[23064] in bugtraq
Re: vulnerability diagnosis in "nessus" incorrect...
daemon@ATHENA.MIT.EDU (Renaud Deraison)
Mon Nov 5 12:01:11 2001
Date: Mon, 5 Nov 2001 11:45:03 +0100
From: Renaud Deraison <deraison@cvs.nessus.org>
To: bugtraq@securityfocus.com
Message-ID: <20011105114503.A32012@nessus.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.GSO.4.05.10111041620000.13945-100000@engmail.uwaterloo.ca>; from bruce@engmail.uwaterloo.ca on Sun, Nov 04, 2001 at 04:20:44PM -0500
On Sun, Nov 04, 2001 at 04:20:44PM -0500, Bruce Campbell wrote:
>
> concerning remote root exploit vulnerability in ssh prior to 1.2.32...
>
> vulnerability diagnosis in "nessus" incorrect leading to possible false
> sense of security.
>
This is fixed in CVS, and Nessus users can use nessus-update-plugins(1)
to get the fixed version.
For those who don't want to use CVS but would rather use packages, they
will have to wait for the releases 1.0.10 and 1.1.9 of Nessus.
Sorry for the inconvenience caused,
-- Renaud
--
Renaud Deraison
The Nessus Project
http://www.nessus.org
