Subject: openssh older than 3.7.1 and nessus check
To: None <email@example.com>
From: David Brownlee <firstname.lastname@example.org>
Date: 11/24/2004 13:15:46
Nessus reports against a 2.0_RC4 box that is is running a
version of OpenSSH older than 3.7.1 which is vulnerable
against a buffer exploit.
AFAIK the 3.6.1 intree has been be patched for this. Nessus
has an option to map versions. Can someone confirm which
OpenSSH version (exploitwise) corresponds to
NetBSD_Secure_Shell-20030917, would it be OpenSSH_3.7.1p2 ?
David Brownlee -- email@example.com