On 03.01.2017 17:56, Reindl Harald wrote: > Am 03.01.2017 um 17:46 schrieb Michael Meyer: >> *** Reindl Harald wrote: >> >>> the scan is from yesterday, the issues are months old (includinmg >>> the openssh windows bruteforce nonsense on linux machines with >>> key-only-auth on recent Fedora steups) >> >> "openssh windows bruteforce nonsense on linux machines"? > > * no windows machine > * no 'auth_password' at all > * linux distributions don't raise version numbers but release fixes > > hence flagged as false positive yesterday since i not no longer can see > that red colored nonsense initially reported months ago > > High (CVSS: 7.8) > NVT: OpenSSH 'auth_password' Denial of Service Vulnerability (Windows) > (OID: 1.3.6.1.4.1.25623.1.0.809121) > Product detection result: cpe:/a:openbsd:openssh:7.2 by SSH Server type > and version (OID: 1.3.6.1.4.1.25623.1.0.10267) > > Installed version: 7.2 > Fixed version: 7.3
it would make sense if you provide your used feed version: GSA: Administration -> NVT Feed (OpenVAS 8 and below) Extras -> Feed status (OpenVAS 9+) -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
