[Info-vax] Is HP's TCP/IP Services for OpenVMS vulnerable?
Richard Maher
maher_rj at hotspamnotmail.com
Tue Aug 16 04:44:04 EDT 2011
"Michael T. Davis" <DAVISM at ecr6.ohio-state.edu> wrote in message
news:j2bhna$r7e$1 at news1.cse.ohio-state.edu...
> We're running...
>
> HP TCP/IP Services for OpenVMS Alpha Version V5.6 - ECO 3
> on an AlphaServer DS15 running OpenVMS V8.3
>
> Our security folks keep reporting this system as vulnerable to the "SSH
> Secure Shell without PTY setsid() Function Privilege Escalation" issue:
>
> http://www.kb.cert.org/vuls/id/740619
>
> In particular, they're relying on scans from Nessus...
>
> http://www.tenable.com/products/nessus
>
> ...which identifies our system as vulnerable. It parses the hello string
> from our SSH server, which reports a SSH version less than v3.2.2.
> According
> to the CERT site, HP's Tru64 is reported as "not vulnerable," but what
> about
> their TCP/IP stack for OpenVMS?
Hi Mike,
As a side issue, did you pay for the reporting option with Nessus or did you
write your own?
We've got a guy here trying to parse the XML out into some useful RDBMS
schema and would be interested if there was some open source effort
available.
>
> Regards,
> Mike
Cheers Richard Maher
More information about the Info-vax
mailing list