Nessus
Platforms:
FreeBSD,
IRIX,
Linux,
NetBSD,
OpenBSD,
Solaris
Categories:
Auditing,
General,
Network,
Ports,
RPC,
Trojans & Backdoors,
Web
Version: v2.0.9
URL: http://www.nessus.org/
Nessus is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is multi-threaded and plug-in-based, has a GTK interface, and performs over 500 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems.
re: Nessus (excellent tool by the way)
in /usr/local/lib/nessus/plugins/ssh_crc32.nasl
the name of the vulnerability (SSH1 CRC32 compensation
attack) is correct, but the description and risk
factor are incorrect.
Remove...
> This version is vulnerable to a flaw which
> allows an attacker to insert arbitrary commands
> in a ssh stream.
Add...
> SSH versions from 1.2.24 to 1.2.31 and
> OpenSSH prior to version 2.3.0 are vulnerable
> to an integer overflow condition, allowing
> an attacker to gain root privileges remotely.
> Known exploits are available for at least
> some architectures.
Remove...
Risk factor : Serious";
In other words, I think the description is downplaying
the risk. Given the recent rash of ssh scans, and
compromises, this could be important.
[ reply ]