Re: Which ssh should I have?

To: debian-security@lists.debian.org
Subject: Re: Which ssh should I have?
From: wds@bn319-1.ece.tntech.edu (Walter D. Sessions)
Date: Sat, 10 Nov 2001 17:41:02 -0600
Message-id: <[🔎] 20011110174102.A7655@sofiva.dyndns.org>

It seems that this discussion has been due to an over-zealous sysadmin. If one will check the Nessus
documentation (mailing lists), such "false positives" have been throughly debated. Many of the
scan scripts (nasl plugins) only check version numbers. Owing to this paradigm, nessus outputs
warnings in the log file concerning such false indicators. I have recently run the latest experimental
(cvs) release of Nessus against Potato. A security-hole is indicated along with a **Warning** of a possible
false positive.

The only way to fix the false positive problem would be to have Nessus actually crack the target. This idea is
greatly frowned upon!

Bottom line is that Potato ssh is secure relative to the CRC 32 compensation attack.

You might inform your sysadmin to check the Nessus mailing list archive or subscribe to it.

Albeit, VERY nicely though! :p

-Walter

wds8397@tntech.edu

Reply to:

Prev by Date: Re: Hard Disk Organization
Next by Date: [no subject]
Previous by thread: Re: Which ssh should I have?
Next by thread: Hacked stable system?
Index(es):
- Date
- Thread