Jump to content

Rkhunter-openssl vulnerable


securitybreach

Recommended Posts

securitybreach

I have Slackware 10.2 and whenever I run rkhunter I get the following:

Scanning OpenSSL...[00:38:07] /usr/bin/openssl found[00:38:07] Version 0.9.7g seems to be vulnerable (if unpatched)!Check: SSH   Searching for sshd_config...    Found /etc/ssh/sshd_config   Checking for allowed root login... Watch out Root login possible. Possible risk!	info: 	Hint: See logfile for more information about this issue   Checking for allowed protocols...						  [ Warning (SSH v1 allowed) ]

How can I patch openssl and also how can I prevent root login with ssh? Thanx

Link to comment
Share on other sites

This looks like a reference with the security patch you might need:http://slackware.com/security/viewer.php?l...security.555090Note I say "might" because even with the patch it looks like the release number is the same. Some distros don't increment the version number when it's just a security fix and there's no way for rkhunter to know this since it only goes by the version number. Doesn't hurt to run the upgrade commands though. If you have the latest release, nothing should happen or it'll tell you you already have it.

Link to comment
Share on other sites

securitybreach

I already installed the patched openssl and rkhunter still sees it as a vulnerability. Oh well. Thanks anyway linuxdud32

This looks like a reference with the security patch you might need:http://slackware.com/security/viewer.php?l...security.555090Note I say "might" because even with the patch it looks like the release number is the same. Some distros don't increment the version number when it's just a security fix and there's no way for rkhunter to know this since it only goes by the version number. Doesn't hurt to run the upgrade commands though. If you have the latest release, nothing should happen or it'll tell you you already have it.
Link to comment
Share on other sites

I already installed the patched openssl and rkhunter still sees it as a vulnerability. Oh well. Thanks anyway linuxdud32
You're welcome. I get the same issue sometimes when I run it under SUSE. SUSE has been known to backport patches to previous releases but rkhunter still thinks it's unpatched. As long as you keep up-to-date on patches then you're know you're right and it's wrong. :thumbsup:
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...