DSM Vulnerability Scan Results
Synologyは、システムの安全を評価しています。 弊社は、ユーザーの皆様に信頼性の高いオペレーティングシステムおよびサービスをお届けすることに専念しています。 より積極的なアプローチで、セキュリティーを保証するために、弊社は市場を先導する、信頼性の高い脆弱性検査ソリューションである、QualysGuardを採用し、完全なシステムのスキャンを実行し、DSMのあらゆるメジャーリリースの治療を実行します。
環境のスキャン
- ソフトウェアのスキャン: Qualysguard Vulnerability Management (VM)
- DSM バージョン: DSM 6.1 build 15032
- スキャン日: 2017/1/19
- 準備: スキャンは、Synology セキュリティーアドバイザーでビジネスモードの認証に合格した DSM に基づいています。
- スキャナーのバージョン: 9.0.29-1
- 脆弱性のサイン: 2.3.523-2
-
サービスおよびパッケージリストが有効です:
表示
• Antivirus Essential• AudioStation• Backup & Restore• CardDAVServer• Cloud Station Server• CloudStationClient• CloudSync• DirectoryServer• Discourse• DNSServer• Docker• Document Viewer• DokuWiki• DownloadStation• Drupal• GitLab• GlacierBackup• GLPI• HASP• HiDriveBackup• iTunesServer• Java• joomla• LimeSurvey• Load Balancer• Logitech Media Server• LXQt• Magento• MailServer• MailStation• MantisBT• MariaDB• MediaServer• MediaWiki• Moodle• Node.js• NoteStation• Odoo8• OpenERP• OrangeHRM• osCommerce• osTicket• PACS• PDF Viewer• PEAR• PhotoStation• phpBB• phpMyAdmin• Piwik• Podcast Generator• PrestaShop• Proxy Server• Python3• PythonModule• RadiusServer• Redmine• Ruby• Spreadsheet• SpreeCommerce• SSO Server• SugarCRM• Surveillance• TimeBackup• VideoStation• VPNCenter• vtigerCRM• web station• Webalizer• WordPress
脆弱性の概要
Synology はスキャン結果の要約を次のように表示します。
| 重大さのレベル | 確認済み | 可能性 |
|---|---|---|
| 5 | 0 | 3 |
| 4 | 0 | 2 |
| 3 | 9 | 6 |
| 2 | 3 | 2 |
| 1 | 2 | 0 |
| 合計 | 14 | 13 |
According to Qualy’s Severity Level Knowledge Base, vulnerabilities rated level 4 and level 5 are considered critical and could lead to unauthorized access to the system. All major DSM releases since DSM 5.2-5592 have been tested to ensure there are no vulnerabilities of these two levels. Level 1, level 2, and level 3 are considered lower in severity, Synology’s comments aside for risk management.
In addition, items listed in Potential Vulnerabilities were not fully identified as vulnerabilities and could be detected because of certain conditions necessary for vulnerability detection. Thus the severity of these items is considered relatively low.
脆弱性
| 重大さのレベル | トピック | ポート / サービス | コメント |
|---|---|---|---|
| 3 | NFS Exported Filesystems List Vulnerability | NFS | You will always see this warning when NFS service is enabled. As long as the NFS rules are properly set to exclusively allow the connection of specific IP addresses, your Synology NAS should be safe. |
| 3 | DNS Zone Transfer | port 53/tcp DNS server | Adding rules reminder to security advisor could reduce issues resulting from configuration. |
| 3 | SSL/TLS Server supports TLSv1.0 | port 8443/tcp over SSL CardDAV | With regards to the compatibility with clients of older version that does not support SSl/TLS connection. |
| 3 | port 5006/tcp over SSL WebDAV | ||
| 3 | port 993/tcp over SSL Mail Server | ||
| 3 | port 995/tcp over SSL Mail Server | ||
| 3 | port 21/tcp over SSL FTP | ||
| 3 | port 3269/tcp over SSL | ||
| 3 | port 636/tcp over SSL LDAP | ||
| 2 | Hidden RPC Services | NFS | You will always see this warning when NFS service is enabled. As long as the NFS rules are properly set to exclusively allow the connection of specific IP addresses, your Synology NAS should be safe. |
| 2 | NFS RPC Services Listening on Non-Privileged Ports | NFS | Mac users can enable this option for the compatibility with NFS service. This option is disabled by default. |
| 2 | JBoss Enterprise Application Platform Status Servlet Request Remote Information Disclosure | port 9080/tcp PACS | This can be avoided by correct configuration of firewall settings. Please make sure only trusted devices can access your Synology NAS. |
| 1 | Remote Management Service Accepting Unencrypted Credentials Detected | Service name: TFTP on UDP port 69.
