Subject: openssh older than 3.7.1 and nessus check
To: None <>
From: David Brownlee <>
List: tech-security
Date: 11/24/2004 13:15:46
 	Nessus reports against a 2.0_RC4 box that is is running a
 	version of OpenSSH older than 3.7.1 which is vulnerable
 	against a buffer exploit.

 	AFAIK the 3.6.1 intree has been be patched for this. Nessus
 	has an option to map versions. Can someone confirm which
 	OpenSSH version (exploitwise) corresponds to
 	NetBSD_Secure_Shell-20030917, would it be OpenSSH_3.7.1p2 ?

 			   David Brownlee --