On Mon, 22 Mar 2004, George Theall wrote:
> On Mon, Mar 22, 2004 at 05:47:34PM +0545, [EMAIL PROTECTED] wrote:
>
> > i have red-hat 9 server running ssh server as followoing
> >
> > openssh-3.5p1-11
> ...
> > But nessus reported as "you are running a version of OpenSSH which is
> > older than 3.7.1"
>
> This is a false alarm -- the release you have installed addresses the
> buffer manipulation vulnerabilities that OpenSSH 3.7.1 fixes.
>
> The report from the plugin should have mentioned this. Alternatively,
> you can check with <https://rhn.redhat.com/errata/RHSA-2003-279.html>.
I can confirm that the pluging is explicit enough on the matter. Just read
the output of a nessus run where a customer had ssh on tcp/45555.
Hugo.
--
All email sent to me is bound to the rules described on my homepage.
[EMAIL PROTECTED] http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