Service name: FTP on TCP port 21. FTP / TFTP | This issue is still in research stage by Synology. |
| 1 | JBoss HTTP Header Information Disclosure Vulnerability | port 9080/tcp | This can be avoided by correct configuration of firewall settings. Please make sure only trusted devices can access your Synology NAS. |
潜在的脆弱性
| 重大さのレベル | トピック | ポート / サービス | コメント |
|---|---|---|---|
| 5 | Red Hat JBoss EAP/Web Server Java UnSerialize Common-Collections Remote Code Execution Vulnerability | PACS | |
| 5 | Statd Format Bug Vulnerability | NFS | Synology has confirmed the version of implemented NFS module is 1.2.8, much later than the version required to address the issue. |
| 5 | NFS-Utils Xlog Remote Buffer Overrun Vulnerability | NFS | |
| 4 | Red Hat JBoss Enterprise Application Platform Multiple Security Vulnerabilities | port 9080/tcp PACS | This can be avoided by correct configuration of firewall settings. Please make sure only trusted devices can access your Synology NAS. |
| 4 | OpenRADIUS Divide By Zero Denial of Service Vulnerability | port 1812/udp RADIUS server | Synology uses FreeRADIUS, not OpenRADIUS. |
| 3 | OpenSSH Xauth Command Injection Vulnerability | OpenSSH | DSM supports X11 forwarding but GUI of X11. Therefore the system will not be affected by this vulnerability. Synology is still in contact with Qualys to clarify this issue. |
| 3 | SMB Signing Disabled or SMB Signing Not Required | Samba | This issue is still in research stage by Synology. |
| 3 | Service Stopped Responding | port 3262/tcp iSCSI | |
| 3 | Red Hat JBoss Enterprise Application Platform Multiple Security Vulnerabilities (RHSA-2014:0170-1) | port 9080/tcp PACS | This can be avoided by correct configuration of firewall settings. Please make sure only trusted devices can access your Synology NAS. |
| 3 | Multiple Vendor Radius Short Vendor-Length Field Denial of Service Vulnerability | port 1812/udp RADIUS server | Synology uses FreeRADIUS, not OpenRADIUS. |
| 3 | IETF RADIUS Dictionary Attack Vulnerability | port 1812/udp RADIUS server | This issue is still in research stage by Synology. |
| 2 | nlockmgr RPC Service Multiple Vulnerabilities | NFS | Synology has confirmed the version of implemented NFS module is 1.2.1, much later than the version required to address the issue. |
| 2 | Database Instance Detected | port 3306/tcp MariaDB | This can be avoided by correct configuration of firewall settings. Please make sure only trusted devices can access your Synology NAS. |
環境のスキャン
- ソフトウェアのスキャン: Qualysguard Vulnerability Management (VM)
- DSM バージョン: DSM 6.0 build 7319
- スキャン日: 2016/3/24
- 準備: スキャンは、Synology セキュリティーアドバイザーでビジネスモードの認証に合格した DSM に基づいています。
- スキャナーのバージョン: 8.0.15-1
- 脆弱性のサイン: 2.3.261-3
-
サービスおよびパッケージリストが有効です:
表示
