Rootkithunter on FC1/FC2
Michael Schwendt
fedora at wir-sind-cool.org
Wed Aug 18 21:14:06 UTC 2004
On Thu, 19 Aug 2004 07:01:54 +1000 (EST), Michael Mansour wrote:
> Hi,
>
> I've recently installed RootkitHunter on my FC1/2
> machines and am concerned how it finds some vulnerable
> packages.
>
> A standard run on FC1 produces:
>
> * Application version scan
> - GnuPG 1.2.3
> [ Vulnerable ]
> - OpenSSH 3.6.1p2
> [ Vulnerable ]
-snip-
Most likely it just compares the software version numbers and doesn't take
into account any backported security fixes. Check the FC1/2 security
advisories or read the package changelogs (rpm -q --changelog ...).
More information about the fedora-list
mailing list