On Apr 8, 2008, at 11:47 AM, Yanyan Wang wrote: > We keep getting SSH Secure Shell Unix server setsid() function call > vulnerability (VU#740619) on some of our OpenVMS systems, but the > description of this vulnerability points to UNIX systems only. Is > this a false positive? Thanks.
It might be best to contact the vendor for a definitive answer. While SSH.com's advisory says it affects "all POSIX Unixes (AIX, Linux, HP- UX, Solaris, any BSD)", I'm not familiar enough with either the product itself or OpenVMS to know if using the OS along with, say, its UNIX (POSIX) interfaces makes it vulnerable. Note that there was an issue reported with the OpenVMS SSH late last month -- CVE-2008-0214 -- that we do not check for. George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