• Antivirus Essential• AudioStation• Backup & Restore• CardDAVServer• Cloud Station Server• CloudStationClient• CloudSync• DirectoryServer• Discourse• DNSServer• Docker• Document Viewer• DokuWiki• DownloadStation• Drupal• GitLab• GlacierBackup• GLPI• HASP• HiDriveBackup• iTunesServer• Java• joomla• LimeSurvey• Load Balancer• Logitech Media Server• LXQt• Magento• MailServer• MailStation• MantisBT• MariaDB• MediaServer• MediaWiki• Moodle• Node.js• NoteStation• Odoo8• OpenERP• OrangeHRM• osCommerce• osTicket• PACS• PDF Viewer• PEAR• PhotoStation• phpBB• phpMyAdmin• Piwik• Podcast Generator• PrestaShop• Proxy Server• Python3• PythonModule• RadiusServer• Redmine• Ruby• Spreadsheet• SpreeCommerce• SSO Server• SugarCRM• Surveillance• TimeBackup• VideoStation• VPNCenter• vtigerCRM• web station• Webalizer• WordPress
脆弱性の概要
Synology はスキャン結果の要約を次のように表示します。
| 重大さのレベル | 確認済み | 可能性 |
|---|---|---|
| 5 | 0 | 1 |
| 4 | 0 | 0 |
| 3 | 10 | 2 |
| 2 | 6 | 1 |
| 1 | 1 | 4 |
| 合計 | 17 | 8 |
According to Qualy’s Severity Level Knowledge Base, vulnerabilities rated level 4 and level 5 are considered critical and could lead to unauthorized access to the system. All major DSM releases since DSM 5.2-5592 have been tested to ensure there are no vulnerabilities of these two levels. Level 1, level 2, and level 3 are considered lower in severity, Synology’s comments aside for risk management.
In addition, items listed in Potential Vulnerabilities were not fully identified as vulnerabilities and could be detected because of certain conditions necessary for vulnerability detection. Thus the severity of these items is considered relatively low.
脆弱性
| 重大さのレベル | トピック | ポート / サービス | コメント |
|---|---|---|---|
| 3 | NFS Exported Filesystems List Vulnerability | NFS | This warning exists as long as NFS service is enabled. Synology NAS shall be safe if NFS rules are properly set, and if it may only be connected by specific IP addresses. |
| 3 | Mail Server Accepts Plaintext Credentials | port 25/tcp | It is to be compatible with clients with non-SSl/TLS connections. |
| 3 | POP3 Server Allows Plain Text Authentication Vulnerability | port 110/tcp | |
| 3 | Web Server Uses Plain-Text Form Based Authentication | port 80/tcp | HTTPS connection can be enabled to avoid this vulnerability. |
| 3 | port 9007/tcp | ||
| 3 | port 8000/tcp | ||
| 3 | port 7000/tcp | ||
| 3 | port 8800/tcp | ||
| 3 | port 9350/tcp | ||
| 3 | DNS Zone Transfer | port 53/tcp | DNS zone transfer is an option that can be disabled or enabled by users when needed. |
| 2 | Hidden RPC Services | NFS | This warning exists as long as NFS service is enabled. Synology NAS shall be safe if NFS rules are properly set, and if it may only be connected by specific IP addresses. |
| 2 | NFS RPC Services Listening on Non-Privileged Ports | NFS | This option is disabled by default. Users can enable this option to be compatible with Mac NFS system. |
| 2 | UDP Constant IP Identification Field Fingerprinting Vulnerability | Kernel | This vulnerability only exists in Linux kernel 2.4, but Synoloty NAS has upgraded to Linux kernel 2.6 and above. We are waiting for Qualys' reply for further clarification. |
| 2 | TCP Sequence Number Approximation Based Denial of Service | This can be avoided by correctly configuring the firewall settings. | |
