Network Security: Detailed info on Re: setsid() function call vulnerability (VU#740619) on OpenVMS

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Nessus-Users

[Top] [All Lists]

Re: setsid() function call vulnerability (VU#740619) on OpenVMS

from [George A. Theall] Network Security

[Permanent Link]

Subject:	Re: setsid() function call vulnerability (VU#740619) on OpenVMS
Date:	Tue, 8 Apr 2008 12:17:49 -0400

On Apr 8, 2008, at 11:47 AM, Yanyan Wang wrote:

We keep getting SSH Secure Shell Unix server setsid() function call  
vulnerability (VU#740619) on some of our OpenVMS systems, but the  
description of this vulnerability points to UNIX systems only. Is  
this a false positive? Thanks.


It might be best to contact the vendor for a definitive answer.  While  
SSH.com's advisory says it affects "all POSIX Unixes (AIX, Linux, HP- 
UX, Solaris, any BSD)", I'm not familiar enough with either the  
product itself or OpenVMS to know if using the OS along with, say, its  
UNIX (POSIX) interfaces makes it vulnerable.

Note that there was an issue reported with the OpenVMS SSH late last  
month -- CVE-2008-0214 -- that we do not check for.


George
-- 
theall@tenablesecurity.com



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
setsid() function call vulnerability (VU#740619) on OpenVMS, Yanyan Wang MOD_SSL: CVE-2004-0700, MOD_SSL; CVE-2004-0488 on OpenVMS, false positive?, Yanyan Wang Re: MOD_SSL: CVE-2004-0700, MOD_SSL; CVE-2004-0488 on OpenVMS, false positive?, Randal T. Rioux Message not available Re: MOD_SSL: CVE-2004-0700, MOD_SSL; CVE-2004-0488 on OpenVMS, false positive?, Randal T. Rioux Re: setsid() function call vulnerability (VU#740619) on OpenVMS, George A. Theall <=

Previous by Date:	MOD_SSL: CVE-2004-0700, MOD_SSL; CVE-2004-0488 on OpenVMS, false positive?, Yanyan Wang
Next by Date:	Re: What is this situation???, Steve Royer
Previous by Thread:	Re: MOD_SSL: CVE-2004-0700, MOD_SSL; CVE-2004-0488 on OpenVMS, false positive?, Randal T. Rioux
Next by Thread:	generating .nessusrc, Yanyan Wang
Indexes:	[Date] [Thread] [Top] [All Lists]