Rootkithunter on FC1/FC2
Michael Mansour
micoots at yahoo.com
Wed Aug 18 21:01:54 UTC 2004
Hi,
I've recently installed RootkitHunter on my FC1/2
machines and am concerned how it finds some vulnerable
packages.
A standard run on FC1 produces:
* Application version scan
- GnuPG 1.2.3
[ Vulnerable ]
- Apache 2.0.50
[ OK ]
- Bind DNS [unknown]
[ OK ]
- OpenSSL 0.9.7a
[ Vulnerable ]
- PHP 4.3.8
[ OK ]
- Procmail MTA 3.22
[ OK ]
- OpenSSH 3.6.1p2
[ Vulnerable ]
A standard run on FC2 produces:
* Application version scan
- GnuPG 1.2.4
[ OK ]
- Apache 2.0.50
[ OK ]
- Bind DNS [unknown]
[ OK ]
- OpenSSL 0.9.7a
[ Vulnerable ]
- PHP 4.3.8
[ OK ]
- Procmail MTA 3.22
[ OK ]
- OpenSSH 3.6.1p2
[ Vulnerable ]
RKhunter doesn't say what vulnerabilities exist in
these packages, but since they do have vulnerabilities
why don't Fedora patch these?
Michael.
Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com
More information about the fedora-list
mailing list