| 2 | AutoComplete Attribute Not Disabled for Password in Form Based Authentication | port 80/tcp | Password auto-completion is allowed by default in the open source of Drupal, vtigerCRM, and phpMyAdmin. |
| 2 | port 443/tcp | ||
| 1 | Remote Management Service Accepting Unencrypted Credentials Detected | port 30003/tcp | TFTP is an option disabled by default and can also be configured in Control Panel > File Services > TFTP/PXE. It is recommanded that you use FTPS for better security. |
潜在的脆弱性
| 重大さのレベル | トピック | ポート / サービス | コメント |
|---|---|---|---|
| 5 | Statd Format Bug Vulnerability | Synology has confirmed that the NFS module implemented is version 1.2.1, the version much newer than the version required to addressing the issue. | |
| 3 | OpenSSH "X SECURITY" Bypass Vulnerability | port 22/tcp | DSM does not support the GUI of X11, therefore the system is not affected by this vulnerability. Synology is in contact with Qualys to clarify of this warning. |
| 3 | port 5566/tcp | ||
| 2 | nlockmgr RPC Service Multiple Vulnerabilities | Synology has confirmed that the NFS module implemented is version 1.2.1, the version much newer than the version required to addressing the issue. | |
| 1 | Possible Scan Interference | This issue is caused by setup and environment instead of DSM itself. | |
| 1 | Postfix SMTP Log Denial of Service Vulnerability | port 25/tcp | Our Postfix version is 2.9.2, which is not included in the range of problematic versions. |
| 1 | port 465/tcp over SSL | ||
| 1 | port 587/tcp |
環境のスキャン
- ソフトウェアのスキャン: Qualysguard Vulnerability Management (VM)
- DSM バージョン: DSM 5.2 - 5589
- スキャン日: 2015/6/26
- 準備: スキャンは、Synology セキュリティーアドバイザーでビジネスモードの認証に合格した DSM に基づいています。
- スキャナーのバージョン: 7.14.37-1
- 脆弱性のサイン: 2.3.50-2
-
サービスおよびパッケージリストが有効です:
表示
• Antivirus Essential• Audio Station• CardDAV Server• Cloud Station• Cloud Station Client• Cloud Sync• Directory Server• DNS Server• Download Station• Glacier Backup• HiDrive Backup• iTunes Server• Java Manager• Mail Server• Mail Station• MariaDB• Media Server• Note Station• Photo Station• Proxy Server• Python Module• Radius Server• SSO Server• Surveillance Station• TimeBackup• Video Station• VPN Center
脆弱性の概要
Synology はスキャン結果の要約を次のように表示します。
| 重大さのレベル | 確認済み | 可能性 |
|---|---|---|
| 5 | 0 | 0 |
| 4 | 0 | 1 |
| 3 | 17 | 4 |
| 2 | 22 | 1 |
| 1 | 0 | 5 |
| 合計 | 39 | 11 |
According to Qualy’s Severity Level Knowledge Base, vulnerabilities rated level 4 and level 5 are considered critical and could lead to unauthorized access to the system. All major DSM releases since DSM 5.2-5592 have been tested to ensure there are no vulnerabilities of these two levels. Level 1, level 2, and level 3 are considered lower in severity, Synology’s comments aside for risk management.
In addition, items listed in Potential Vulnerabilities were not fully identified as vulnerabilities and could be detected because of certain conditions necessary for vulnerability detection. Thus the severity of these items is considered relatively low.
