On Fri, 2007-04-20 at 10:15 -0700, James Kyle wrote: > Just following the recommendation of the output and posting to the list > > > * Application version scan > > - Apache 1.3.33 > > [ Vulnerable ] > > - Bind DNS 9.3.2 [ OK ] > > - OpenSSL 0.9.7l > > [ Unknown ] > > - PHP 4.4.4 > > [ Unknown ] > > - PHP 5.2.0 > > [ Unknown ] > > - Procmail MTA 3.22 [ OK ] > > - OpenSSH 4.5p1 > > [ Unknown ] > > > > Your system contains some unknown version numbers. Please run > > Rootkit Hunter > > with the --update parameter or contact us through the Rootkit > > Hunter mailinglist > > at [EMAIL PROTECTED] > > Should I simply update these versions? > If you can, then I would say yes. The application check is not very good, and invariably gives false-positives. There are later versions of Apache than 1.3.33, but for all I know (or rkhunter knows) is that you or your distribution have actually patched Apache, but not changed the version number. Hence, the check does not really help the user.
John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
