OpenSSH checks on mandrake.
Jim Hendrick
jrhendri at maine.rr.com
Mon Nov 8 19:05:14 EST 2004
Sorry... Fat fingers...
If I were looking, I'd start by investigating the actual vulnerability (what
exploit, etc.) and then cross referencing with Mandrake to see if this
particular rpm addresses the problem. (often tests are based on version
strings that may not be correctly reflecting the code base).
You may also find that there are other ways to address the problem (by
config file settings for ssh).
If neither of these help, and you *are* vulnerable, you should consider
building from source (my preference in any case, but then I like that sort
of thing :-)
Luck,
Jim
-----Original Message-----
From: nessus-bounces at list.nessus.org [mailto:nessus-bounces at list.nessus.org]
On Behalf Of Christopher J Bidwell
Sent: Monday, November 08, 2004 6:26 PM
To: nessus at list.nessus.org
Subject: OpenSSH checks on mandrake.
Hi all, we have several different version of Linux being used here and have
a question regarding the ssh probing of those versions. Keep in mind that I
am, in fact, running nessus-update-plugins yet, when scans are done, it
still shows there being a legitimate vulnerability on one of our Mandrake
systems. According to Mandrake, openssh-3.6.1p2 is the most current release
based on their RPM's. Nessus seems to only mention whether the system is
running Red Hat to verify these RPM's. I also noticed in the list of
plugins that there are several tailored toward mandrake systems and see that
it is supposed to test for openssh. How can I check to see if this plugin
is actually executing on a mandrake system?
Thanks,
Chris.
_______________________________________________
Nessus mailing list
Nessus at list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
More information about the Nessus
mailing list