Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: OpenSSH issue

from [Jeff Chapin] Network Security [Permanent Link]
Subject: RE: OpenSSH issue
Date: Fri, 19 Oct 2007 06:20:40 -0500 
Thank you very much.

Jeff

 
 
 
JEFF CHAPIN 
SYSTEM ADMINISTRATOR 
T8DESIGN.COM | P 319.266.7574 - x267 | 877.T8IDEAS | F 888.290.4675
 

This e-mail, including attachments, is covered by the Electronic
Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential, and
may be legally privileged. If you are not the intended recipient, you
are hereby notified that any retention, dissemination, distribution, or
copying of this communication is strictly prohibited. Please reply to
the sender that you have received the message in error, and then please
delete it. Thank you.

-----Original Message-----
From: Renaud Deraison [mailto:deraison@nessus.org] 
Sent: Friday, October 19, 2007 6:20 AM
To: Jeff Chapin
Cc: nessus@list.nessus.org
Subject: Re: OpenSSH issue



Hi Jeff,

This indeed is a false positive -- it will be fixed in the next  
plugin feed which will be pushed in a couple of hours.

Thanks,

                                -- Renaud


On Oct 18, 2007, at 11:49 PM, Jeff Chapin wrote:


Hello,



CentOS release 4.5 (Final), with CPanel here. Using a nessus scan  
with ssh credentials, I am getting the following as a critical error:

According to its banner, the version of OpenSSH installed on the
remote host contains a race condition that may allow an
unauthenticated remote attacker to crash the service or, on portable
OpenSSH, possibly execute code on the affected host. In addition,
another flaw exists that may allow an attacker to determine the
validity of usernames on some platforms.



However, from the linked CVE, and the linked Redhat Errata  
(RHSA-2006:0698-8) it appears that this is a corrected issue with a  
backported patch. I am not sure that the version I have is NOT  
vulnerable, or that I am reading this documentation correctly.



Here is some additional info that may be relevant:



Installed Packages

openssh.i386                             3.9p1-8.RHEL4.20        
installed



# ssh -v

OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003



Thanks!



Jeff

<image002.jpg>

JEFF CHAPIN
SYSTEM ADMINISTRATOR

T8DESIGN.COM | P 319.266.7574 - x267 | 877.T8IDEAS | F 888.290.4675




This e-mail, including attachments, is covered by the Electronic  
Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential,  
and may be legally privileged. If you are not the intended  
recipient, you are hereby notified that any retention,  
dissemination, distribution, or copying of this communication is  
strictly prohibited. Please reply to the sender that you have  
received the message in error, and then please delete it. Thank you.

<image002.jpg>
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: OpenSSH issue, Renaud Deraison
Next by Date:  Nessus not running, Alonso, Americo
Previous by Thread:  Re: OpenSSH issue, Renaud Deraison
Next by Thread:  Re: OpenSSH issue, Xueshan Feng
Indexes:  [Date] [Thread] [Top] [All Lists]