Re: nessus

To: Carles Pina i Estany <is08139@salleURL.edu>
Cc: debian-user-spanish@lists.debian.org
Subject: Re: nessus
From: Javier Fdz-Sanguino Pen~a <jfs@ieeesb.etsit.upm.es>
Date: Tue, 20 Nov 2001 12:20:16 +0100
Message-id: <[🔎] 20011120122016.A2871@ieeesb.etsit.upm.es>
In-reply-to: <[🔎] Pine.LNX.4.33.0111182029580.10651-100000@vela.salleURL.edu>; from is08139@salleURL.edu on Sun, Nov 18, 2001 at 08:32:58PM +0100
References: <[🔎] Pine.LNX.4.33.0111182029580.10651-100000@vela.salleURL.edu>

On Sun, Nov 18, 2001 at 08:32:58PM +0100, Carles Pina i Estany wrote:
> 
> Hola,
> 
> nessus, en el servicio ftp y ssh me dices que tengo un agujero en unas
> máquinas mias... actualizadas a debian security. Nessus dice:
> 
>     You are running a version of SSH which is
>     older than version 1.2.32,
>     or a version of OpenSSH which is older than
>     2.3.0.
> 
>     This version is vulnerable to a flaw which
>     allows an attacker to insert arbitrary commands
>     in a ssh stream.

	Sip. Nessus saca el número de version pero no comprueba
	el error (típico fallo de un servicio automático :)

[A> 
> pero yo voy al changelog.Debian de ssh y me dice:
> 
>   * Non-maintainer upload by Security Team
> ...
>   * Non-maintainer upload by Security Team
> 
> Supongos que esos parches varios de ssh de Debian hacen que no sea
> vulnerable, no?
> 
> Me fio tal cual? (no tengo ahora muchas ganas de probarlo, la verdad)

	Mira security.debian.org. Hay un DSA? Está tu sistema actualizado?

	Javi

Reply to:

References:
- nessus
  - From: Carles Pina i Estany <is08139@salleURL.edu>

Prev by Date: Re: fichero tex
Next by Date: Re: fichero tex
Previous by thread: Re: nessus
Next by thread: instalacion de kylix en debian
Index(es):
- Date
- Thread