[WBEL-users] Nessus reports "Security Hole" on openssh-server version
Jason Becker
jason@coalescentsystems.ca
Thu, 22 Apr 2004 15:00:28 -0600
Hello All,
I am a recent convert from Slackware so please bear with me...
After installing WBEL and updating (yum -y update) I ran Nessus against
my server. Nessus reports a "Security Hole" on the ssh port. Excerpts
from the report:
-begin-
"You are running a version of OpenSSH which is older than 3.7.1"
"Versions older than 3.7.1 are vulnerable to a flaw in the buffer
management funcitons which might allow an attacker to execute arbitrary
commands on this host."
"An exploit for this issue is rumoured to exist"
"Note that several distributions patched this hole without changing the
version number of OpenSSH. Since Nessus solely relied on the banner of
the remote SSH server to perform this check, this might be a false
positive."
If you are running a RedHat host, make sure that the command :
rpm -q openssh-server
Returns :
[RHEL not listed, versions listed are RedHat 7.x, RedHat 8.0, RedHat 9]"
"Solution : Upgrade to OpenSSH 3.7.1"
"Risk factor : High"
-end-
I checked the following advisories on RedHat's site:
https://rhn.redhat.com/errata/rhel3as-errata.html
https://rhn.redhat.com/errata/rhel3es-errata.html
https://rhn.redhat.com/errata/rhel3ws-errata.html
None of which mention OpenSSH (or SSH).
How can I determine through documentation/errata if the OpenSSH I'm
running on WBEL:
[root@www root]# rpm -q openssh-server
openssh-server-3.6.1p2-18
contains the fix for this exploit or not?
Thanks!
Cheers
Jason