default. Users can enable this option to be compatible with Mac NFS system.
2 UDP Constant IP Identification Field Fingerprinting Vulnerability Kernel This vulnerability only exists in Linux kernel 2.4, but Synoloty NAS has upgraded to Linux kernel 2.6 and above. We are waiting for Qualys' reply for further clarification.
2 TCP Sequence Number Approximation Based Denial of Service port 111/21 This is an issue that could be avoided by applying firewall settings.

潜在安全性弱点

严重性层级 主题 端口 / 服务 批注
4 OpenRADIUS Divide By Zero Denial of Service Vulnerability port 1812/udp
RADIUS
Synology NAS does not apply the open-source solution OpenRADIUS. We are waiting for Qualys' reply for further clarification.
3 Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day port 50000/tcp Although Apache 2.2.3 is applied in DSM, this vulnerability has actually been addressed.
3 port 5002/tcp
3 Multiple Vendor Radius Short Vendor-Length Field Denial of Service Vulnerability port 1812/udp
RADIUS
This CVE only exists in FreeRADIUS version 0.3 and older versions. Synology Radius Server has upgraded to FreeRADIUS 2.2.5.
3 IETF RADIUS Dictionary Attack Vulnerability port 1812/udp
RADIUS
EAP-MD5 is supported for compatibility.
2 nlockmgr RPC Service Multiple Vulnerabilities NFS It is confirmed that the NFS module has been updated to a newer version addressing this vulnerability. We are waiting for further clarification from Qualys.
1 OpenLDAP Multiple Vulnerabilities LDAP Our OpenLDAP version is 2.4.40, which is not included in the range of problematic versions.
1 Postfix SMTP Log Denial of Service Vulnerability port 25/tcp
Mail Server
Our Postfix version is 2.9.2, which is not included in the range of problematic versions.
1 port 465/tcp over SSL
1 port 587/tcp
1 Possible Scan Interference This issue is caused by setup and environment instead of DSM itself.

下载完整报告

扫描环境

  • 扫描软件: Qualysguard Vulnerability Management (VM)
  • DSM 版本: DSM 6.0beta
  • 扫描日期: 2015/10/13
  • 准备作业: 本次扫描是以通过 Synology 安全咨询中心之企业模式验证的 DSM 为基础。
  • Scanner Version: 7.16.38-1
  • Vulnerability Signatures: 2.3.122-2
  • 已启动之套件清单: 显示
    • Antivirus Essential
    • Asterisk
    • AudioStation
    • Backup & Restore
    • CardDAVServer
    • Cloud Station Server
    • CloudStationClient
    • CloudSync
    • DirectoryServer
    • Discourse
    • DNSServer
    • Docker
    • Document Viewer
    • DokuWiki
    • DownloadStation
    • Drupal
    • GitLab
    • GlacierBackup
    • GLPI
    • HASP
    • HiDriveBackup
    • iTunesServer
    • JavaManager
    • joomla
    • LimeSurvey
    • Load Balancer
    • Logitech Media Server
    • LXQt
    • Magento
    • MailServer
    • MailStation
    • MantisBT
    • MariaDB
    • MediaServer
    • MediaWiki
    • Moodle
    • Node.js
    • NoteStation
    • Odoo8
    • OpenERP
    • OrangeHRM
    • osCommerce
    • osTicket
    • PDF Viewer
    • PEAR
    • PhotoStation
    • phpBB
    • phpMyAdmin
    • Piwik
    • Podcast Generator
    • PrestaShop
    • Proxy Server
    • Python3
    • PythonModule
    • RadiusServer
    • Redmine
    • Ruby
    • Spreadsheet
    • SpreeCommerce
    • SSO Server
    • SugarCRM
    • Surveillance
    • TimeBackup
    • VideoStation
    • VPNCenter
    • vtigerCRM
    • web station
    • Webalizer
    • WordPress

安全性弱点摘要

Synology has listed a summary of the scan results below.

严重性层级 已确认 潜在
5 0 0
4 0 1
3 11 2
2 7 1
1 1 0
总计 19 4

According to Qualy’s Severity Level Knowledge Base, vulnerabilities rated level 4 and level 5 are considered critical and could lead to unauthorized access to the system. All major DSM releases since DSM 5.2-5592 have been tested to ensure there are no vulnerabilities of these two levels. Level 1, level 2, and level 3 are considered lower in severity, Synology’s comments aside for risk management.

In addition, items listed in Potential Vulnerabilities were not fully identified as vulnerabilities and could be detected because of certain conditions necessary for vulnerability detection. Thus the severity of these items is considered relatively low.

