rpm version-release in Version strings of OpenSSH, Apache etc?
Pekka Savola
pekkas at netcore.fi
Fri Sep 26 15:59:37 UTC 2003
On Fri, 26 Sep 2003, Stephen Smoogen wrote:
> > > Would it make sense to add the rpm version-release strings in the OpenSSH,
> > > Apache, etc. banners, e.g. like..:
> > >
> > > SSH-1.99-OpenSSH_3.5p1 3.5p1-11
> > >
> > > instead of just:
> > >
> > > SSH-1.99-OpenSSH_3.5p1
> > >
> > > .. this should be rather straightforward for the build process.
> > >
> > > The gain would be that if you e.g. perform security scans in your network
> > > you could identify whether a patched version has been installed in the
> > > systems in question..
> > >
> >
> > The problem is, so can anyone else.
> >
>
> However security through obscurity is not security. The people who are
> looking for 'unpatched' servers are going to run the 4 line hack anyway
> with their autoscripts.
My point exactly. People who look for these to exploit them have the
exploits anyway, and use them in any case!
> The more interesting question would be if adding these strings would
> actually help you because each backdoor would just change the string to
> a 'patched' version so that your quick scanners would pass it over.
I think this is a separate discussion. In these environments, you
typically first do a port scan, and then check the ports with more detail.
1) such backdoors could be found in the port scan, and
2) if the box has already been compromised, you're out of luck already.
These procedures are meant to *prevent* that, not to detect compromised
hosts.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the fedora-devel-list
mailing list