[Info-vax] Is HP's TCP/IP Services for OpenVMS vulnerable?
Michael T. Davis
DAVISM at ecr6.ohio-state.edu
Mon Aug 15 12:32:42 EDT 2011
We're running...
HP TCP/IP Services for OpenVMS Alpha Version V5.6 - ECO 3
on an AlphaServer DS15 running OpenVMS V8.3
Our security folks keep reporting this system as vulnerable to the "SSH
Secure Shell without PTY setsid() Function Privilege Escalation" issue:
http://www.kb.cert.org/vuls/id/740619
In particular, they're relying on scans from Nessus...
http://www.tenable.com/products/nessus
...which identifies our system as vulnerable. It parses the hello string
from our SSH server, which reports a SSH version less than v3.2.2. According
to the CERT site, HP's Tru64 is reported as "not vulnerable," but what about
their TCP/IP stack for OpenVMS?
Regards,
Mike
More information about the Info-vax
mailing list