----- If you are running a RedHat host, make sure that the command : rpm -q openssh-server
Returns : openssh-server-3.1p1-13 (RedHat 7.x) openssh-server-3.4p1-7 (RedHat 8.0) openssh-server-3.5p1-11 (RedHat 9) -----
The RedHat 7.x info is definatly wrong, I think the newest patch is -14 and not -13. I don't know about the others.
Maybe info like that should be left out, since it's always a uphill-stuggle, to keep up with info like that?
Another thing. When running a old OpenSSH you get serval plugins saying you are running a older version than X.x.X. I suppose it's every plugin made, that tests against the version number. Wouldn't it be possible to just report that "you are running a older version than INSERT NEWEST VERSION NUMBER HERE"? I know there are various exploit's, and the different plugins mention them. But is it importait info, that all the versions between the server that is running, and the one that's the newest one, has this and that exploit? IMO the most importaint part is that the version running now is OLD and need to be updated to the newest version.
I don't know if it's wanted and possible or not, but IMO it would be nice if it was. Feel free to comment.
--
Jesper S. Jensen Basisnet og Sikkerhed Uni-C - �rhus, Danmark +45 8937-6666 _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
