OpenSSH checks on mandrake.
George Theall
theall at tifaware.com
Mon Nov 8 20:28:28 EST 2004
On Mon, Nov 08, 2004 at 04:25:48PM -0700, Christopher J Bidwell wrote:
> Hi all, we have several different version of Linux being used here and have
> a question regarding the ssh probing of those versions.
> Keep in mind that I am, in fact, running nessus-update-plugins yet, when
> scans are done, it still shows there being a legitimate vulnerability
> on one of our Mandrake systems. According to Mandrake, openssh-3.6.1p2 is
> the most current release based on their RPM's. Nessus
> seems to only mention whether the system is running Red Hat to verify these
> RPM's.
I'm just conjecturing here since you haven't provided any specifics, but
like Jim suggested, this likely is a problem with vendors patching
software rather than updating it.
For example, if the vulnerability concerns buffer management flaws in
OpenSSH versions below 3.7.1, this is probably covered by
MDKSA-2003:090-1, according to:
http://www.securityfocus.com/bid/8628/solution/
And from the Mandrake Security alert, their fix apparently is a patch to
3.6.1p2. The plugin (openssh_36.nasl) though grabs the version number
from the ssh daemon's banner and flags a vulnerability if it's, say,
3.6.1p2. It does make an attempt to map backported versions but the
system doesn't seem to be used much and certainly doesn't currently
contain support for Mandrake.
I suspect the fix is to add support for Mandrake's OpenSSH package to
backport.inc once the actual banner and more specific info is known.
George
--
theall at tifaware.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.nessus.org/pipermail/nessus/attachments/20041108/ee03374e/attachment.bin
More information about the Nessus
mailing list