It seems that this discussion has been due to an over-zealous sysadmin. If one will
check the Nessus
documentation (mailing lists), such false positives have been throughly debated.
Many of the
scan scripts (nasl plugins) only check version numbers. Owing to this paradigm, nessus
outputs
It seems that this discussion has been due to an over-zealous sysadmin. If one
will check the Nessus
documentation (mailing lists), such false positives have been throughly
debated. Many of the
scan scripts (nasl plugins) only check version numbers. Owing to this paradigm,
nessus outputs
In article [EMAIL PROTECTED]
[EMAIL PROTECTED] writes:
CERT tells me Debian potato is vulnerable. We might want to correct them
if they are wong.
http://www.cert.org/incident_notes/IN-2001-12.html
http://www.kb.cert.org/vuls/id/945216
tells me:
Vender Status Date updated
Debian
* NOKUBI Takatsugu [EMAIL PROTECTED] [011109 09:53]:
Vender Status Date updated
Debian Vulnerable 2-Nov-2001
OpenSSH on Debian is right, but ssh-nonfree is still vulnerable.
See http://bugs.debian.org/85725
It seems that some people think that even ssh in potato is unsafe. The
low
On Fri, Nov 09, 2001 at 11:26:49AM +0100, Ville Uski wrote:
Is there any harm from installing ssh from woody on potato? This does
not apply in my case, but I'd like to know.
No harm beyond getting it built right (no binary installs from
woody/sid into potato), and realizing that
On Fri, Nov 09, 2001 at 11:26:49AM +0100, Ville Uski wrote:
Is there any harm from installing ssh from woody on potato? This does
not apply in my case, but I'd like to know.
you can't, the dependencies will drag in half of woody.
you can backport the woody ssh packages to potato however.
* Ethan Benson [EMAIL PROTECTED] [011109 16:41]:
Is there any harm from installing ssh from woody on potato? This
does
not apply in my case, but I'd like to know.
you can't, the dependencies will drag in half of woody.
I suspected that, and suggested to a friend of mine to upgrade to
In article [EMAIL PROTECTED]
[EMAIL PROTECTED] writes:
CERT tells me Debian potato is vulnerable. We might want to correct them
if they are wong.
http://www.cert.org/incident_notes/IN-2001-12.html
http://www.kb.cert.org/vuls/id/945216
tells me:
Vender Status Date updated
Debian
* NOKUBI Takatsugu [EMAIL PROTECTED] [011109 09:53]:
Vender Status Date updated
Debian Vulnerable 2-Nov-2001
OpenSSH on Debian is right, but ssh-nonfree is still vulnerable.
See http://bugs.debian.org/85725
It seems that some people think that even ssh in potato is unsafe. The
low version
On Fri, Nov 09, 2001 at 11:26:49AM +0100, Ville Uski wrote:
Is there any harm from installing ssh from woody on potato? This does
not apply in my case, but I'd like to know.
No harm beyond getting it built right (no binary installs from
woody/sid into potato), and realizing that
On Fri, Nov 09, 2001 at 11:26:49AM +0100, Ville Uski wrote:
Is there any harm from installing ssh from woody on potato? This does
not apply in my case, but I'd like to know.
you can't, the dependencies will drag in half of woody.
you can backport the woody ssh packages to potato however.
--
* Ethan Benson [EMAIL PROTECTED] [011109 16:41]:
Is there any harm from installing ssh from woody on potato? This
does
not apply in my case, but I'd like to know.
you can't, the dependencies will drag in half of woody.
I suspected that, and suggested to a friend of mine to upgrade to
Wichert Akkerman [EMAIL PROTECTED] immo vero scripsit
That's because nessus only checks the version number, and since we
backported the patch we still have the old version number even though
we are safe.
CERT tells me Debian potato is vulnerable. We might want to correct them
if they are
Wichert Akkerman [EMAIL PROTECTED] immo vero scripsit
That's because nessus only checks the version number, and since we
backported the patch we still have the old version number even though
we are safe.
CERT tells me Debian potato is vulnerable. We might want to correct them
if they are
Hi,
I just joined the list after the admin of the network in my house had
complained that sshd running in my computer is remotely exploitable. I
asked for more details and he only said it's the bug in the crc32 bit.
He also told me to install the newest version of openssh. The problem is
now
Where can I get the opensource ssh?
tks
On Wed, 07 Nov 2001, Ville Uski wrote:
Hi,
I just joined the list after the admin of the network in my house had
complained that sshd running in my computer is remotely exploitable. I
asked for more details and he only said it's the bug in the crc32
Hello,
www.freshmeat.net
Or if your running debian do an apt-get install ssh (most recommended)
Ed
-Original Message-
From: Osvaldo Mundim Junior [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 07, 2001 7:47 AM
To: [EMAIL PROTECTED]
Subject: Re: Which ssh should I have
On Wed, 07 Nov 2001, Ville Uski wrote:
The ssh package I currently have is ssh_1.2.3-9.3_i386.deb.
