Hi,
I have OpenSSH
OpenSSH_3.8.1p1 Debian-8.sarge.4, OpenSSL 0.9.7e 25 Oct 2004
security audit check said that :
----------------------------------
You are running a version of SSH which is older than (or as old as) version
1.2.27. If this version was compiled against the RSAREF library, then it is
very
likely to be vulnerable to a buffer overflow which may be exploited by an
attacker to gain root privileges on your system.
To determine if you compiled ssh against the RSAREF library, type 'ssh -V'
on the remote host.
Risk factor : High
Solution : Use ssh 2.x, or do not compile ssh against the RSAREF library
-----------------------------------
Can anybody say if is that true, nad what to do with it?
ssh -V gives back -> OpenSSH_3.8.1p1 Debian-8.sarge.4, OpenSSL 0.9.7e 25 Oct
2004
Michal Sedlak
technical manager
E-mail: [EMAIL PROTECTED]
Mobil: +421 910 539 867
---------------------------------------
DFX, s.r.o.
Dubravska cesta 9
SK 84105 Bratislava
Tel.: +421 2 5465 0336
Fax: +421 2 5465 0337
www.dfx.sk
-------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
