Re: OpenSSH issue

Fri, 19 Oct 2007 04:20:20 -0700 


Hi Jeff,

This indeed is a false positive -- it will be fixed in the next  
plugin feed which will be pushed in a couple of hours.

Thanks,

                                -- Renaud


On Oct 18, 2007, at 11:49 PM, Jeff Chapin wrote:

> Hello,
>
>
>
> CentOS release 4.5 (Final), with CPanel here. Using a nessus scan  
> with ssh credentials, I am getting the following as a critical error:
>
> According to its banner, the version of OpenSSH installed on the
> remote host contains a race condition that may allow an
> unauthenticated remote attacker to crash the service or, on portable
> OpenSSH, possibly execute code on the affected host. In addition,
> another flaw exists that may allow an attacker to determine the
> validity of usernames on some platforms.
>
>
>
> However, from the linked CVE, and the linked Redhat Errata  
> (RHSA-2006:0698-8) it appears that this is a corrected issue with a  
> backported patch. I am not sure that the version I have is NOT  
> vulnerable, or that I am reading this documentation correctly.
>
>
>
> Here is some additional info that may be relevant:
>
>
>
> Installed Packages
>
> openssh.i386                             3.9p1-8.RHEL4.20        
> installed
>
>
>
> # ssh -v
>
> OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
>
>
>
> Thanks!
>
>
>
> Jeff
>
> <image002.jpg>
>
> JEFF CHAPIN
> SYSTEM ADMINISTRATOR
>
> T8DESIGN.COM | P 319.266.7574 - x267 | 877.T8IDEAS | F 888.290.4675
>
>
>
>
> This e-mail, including attachments, is covered by the Electronic  
> Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential,  
> and may be legally privileged. If you are not the intended  
> recipient, you are hereby notified that any retention,  
> dissemination, distribution, or copying of this communication is  
> strictly prohibited. Please reply to the sender that you have  
> received the message in error, and then please delete it. Thank you.
>
> <image002.jpg>
> _______________________________________________
> Nessus mailing list
> [email protected]
> http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to