rpm version-release in Version strings of OpenSSH, Apache etc?
Stephen Smoogen
smoogen at lanl.gov
Fri Sep 26 15:21:45 UTC 2003
On Fri, 2003-09-26 at 06:51, Vincent wrote:
> On Fri, 26 Sep 2003 12:30:00 +0300 (EEST)
> Pekka Savola <pekkas at netcore.fi> wrote:
>
> > Hi,
> >
> > Would it make sense to add the rpm version-release strings in the OpenSSH,
> > Apache, etc. banners, e.g. like..:
> >
> > SSH-1.99-OpenSSH_3.5p1 3.5p1-11
> >
> > instead of just:
> >
> > SSH-1.99-OpenSSH_3.5p1
> >
> > .. this should be rather straightforward for the build process.
> >
> > The gain would be that if you e.g. perform security scans in your network
> > you could identify whether a patched version has been installed in the
> > systems in question..
> >
>
> The problem is, so can anyone else.
>
However security through obscurity is not security. The people who are
looking for 'unpatched' servers are going to run the 4 line hack anyway
with their autoscripts.
The more interesting question would be if adding these strings would
actually help you because each backdoor would just change the string to
a 'patched' version so that your quick scanners would pass it over.
--
Stephen John Smoogen smoogen at lanl.gov
Los Alamos National Labrador CCN-5 Sched 5/40 PH: 4-0645 (note new #)
Ta-03 SM-1498 MailStop B255 DP 10S Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --
More information about the fedora-devel-list
mailing list