Hello,
CentOS release 4.5 (Final), with CPanel here. Using a nessus scan with ssh credentials, I am getting the following as a critical error: According to its banner, the version of OpenSSH installed on the remote host contains a race condition that may allow an unauthenticated remote attacker to crash the service or, on portable OpenSSH, possibly execute code on the affected host. In addition, another flaw exists that may allow an attacker to determine the validity of usernames on some platforms. However, from the linked CVE, and the linked Redhat Errata (RHSA-2006:0698-8) it appears that this is a corrected issue with a backported patch. I am not sure that the version I have is NOT vulnerable, or that I am reading this documentation correctly. Here is some additional info that may be relevant: Installed Packages openssh.i386 3.9p1-8.RHEL4.20 installed # ssh -v OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 Thanks! Jeff JEFF CHAPIN SYSTEM ADMINISTRATOR T8DESIGN.COM | P 319.266.7574 - x267 | 877.T8IDEAS | F 888.290.4675 This e-mail, including attachments, is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential, and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, and then please delete it. Thank you.
<<image002.jpg>>
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
