It seems that this discussion has been due to an over-zealous sysadmin. If one
will check the Nessus
documentation (mailing lists), such "false positives" have been throughly
debated. Many of the
scan scripts (nasl plugins) only check version numbers. Owing to this paradigm,
nessus outputs
warni
It seems that this discussion has been due to an over-zealous sysadmin. If one will
check the Nessus
documentation (mailing lists), such "false positives" have been throughly debated.
Many of the
scan scripts (nasl plugins) only check version numbers. Owing to this paradigm, nessus
outputs
warn
* Ethan Benson <[EMAIL PROTECTED]> [011109 16:41]:
> > Is there any harm from installing ssh from woody on potato? This
> > does
> > not apply in my case, but I'd like to know.
>
> you can't, the dependencies will drag in half of woody.
I suspected that, and suggested to a friend of mine to upgrad
On Fri, Nov 09, 2001 at 11:26:49AM +0100, Ville Uski wrote:
>
> Is there any harm from installing ssh from woody on potato? This does
> not apply in my case, but I'd like to know.
you can't, the dependencies will drag in half of woody.
you can backport the woody ssh packages to potato however.
* Ethan Benson <[EMAIL PROTECTED]> [011109 16:41]:
> > Is there any harm from installing ssh from woody on potato? This
> > does
> > not apply in my case, but I'd like to know.
>
> you can't, the dependencies will drag in half of woody.
I suspected that, and suggested to a friend of mine to upgra
On Fri, Nov 09, 2001 at 11:26:49AM +0100, Ville Uski wrote:
> Is there any harm from installing ssh from woody on potato? This does
> not apply in my case, but I'd like to know.
No harm beyond getting it built right (no binary installs from
woody/sid into potato), and realizing that security.debi
On Fri, Nov 09, 2001 at 11:26:49AM +0100, Ville Uski wrote:
>
> Is there any harm from installing ssh from woody on potato? This does
> not apply in my case, but I'd like to know.
you can't, the dependencies will drag in half of woody.
you can backport the woody ssh packages to potato however.
On Fri, Nov 09, 2001 at 11:26:49AM +0100, Ville Uski wrote:
> Is there any harm from installing ssh from woody on potato? This does
> not apply in my case, but I'd like to know.
No harm beyond getting it built right (no binary installs from
woody/sid into potato), and realizing that security.deb
* NOKUBI Takatsugu <[EMAIL PROTECTED]> [011109 09:53]:
> >> Vender Status Date updated
> >> Debian Vulnerable 2-Nov-2001
>
> OpenSSH on Debian is right, but ssh-nonfree is still vulnerable.
> See http://bugs.debian.org/85725
It seems that some people think that even ssh in potato is unsafe. The
l
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] writes:
>> CERT tells me Debian potato is vulnerable. We might want to correct them
>> if they are wong.
>>
>> http://www.cert.org/incident_notes/IN-2001-12.html
>> http://www.kb.cert.org/vuls/id/945216
>> tells me:
>>
>> Vender Status Date update
* NOKUBI Takatsugu <[EMAIL PROTECTED]> [011109 09:53]:
> >> Vender Status Date updated
> >> Debian Vulnerable 2-Nov-2001
>
> OpenSSH on Debian is right, but ssh-nonfree is still vulnerable.
> See http://bugs.debian.org/85725
It seems that some people think that even ssh in potato is unsafe. The
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] writes:
>> CERT tells me Debian potato is vulnerable. We might want to correct them
>> if they are wong.
>>
>> http://www.cert.org/incident_notes/IN-2001-12.html
>> http://www.kb.cert.org/vuls/id/945216
>> tells me:
>>
>> Vender Status Date updat
Wichert Akkerman <[EMAIL PROTECTED]> immo vero scripsit
> That's because nessus only checks the version number, and since we
> backported the patch we still have the old version number even though
> we are safe.
CERT tells me Debian potato is vulnerable. We might want to correct them
if they are
Wichert Akkerman <[EMAIL PROTECTED]> immo vero scripsit
> That's because nessus only checks the version number, and since we
> backported the patch we still have the old version number even though
> we are safe.
CERT tells me Debian potato is vulnerable. We might want to correct them
if they are
* Wichert Akkerman <[EMAIL PROTECTED]> [011107 18:54]:
> That's because nessus only checks the version number, and since we
> backported the patch we still have the old version number even though
> we are safe.
This also occurred to me, but appeared too trivial a solution...
Well, I guess that's i
Quoting Ted Cabeen ([EMAIL PROTECTED]):
> >Hm, why should I do that? Is my admin right when he thinks that my
> >current sshd is vulnerable? I have the latest stable precompiled
> >package, i.e. the default ssh installed.
