On Wed, Oct 23, 2002 at 09:03:16AM -0400, Adam Mazza wrote: > > Hi, > > After performing a nessus scan on a site, I was alerted to the the version > of ssh running on one of th hosts, in this case the version is > "SSH-1.5-1.2.27". The only alert that came up was for a reference to > CVE-2000-0575 which describes a problem if you have ssh compiled with > kerberos support. My question is, this version of ssh has other, and in my > opinion more serious vulnerabilities, should thos have been caught as > well?
AFAIK, this is the "commercial" sshd, which has no other vulnerability whatsoever (don't mix it up with OpenSSH) - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