脆弱性
| 重大さのレベル | トピック | ポート / サービス | コメント |
|---|---|---|---|
| 3 | Squid Proxy X509 Sever Certification Validation Bypass Vulnerability | Proxy Server | Synology Proxy Server does not support the feature that is being affected by the vulnerability on Squid Proxy X509 Sever, so this shall not raise such security issue. |
| 3 | Web Server Uses Plain-Text Form Based Authentication | port 80/tcp | HTTPS connection can be enabled to avoid this vulnerability. |
| 3 | Mail Server Accepts Plaintext Credentials | port 25/tcp | It is to be compatible with clients with non-SSl/TLS connections. |
| 3 | POP3 Server Allows Plain Text Authentication Vulnerability | port 110/tcp | |
| 3 | SSL/TLS use of weak RC4 cipher | port 993/tcp over SSL Mail Server (IMAPS) | Weak RC4 cipher is kept to ensure backward compatibility. |
| 3 | SSL Server Supports Weak Encryption Vulnerability | port 636/tcp over SSL LDAP | Weak encryption is kept for compatibility with other LDAP clients. |
| 3 | SSL/TLS use of weak RC4 cipher | port 636/tcp over SSL LDAP | Weak RC4 cipher is kept to ensure backward compatibility. |
| 3 | SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE) | port 636/tcp over SSL LDAP | SSLv3 is supported to be compatible with IBM Domino LDAP Server. |
| 3 | SSL Server Has SSLv3 Enabled Vulnerability | port 636/tcp over SSL LDAP | |
| 3 | SSL/TLS use of weak RC4 cipher | port 995/tcp over SSL | Weak RC4 cipher is kept to ensure backward compatibility. |
| 3 | DNS Zone Transfer | port 53/tcp DNS server | DNS zone transfer is an option that can be disabled or enabled by users when needed. |
| 3 | SSL Server Supports Weak Encryption Vulnerability | port 21/tcp over SSL FTP | Weak RC4 cipher is kept to ensure backward compatibility. |
| 3 | SSL/TLS use of weak RC4 cipher | port 21/tcp over SSL FTP | |
| 3 | SSL Server Supports Weak Encryption Vulnerability | port 25/tcp over SSL Mail Server (SMTP) | |
| 3 | SSL/TLS use of weak RC4 cipher | port 143/tcp over SSL Mail Server (IMAP) | |
| 3 | port 110/tcp over SSL Mail Server (POP3) | ||
| 3 | NFS Exported Filesystems List Vulnerability | NFS | This warning exists as long as NFS service is enabled. Synology NAS shall be safe if NFS rules are properly set, and if it may only be connected by specific IP addresses. |
| 2 | SSL Certificate - Subject Common Name Does Not Match Server FQDN | port 443/tcp over SSL | This warning will not exist after system administrator signs an identified certificate. |
| 2 | port 993/tcp over SSL | ||
| 2 | port 636/tcp over SSL | ||
| 2 | port 995/tcp over SSL | ||
| 2 | port 8001/tcp over SSL | ||
| 2 | port 465/tcp over SSL | ||
| 2 | port 9351/tcp over SSL | ||
| 2 | port 5002/tcp over SSL | ||
| 2 | port 8801/tcp over SSL | ||
| 2 | port 9901/tcp over SSL | ||
| 2 | port 7001/tcp over SSL | ||
| 2 | port 9008/tcp over SSL | ||
| 2 | port 21/tcp over SSL | ||
| 2 | port 25/tcp over SSL | ||
| 2 | port 143/tcp over SSL | ||
| 2 | port 110/tcp over SSL | ||
| 2 | port 587/tcp over SSL | ||
| 2 | port 5006/tcp over SSL | ||