>
> Make sure that you have the security site in your /etc/apt/sources.list
Previously Ville Uski wrote:
> Thanks for info. Yes, I have that line in my sources.list, and I also
> believe I am fine. Our network admin used the nessus ssh plugin to scan
> the network. He only says that nessus gives a warning about my computer
> (concerning the crc bug) and knows nothing more
* Ted Cabeen <[EMAIL PROTECTED]> [011107 18:11]:
> Make sure that you have the security site in your
> /etc/apt/sources.list file. If you do, and apt-get update; apt-get
> upgrade says you're up to date, then you're fine. In general, the
> security team patches the current version to fix security
In message <[EMAIL PROTECTED]>, Ville Uski writes:
>* jigal <[EMAIL PROTECTED]> [011107 14:20]:
>> But I found this in the archives of the security mailinglist:
>> http://lists.debian.org/debian-security/2001/debian-security-200102/msg00138
>.html
>>
>> The previous mail in the thread references t
* Wichert Akkerman <[EMAIL PROTECTED]> [011107 18:54]:
> That's because nessus only checks the version number, and since we
> backported the patch we still have the old version number even though
> we are safe.
This also occurred to me, but appeared too trivial a solution...
Well, I guess that's
Previously Ville Uski wrote:
> Thanks for info. Yes, I have that line in my sources.list, and I also
> believe I am fine. Our network admin used the nessus ssh plugin to scan
> the network. He only says that nessus gives a warning about my computer
> (concerning the crc bug) and knows nothing mor
Quoting Ted Cabeen ([EMAIL PROTECTED]):
> >Hm, why should I do that? Is my admin right when he thinks that my
> >current sshd is vulnerable? I have the latest stable precompiled
> >package, i.e. the default ssh installed.
>
> Make sure that you have the security site in your /etc/apt/sources.lis
* Ted Cabeen <[EMAIL PROTECTED]> [011107 18:11]:
> Make sure that you have the security site in your
> /etc/apt/sources.list file. If you do, and apt-get update; apt-get
> upgrade says you're up to date, then you're fine. In general, the
> security team patches the current version to fix securit
In message <[EMAIL PROTECTED]>, Ville Uski writes:
>* jigal <[EMAIL PROTECTED]> [011107 14:20]:
>> But I found this in the archives of the security mailinglist:
>> http://lists.debian.org/debian-security/2001/debian-security-200102/msg00138
>.html
>>
>> The previous mail in the thread references
* jigal <[EMAIL PROTECTED]> [011107 14:20]:
> But I found this in the archives of the security mailinglist:
> http://lists.debian.org/debian-security/2001/debian-security-200102/msg00138.html
>
> The previous mail in the thread references to:
> http://razor.bindview.com/publish/advisories/adv_ssh1
On Wed, 07 Nov 2001, jigal wrote:
> Here you find a reference to the vuln, fixed.
> http://www.debian.org/security/2001/dsa-027
I am sorry I found by reading it again it doesn't mention it.
But I found this in the archives of the security mailinglist:
http://lists.debian.org/debian-security/20
On Wed, 07 Nov 2001, Ville Uski wrote:
> The ssh package I currently have is ssh_1.2.3-9.3_i386.deb.
>
> I have understood that the crc32 bug was already found in February so I
> find it hard to believe that it's not already fixed on debian (I'm
> running woody on a laptop PC). I should have all
: Re: Which ssh should I have?
>
>
> Where can I get the opensource ssh?
>
> tks
>
> On Wed, 07 Nov 2001, Ville Uski wrote:
> > Hi,
> >
> > I just joined the list after the admin of the network in my house had
> > complained that sshd running in my computer
Where can I get the opensource ssh?
tks
On Wed, 07 Nov 2001, Ville Uski wrote:
> Hi,
>
> I just joined the list after the admin of the network in my house had
> complained that sshd running in my computer is "remotely exploitable". I
> asked for more details and he only said it's the bug in the
Hi,
I just joined the list after the admin of the network in my house had
complained that sshd running in my computer is "remotely exploitable". I
asked for more details and he only said it's the bug in the crc32 bit.
He also told me to install the newest version of openssh. The problem is
now whi
* jigal <[EMAIL PROTECTED]> [011107 14:20]:
> But I found this in the archives of the security mailinglist:
> http://lists.debian.org/debian-security/2001/debian-security-200102/msg00138.html
>
> The previous mail in the thread references to:
> http://razor.bindview.com/publish/advisories/adv_ssh
On Wed, 07 Nov 2001, jigal wrote:
> Here you find a reference to the vuln, fixed.
> http://www.debian.org/security/2001/dsa-027
I am sorry I found by reading it again it doesn't mention it.
But I found this in the archives of the security mailinglist:
http://lists.debian.org/debian-security/2
On Wed, 07 Nov 2001, Ville Uski wrote:
> The ssh package I currently have is ssh_1.2.3-9.3_i386.deb.
>
> I have understood that the crc32 bug was already found in February so I
> find it hard to believe that it's not already fixed on debian (I'm
> running woody on a laptop PC). I should have al
Hello,
www.freshmeat.net
Or if your running debian do an apt-get install ssh (most recommended)
Ed
> -Original Message-
> From: Osvaldo Mundim Junior [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, November 07, 2001 7:47 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Which ss
Where can I get the opensource ssh?
tks
On Wed, 07 Nov 2001, Ville Uski wrote:
> Hi,
>
> I just joined the list after the admin of the network in my house had
> complained that sshd running in my computer is "remotely exploitable". I
> asked for more details and he only said it's the bug in the
Hi,
I just joined the list after the admin of the network in my house had
complained that sshd running in my computer is "remotely exploitable". I
asked for more details and he only said it's the bug in the crc32 bit.
He also told me to install the newest version of openssh. The problem is
now wh
36 matches
Mail list logo