[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Problem with rkhunter and update



Franco said:
> Hi, if i start rkunter it tell me this :
>
>
> - OpenSSL 0.9.7a                    [ Vulnerable]
> - OpenSSH 3.6.1p2                   [ Vulnerable]
>
>
> but fedora don't release update, i know that i can upgrade OpenSSH from
> rpm and also fron source but i try to upgrade OpenSSL and all seams to
> install fine but rkhunter don't see the new installation and tell me that
> OpenSSL 0.9.7a is Vulnerable.

Checkout question B8 in the rkhunter FAQ.

http://www.rootkit.nl/articles/rootkit_hunter_faq.html

Like most "vulnerablity scanners", this one is relying on version number. 
This means it will almost always give you false positives on any Fedora or
Red Hat system because of the practice of keeping the stable version and
backporting the fixes.

http://www.redhat.com/advice/speaks_backport.html

-- 
William Hooper


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]