安全性弱点

严重性层级 主题 端口 / 服务 批注
3 Squid Proxy X509 Sever Certification Validation Bypass Vulnerability Proxy Server Synology Proxy Server does not support the feature that is being affected by the vulnerability on Squid Proxy X509 server, so this shall not raise such security issue.
3 Web Server Uses Plain-Text Form Based Authentication port 80/tcp HTTPS connection can be enabled to avoid this vulnerability.
3 port 3310/tcp
3 Webalizer Web Usage Statistics Accessible port 80/tcp This case is under investigation and planned to be fixed in the coming Beta 2 stage.
3 port 443/tcp
3 port 3310/tcp
3 SSL/TLS Compression Algorithm Information Leakage Vulnerability port 8443/tcp over SSL
CardDAV
Weak RC4 cipher is kept to ensure backward compatibility.
3 DNS Zone Transfer port 53/tcp
DNS server
DNS zone transfer is an option that can be disabled or enabled by users when needed.
3 SSL Server Supports Weak Encryption Vulnerability port 21/tcp over SSL
FTP
Weak RC4 cipher is kept to ensure backward compatibility.
3 SSL/TLS Compression Algorithm Information Leakage Vulnerability port 21/tcp over SSL
FTP
3 SSL/TLS use of weak RC4 cipher port 21/tcp over SSL
FTP
2 AutoComplete Attribute Not Disabled for Password in Form Based Authentication port 80/tcp Password auto-completion is allowed by default in the open source of Drupal, vtigerCRM, and phpMyAdmin.
2 port 443/tcp
2 port 3310/tcp
2 SSL Certificate - Subject Common Name Does Not Match Server FQDN port 443/tcp over SSL This warning will not exist after system administrator signs an identified certificate.
2 port 5006/tcp over SSL
WebDAV
2 port 8443/tcp over SSL
CardDAV
2 port 21/tcp over SSL
FTP
1 Remote Management Service Accepting Unencrypted Credentials Detected TFTP TFTP is an option disabled by default and can also be configured in Control Panel > File Services > TFTP/PXE. It is recommanded that you use FTPS for better security.

潜在安全性弱点

严重性层级 主题 端口 / 服务 批注
4 OpenRADIUS Divide By Zero Denial of Service Vulnerability port 1812/udp
RADIUS server
Synology NAS does not apply the open-source solution OpenRADIUS. We are waiting for Qualys' reply for further clarification.
3 Multiple Vendor Radius Short Vendor-Length Field Denial of Service Vulnerability port 1812/udp
RADIUS server
This CVE only exists in FreeRADIUS version 0.3 and older versions. Synology Radius Server has upgraded to FreeRADIUS 2.2.5.
3 IETF RADIUS Dictionary Attack Vulnerability port 1812/udp
RADIUS server
EAP-MD5 is supported for compatibility.
2 Database Instance Detected port 3306/tcp This message merely gives the information that database package is installed. Synology has concluded this is merely a notice rather than an security issue warning.

扫描环境

  • 扫描软件: Qualysguard Vulnerability Management (VM)
  • SRM 版本: SRM 1.0 - 5778
  • 扫描日期: 2015/10/21
  • 准备作业: 本次扫描是以通过 Synology 安全咨询中心之企业模式验证的 SRM 为基础。
  • Scanner Version: 7.16.38-1
  • Vulnerability Signatures: 2.3.128-3
  • 已启动之套件清单: 显示
    • Download Station
    • VPN Server
    • DNS Server
    • Radius Server
    • Media Server

安全性弱点摘要

Synology has listed a summary of the scan results below.

严重性层级 已确认 潜在
5 0 0
4 0 0
3 1 2
2 2 0
1 0 0
总计 3 2

According to Qualy’s Severity Level Knowledge Base, vulnerabilities rated level 4 and level 5 are considered critical and could lead to unauthorized access to the system. All major SRM releases have been tested to ensure there are no vulnerabilities of these two levels. Level 1, level 2, and level 3 are considered lower in severity, Synology’s comments aside for risk management.

安全性弱点

严重性层级 主题 端口 / 服务 批注
3 DNS Zone Transfer port 53/tcp
DNS and BIND
DNS zone transfer is an option that can be disabled or enabled by users themselves.
2 UDP Constant IP Identification Field Fingerprinting Vulnerability TCP/IP This vulnerability only exist in Linux kernel 2.4, but SRM has upgraded to Linux kernel 3.6 and above. We are waiting for Qualys' reply for further clarification.
2 SSL Certificate - Subject Common Name Does Not Match Server FQDN port 8001/tcp over SSL
General remote services
This waring will not exist after signing an identified certificate by the system administrator.

潜在安全性弱点

严重性层级 主题 端口 / 服务 批注
3 Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day port 8000/tcp
Web server
Although the version of Apache remains in 2.2.3 in SRM, this vulnerability has been addressed with individual fix.
3 port 8001/tcp
Web server

下载完整报告

5分pk10网站 5分pk10开奖结果 5分pk10投注平台 5分pk10开奖走势图 5分pk10投注平台 5分pk10开奖 5分pk10开奖直播