| 2 | Hidden RPC Services | NFS | This warning exists as long as NFS service is enabled. Synology NAS shall be safe if NFS rules are properly set, and if it may only be connected by specific IP addresses. |
| 2 | NFS RPC Services Listening on Non-Privileged Ports | NFS | This option is disabled by default. Users can enable this option to be compatible with Mac NFS system. |
| 2 | UDP Constant IP Identification Field Fingerprinting Vulnerability | Kernel | This vulnerability only exists in Linux kernel 2.4, but Synoloty NAS has upgraded to Linux kernel 2.6 and above. We are waiting for Qualys' reply for further clarification. |
| 2 | TCP Sequence Number Approximation Based Denial of Service | port 111/21 | This is an issue that could be avoided by applying firewall settings. |
潜在的脆弱性
| 重大さのレベル | トピック | ポート / サービス | コメント |
|---|---|---|---|
| 4 | OpenRADIUS Divide By Zero Denial of Service Vulnerability | port 1812/udp RADIUS | Synology NAS does not apply the open-source solution OpenRADIUS. We are waiting for Qualys' reply for further clarification. |
| 3 | Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day | port 50000/tcp | Although Apache 2.2.3 is applied in DSM, this vulnerability has actually been addressed. |
| 3 | port 5002/tcp | ||
| 3 | Multiple Vendor Radius Short Vendor-Length Field Denial of Service Vulnerability | port 1812/udp RADIUS | This CVE only exists in FreeRADIUS version 0.3 and older versions. Synology Radius Server has upgraded to FreeRADIUS 2.2.5. |
| 3 | IETF RADIUS Dictionary Attack Vulnerability | port 1812/udp RADIUS | EAP-MD5 is supported for compatibility. |
| 2 | nlockmgr RPC Service Multiple Vulnerabilities | NFS | It is confirmed that the NFS module has been updated to a newer version addressing this vulnerability. We are waiting for further clarification from Qualys. |
| 1 | OpenLDAP Multiple Vulnerabilities | LDAP | Our OpenLDAP version is 2.4.40, which is not included in the range of problematic versions. |
| 1 | Postfix SMTP Log Denial of Service Vulnerability | port 25/tcp Mail Server | Our Postfix version is 2.9.2, which is not included in the range of problematic versions. |
| 1 | port 465/tcp over SSL | ||
| 1 | port 587/tcp | ||
| 1 | Possible Scan Interference | This issue is caused by setup and environment instead of DSM itself. |
環境のスキャン
- ソフトウェアのスキャン: Qualysguard Vulnerability Management (VM)
- SRM バージョン: SRM 1.1 - 6328
- スキャン日: 2016/7/4
- 準備: スキャンは、Synology セキュリティーアドバイザーでビジネスモードの認証に合格した SRM に基づいています。
- スキャナーのバージョン: 8.2.18-1
- 脆弱性のサイン: 2.3.329-2
-
サービスおよびパッケージリストが有効です:
表示
• Download Station• VPN Server• DNS Server• Radius Server• Media Server• Cloud Station• Intrusion Prevention• Perl
脆弱性の概要
Synology はスキャン結果の要約を次のように表示します。
| 重大さのレベル | 確認済み | 可能性 |
|---|---|---|
| 5 | 0 | 0 |
| 4 | 0 | 0 |
| 3 | 4 | 2 |
| 2 | 5 | 0 |
| 1 | 1 | 0 |
| 合計 | 10 | 2 |
According to Qualy’s Severity Level Knowledge Base, vulnerabilities rated level 4 and level 5 are considered critical and could lead to unauthorized access to the system. All major SRM releases have been tested to ensure there are no vulnerabilities of these two levels. Level 1, level 2, and level 3 are considered lower in severity, Synology’s comments aside for risk management.
