[WBEL-users] Nessus reports 'Security Hole' on openssh-server
version
William Hooper
whooperhsd2@earthlink.net
Thu, 22 Apr 2004 21:57:34 -0400 (EDT)
Jason Becker said:
> Hello All,
>
> I am a recent convert from Slackware so please bear with me...
>
> After installing WBEL and updating (yum -y update) I ran Nessus against
> my server. Nessus reports a "Security Hole" on the ssh port. Excerpts
> from the report:
>
> -begin-
>
> "You are running a version of OpenSSH which is older than 3.7.1"
"Security Holes" that Nessus reports can be greatly inaccurate because it
relies on the version number, not trying to actually exploit the issue.
Version numbers are a very poor indicator of what software you are
running.
http://www.redhat.com/advice/speaks_backport.html
--
William Hooper