Your message dated Mon, 16 Jan 2006 14:49:30 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#343487: fixed in nessus-core 2.2.5-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Dec 2005 16:17:38 +0000
>From [EMAIL PROTECTED] Thu Dec 15 08:17:38 2005
Return-path: <[EMAIL PROTECTED]>
Received: from 5301d.unt0.torres.l21.ma.zugschlus.de
([217.151.83.1] helo=torres.zugschlus.de ident=Debian-exim)
by spohr.debian.org with esmtp (Exim 4.50)
id 1EmvnW-0008V9-0V
for [EMAIL PROTECTED]; Thu, 15 Dec 2005 08:17:38 -0800
Received: from mh by torres.zugschlus.de with local (Exim 4.60)
(envelope-from <[EMAIL PROTECTED]>)
id 1EmvnU-0002TW-Ab
for [EMAIL PROTECTED]; Thu, 15 Dec 2005 17:17:36 +0100
Date: Thu, 15 Dec 2005 17:17:36 +0100
From: Marc Haber <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: nessusd: cannot connect to 2.2.5-3 server
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: nessusd
Version: 2.2.5-3
Severity: important
When I try to connect to a 2.2.5-3 server from a 2.2.5-2 or 2.2.5-3
client, the client says after hitting the "Login" button "SSL Error"
and says on stdout "[8157] SSL_connect: error:140943FC:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad record mac". Downgrading the
server to 2.2.5-2 makes the problem go away, upgrading to 2.2.5-3
makes it happen again.
A recompiled 2.2.5-3 on current sid exhibit the same behavior.
I suspect some library issue.
What i find strange: ldd of the working (2.2.5-2) daemon shows that
it's linked to both libssl.so.0.9.8 and libssl.so.0.9.7, while the
non-working (2.2.5-3) daemon is only linked against libssl.so.0.9.7.
I can reproduce the issue in a test chroot, so if you cannot see the
issue on your system, I can give you ssh access to a system that shows
the issue.
This is kind of important as there does not seem to be a possibility
to legally use nessus built from Debian with a registered plugin feed
at the moment.
Greetings
Marc
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14.3-scyw00225
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages nessusd depends on:
ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an
ii libnasl2 2.2.5-2+zg1 Nessus Attack Scripting Language,
ii libnessus2 2.2.5-1+zg1 Nessus shared libraries
ii libssl0.9.8 0.9.8a-5 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii nessus-plugins 2.2.5-6 Nessus plugins
ii openssl 0.9.8a-5 Secure Socket Layer (SSL) binary a
nessusd recommends no packages.
-- debconf information:
* nessusd/organization: Nessus Users United
* nessusd/califetime: 1460
* nessusd/province:
* nessusd/srvlifetime: 365
* nessusd/country:
* nessusd/certificate:
* nessusd/location:
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
---------------------------------------
Received: (at 343487-close) by bugs.debian.org; 16 Jan 2006 22:56:30 +0000
>From [EMAIL PROTECTED] Mon Jan 16 14:56:30 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EydAI-0000xV-6r; Mon, 16 Jan 2006 14:49:30 -0800
From: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#343487: fixed in nessus-core 2.2.5-4
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 16 Jan 2006 14:49:30 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2
Source: nessus-core
Source-Version: 2.2.5-4
We believe that the bug you reported is fixed in the latest version of
nessus-core, which is due to be installed in the Debian FTP archive:
nessus-core_2.2.5-4.diff.gz
to pool/main/n/nessus-core/nessus-core_2.2.5-4.diff.gz
nessus-core_2.2.5-4.dsc
to pool/main/n/nessus-core/nessus-core_2.2.5-4.dsc
nessus-dev_2.2.5-4_all.deb
to pool/main/n/nessus-core/nessus-dev_2.2.5-4_all.deb
nessus_2.2.5-4_i386.deb
to pool/main/n/nessus-core/nessus_2.2.5-4_i386.deb
nessusd_2.2.5-4_i386.deb
to pool/main/n/nessus-core/nessusd_2.2.5-4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]> (supplier of updated
nessus-core package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 31 Dec 2005 11:23:04 +0100
Source: nessus-core
Binary: nessus nessusd nessus-dev
Architecture: source all i386
Version: 2.2.5-4
Distribution: unstable
Urgency: low
Maintainer: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
Changed-By: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
Description:
nessus - Remote network security auditor, the client
nessus-dev - Nessus development header files
nessusd - Remote network security auditor, the server
Closes: 343487 346878
Changes:
nessus-core (2.2.5-4) unstable; urgency=low
.
* Remove all SSLv3 ciphers except for RC4 in the default nessusd.conf to
work around bug #338006 and #343487
(Closes: #343487)
* Remove xlibs-dev build-dependencies (Closes: #346878)
Files:
5f59622308d549cea1ea8853ef982942 932 admin optional nessus-core_2.2.5-4.dsc
735c63b3b28561ff7343a2ebbbf5e5a8 90082 admin optional
nessus-core_2.2.5-4.diff.gz
71f934074da3418970357043f7939fa8 36494 devel optional
nessus-dev_2.2.5-4_all.deb
9c57cdeb2f2d242630198c0a492eaea5 229302 admin optional nessus_2.2.5-4_i386.deb
8f1f9b345aebc541d3f0e2e0141ea315 215782 admin optional nessusd_2.2.5-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQCVAwUBQ8uHnPtEPvakNq0lAQLhDAQAjorUJYZYEgsOLVksCC6jTEJv/pOrDrOd
Fx4hrlLg9fSZHnTx+2qiIvdtj5tHxTrCIAJyL0DSOYoS9hpXmG2oOVtLop3o1cu+
LJWqIzUF5r+pCz+Wd0GR8Sv0/RAG0Xv4JzpGFQuZTNNfNNyrA+sjjRbk0+cqiWjr
RTODpTQUQXk=
=V4St
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