I have understood that the crc32 bug was already found in February so I
find it hard to believe that it's not already fixed on debian (I'm
running woody on a laptop PC). I should have all
On Wed, 07 Nov 2001, jigal wrote:
Here you find a reference to the vuln, fixed.
http://www.debian.org/security/2001/dsa-027
I am sorry I found by reading it again it doesn't mention it.
But I found this in the archives of the security mailinglist:
* jigal [EMAIL PROTECTED] [011107 14:20]:
But I found this in the archives of the security mailinglist:
http://lists.debian.org/debian-security/2001/debian-security-200102/msg00138.html
The previous mail in the thread references to:
In message [EMAIL PROTECTED], Ville Uski writes:
* jigal [EMAIL PROTECTED] [011107 14:20]:
But I found this in the archives of the security mailinglist:
http://lists.debian.org/debian-security/2001/debian-security-200102/msg00138
.html
The previous mail in the thread references to:
* Ted Cabeen [EMAIL PROTECTED] [011107 18:11]:
Make sure that you have the security site in your
/etc/apt/sources.list file. If you do, and apt-get update; apt-get
upgrade says you're up to date, then you're fine. In general, the
security team patches the current version to fix security
Quoting Ted Cabeen ([EMAIL PROTECTED]):
Hm, why should I do that? Is my admin right when he thinks that my
current sshd is vulnerable? I have the latest stable precompiled
package, i.e. the default ssh installed.
Make sure that you have the security site in your /etc/apt/sources.list file.
Previously Ville Uski wrote:
Thanks for info. Yes, I have that line in my sources.list, and I also
believe I am fine. Our network admin used the nessus ssh plugin to scan
the network. He only says that nessus gives a warning about my computer
(concerning the crc bug) and knows nothing more.
* Wichert Akkerman [EMAIL PROTECTED] [011107 18:54]:
That's because nessus only checks the version number, and since we
backported the patch we still have the old version number even though
we are safe.
This also occurred to me, but appeared too trivial a solution...
Well, I guess that's it.
Hi,
I just joined the list after the admin of the network in my house had
complained that sshd running in my computer is remotely exploitable. I
asked for more details and he only said it's the bug in the crc32 bit.
He also told me to install the newest version of openssh. The problem is
now
Where can I get the opensource ssh?
tks
On Wed, 07 Nov 2001, Ville Uski wrote:
Hi,
I just joined the list after the admin of the network in my house had
complained that sshd running in my computer is remotely exploitable. I
asked for more details and he only said it's the bug in the crc32
Hello,
www.freshmeat.net
Or if your running debian do an apt-get install ssh (most recommended)
Ed
-Original Message-
From: Osvaldo Mundim Junior [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 07, 2001 7:47 AM
To: debian-security@lists.debian.org
Subject: Re: Which ssh should
On Wed, 07 Nov 2001, Ville Uski wrote:
The ssh package I currently have is ssh_1.2.3-9.3_i386.deb.
I have understood that the crc32 bug was already found in February so I
find it hard to believe that it's not already fixed on debian (I'm
running woody on a laptop PC). I should have all the
On Wed, 07 Nov 2001, jigal wrote:
Here you find a reference to the vuln, fixed.
http://www.debian.org/security/2001/dsa-027
I am sorry I found by reading it again it doesn't mention it.
But I found this in the archives of the security mailinglist:
* jigal [EMAIL PROTECTED] [011107 14:20]:
But I found this in the archives of the security mailinglist:
http://lists.debian.org/debian-security/2001/debian-security-200102/msg00138.html
The previous mail in the thread references to:
In message [EMAIL PROTECTED], Ville Uski writes:
* jigal [EMAIL PROTECTED] [011107 14:20]:
But I found this in the archives of the security mailinglist:
http://lists.debian.org/debian-security/2001/debian-security-200102/msg00138
.html
The previous mail in the thread references to:
* Ted Cabeen [EMAIL PROTECTED] [011107 18:11]:
Make sure that you have the security site in your
/etc/apt/sources.list file. If you do, and apt-get update; apt-get
upgrade says you're up to date, then you're fine. In general, the
security team patches the current version to fix security bugs
Previously Ville Uski wrote:
Thanks for info. Yes, I have that line in my sources.list, and I also
believe I am fine. Our network admin used the nessus ssh plugin to scan
the network. He only says that nessus gives a warning about my computer
(concerning the crc bug) and knows nothing more.
Quoting Ted Cabeen ([EMAIL PROTECTED]):
Hm, why should I do that? Is my admin right when he thinks that my
current sshd is vulnerable? I have the latest stable precompiled
package, i.e. the default ssh installed.
Make sure that you have the security site in your /etc/apt/sources.list file.
* Wichert Akkerman [EMAIL PROTECTED] [011107 18:54]:
That's because nessus only checks the version number, and since we
backported the patch we still have the old version number even though
we are safe.
This also occurred to me, but appeared too trivial a solution...
Well, I guess that's it.
36 matches
Mail list logo