脆弱性
| 重大さのレベル | トピック | ポート / サービス | コメント |
|---|---|---|---|
| 3 | WINS Domain Controller Spoofing Vulnerability - Zero Day | udp port 137 SMB / NETBIOS | It's the protocol design issue, and only affect users in NAT. It could be protected with proper firewall/routing table setting, so it will not be a problem in a well-protected environment. |
| 3 | NetBIOS Name Conflict Vulnerability | udp port 137 SMB / NETBIOS | |
| 3 | NetBIOS Release Vulnerability | udp port 137 SMB / NETBIOS | |
| 3 | DNS Zone Transfer | port 53/tcp DNS server | DNS zone transfer is an option that can be disabled or enabled by users themselves. |
| 2 | NetBIOS Name Accessible | SMB / NETBIOS | It's the protocol design issue, and only affect users in NAT. It could be protected with proper firewall/routing table setting, so it will not be a problem in a well-protected environment. |
| 2 | UDP Constant IP Identification Field Fingerprinting Vulnerabilit | Kernel | This vulnerability only exist in Linux kernel 2.4, but Synoloty NAS has upgraded to Linux kernel 2.6 and above. We are waiting for Qualys' reply for further clarification. |
| 2 | TCP Sequence Number Approximation Based Denial of Service | port 111/21 | This is an issue that can be avoided by firewall settings. |
| 2 | SSL Certificate - Subject Common Name Does Not Match Server FQDN | port 443/tcp over SSL | This waring will not exist after signing an identified certificate by the system administrator. |
| 2 | port 8001/tcp over SSL | ||
| 1 | ICMP Timestamp Request | This issue is due to Qualys suggests not to filter all ICMP messages, as some of them are necessary for proper behavior of Operating System TCP/IP stacks. It could be avoided with proper firewall setting, so it will not be a problem in a well-protected environment. |
潜在的脆弱性
| 重大さのレベル | トピック | ポート / サービス | コメント |
|---|---|---|---|
| 3 | OpenSSH Xauth Command Injection Vulnerability | port 22/tcp | SRM does not support the GUI of X11, therefore the system is not affected by this vulnerability. Synology is in contact with Qualys to clarify of this warning. |
| 3 | Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day | port 8001/tcp Web server | Although the version of Apache remains in 2.2.3 in SRM, this vulnerability has been addressed with individual fix. |
環境のスキャン
- ソフトウェアのスキャン: Qualysguard Vulnerability Management (VM)
- SRM バージョン: SRM 1.0 - 5778
- スキャン日: 2015/10/21
- 準備: スキャンは、Synology セキュリティーアドバイザーでビジネスモードの認証に合格した SRM に基づいています。
- スキャナーのバージョン: 7.16.38-1
- 脆弱性のサイン: 2.3.128-3
-
サービスおよびパッケージリストが有効です:
表示
• Download Station• VPN Server• DNS Server• Radius Server• Media Server
脆弱性の概要
Synology はスキャン結果の要約を次のように表示します。
| 重大さのレベル | 確認済み | 可能性 |
|---|---|---|
| 5 | 0 | 0 |
| 4 | 0 | 0 |
| 3 | 1 | 2 |
| 2 | 2 | 0 |
| 1 | 0 | 0 |
| 合計 | 3 | 2 |
According to Qualy’s Severity Level Knowledge Base, vulnerabilities rated level 4 and level 5 are considered critical and could lead to unauthorized access to the system. All major SRM releases have been tested to ensure there are no vulnerabilities of these two levels. Level 1, level 2, and level 3 are considered lower in severity, Synology’s comments aside for risk management.
脆弱性
| 重大さのレベル | トピック | ポート / サービス | コメント |
|---|---|---|---|
| 3 | DNS Zone Transfer | port 53/tcp DNS and BIND | DNS zone transfer is an option that can be disabled or enabled by users themselves. |
| 2 | UDP Constant IP Identification Field Fingerprinting Vulnerability | TCP/IP | This vulnerability only exist in Linux kernel 2.4, but SRM has upgraded to Linux kernel 3.6 and above. We are waiting for Qualys' reply for further clarification. |
| 2 | SSL Certificate - Subject Common Name Does Not Match Server FQDN | port 8001/tcp over SSL General remote services | This waring will not exist after signing an identified certificate by the system administrator. |
潜在的脆弱性
| 重大さのレベル | トピック | ポート / サービス | コメント |
|---|---|---|---|
| 3 | Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day | port 8000/tcp Web server | Although the version of Apache remains in 2.2.3 in SRM, this vulnerability has been addressed with individual fix. |
| 3 | port 8001/tcp Web server |