Thank you very much. Jeff
JEFF CHAPIN SYSTEM ADMINISTRATOR T8DESIGN.COM | P 319.266.7574 - x267 | 877.T8IDEAS | F 888.290.4675 This e-mail, including attachments, is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential, and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, and then please delete it. Thank you. -----Original Message----- From: Renaud Deraison [mailto:[EMAIL PROTECTED] Sent: Friday, October 19, 2007 6:20 AM To: Jeff Chapin Cc: [email protected] Subject: Re: OpenSSH issue Hi Jeff, This indeed is a false positive -- it will be fixed in the next plugin feed which will be pushed in a couple of hours. Thanks, -- Renaud On Oct 18, 2007, at 11:49 PM, Jeff Chapin wrote: > Hello, > > > > CentOS release 4.5 (Final), with CPanel here. Using a nessus scan > with ssh credentials, I am getting the following as a critical error: > > According to its banner, the version of OpenSSH installed on the > remote host contains a race condition that may allow an > unauthenticated remote attacker to crash the service or, on portable > OpenSSH, possibly execute code on the affected host. In addition, > another flaw exists that may allow an attacker to determine the > validity of usernames on some platforms. > > > > However, from the linked CVE, and the linked Redhat Errata > (RHSA-2006:0698-8) it appears that this is a corrected issue with a > backported patch. I am not sure that the version I have is NOT > vulnerable, or that I am reading this documentation correctly. > > > > Here is some additional info that may be relevant: > > > > Installed Packages > > openssh.i386 3.9p1-8.RHEL4.20 > installed > > > > # ssh -v > > OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 > > > > Thanks! > > > > Jeff > > <image002.jpg> > > JEFF CHAPIN > SYSTEM ADMINISTRATOR > > T8DESIGN.COM | P 319.266.7574 - x267 | 877.T8IDEAS | F 888.290.4675 > > > > > This e-mail, including attachments, is covered by the Electronic > Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential, > and may be legally privileged. If you are not the intended > recipient, you are hereby notified that any retention, > dissemination, distribution, or copying of this communication is > strictly prohibited. Please reply to the sender that you have > received the message in error, and then please delete it. Thank you. > > <image002.jpg> > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
