[Info-vax] Is HP's TCP/IP Services for OpenVMS vulnerable?
Bob Koehler
koehler at eisner.nospam.encompasserve.org
Mon Aug 15 14:18:10 EDT 2011
In article <j2bhna$r7e$1 at news1.cse.ohio-state.edu>, DAVISM at ecr6.ohio-state.edu (Michael T. Davis) writes:
>
> ...which identifies our system as vulnerable. It parses the hello string
> from our SSH server, which reports a SSH version less than v3.2.2. According
> to the CERT site, HP's Tru64 is reported as "not vulnerable," but what about
> their TCP/IP stack for OpenVMS?
I've had a lot of trouble with nessus on VMS and other DEC products.
It claimed my Alphas were VAXen. It claimed my VT2000+ was running
VMS. It claimed my VT2000+ had open ports that no other port
scanner could find. It claimed my VMS systems had security issues
that might have been true for other implimentations of specific
versions of bind, ..., but were known not to be problems for
Multinet.
nessus was made the standard for security scanning. Fortunatley the
scanning guys listened when I told them what foolishness nessus was
up to.
More information about the Info-vax
mailing list