Jump to content


Rkhunter-openssl vulnerable


  • Please log in to reply
5 replies to this topic

#1 ONLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 16,368 posts

Posted 22 November 2005 - 01:50 AM

I have Slackware 10.2 and whenever I run rkhunter I get the following:
Scanning OpenSSL...[00:38:07] /usr/bin/openssl found[00:38:07] Version 0.9.7g seems to be vulnerable (if unpatched)!Check: SSH   Searching for sshd_config...	Found /etc/ssh/sshd_config   Checking for allowed root login... Watch out Root login possible. Possible risk!	info: 	Hint: See logfile for more information about this issue   Checking for allowed protocols...						  [ Warning (SSH v1 allowed) ]
How can I patch openssl and also how can I prevent root login with ssh?  Thanx
Posted ImagePosted Image Posted Image
CNI Radio/Archlinux G+/Configs/PGP Key π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#2 OFFLINE   quint

quint

    Linux Miner

  • Forum MVP
  • 3,898 posts

Posted 22 November 2005 - 03:00 AM

securitybreach,There may be something here that you can apply:Root accessHTH. :hysterical:
~ Linux User # 314972 ~ Ubuntu User # 12930 ~

If you tell the truth you don't have to remember anything.
                -- Mark Twain



#3 ONLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 16,368 posts

Posted 22 November 2005 - 12:59 PM

View Postquint, on Nov 22 2005, 01:00 AM, said:

securitybreach,There may be something here that you can apply:Root accessHTH. :hysterical:
That fixes SSH. Thanks quint
Posted ImagePosted Image Posted Image
CNI Radio/Archlinux G+/Configs/PGP Key π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#4 OFFLINE   linuxdude32

linuxdude32

    Board Bigwig

  • Members
  • PipPipPipPipPipPipPipPipPipPipPip
  • 2,702 posts

Posted 22 November 2005 - 04:59 PM

This looks like a reference with the security patch you might need:http://slackware.com...security.555090Note I say "might" because even with the patch it looks like the release number is the same. Some distros don't increment the version number when it's just a security fix and there's no way for rkhunter to know this since it only goes by the version number. Doesn't hurt to run the upgrade commands though. If you have the latest release, nothing should happen or it'll tell you you already have it.
Jason Wallwork

#5 ONLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 16,368 posts

Posted 22 November 2005 - 05:29 PM

I already installed the patched openssl and rkhunter still sees it as a vulnerability. Oh well. Thanks anyway linuxdud32

View Postlinuxdude32, on Nov 22 2005, 02:59 PM, said:

This looks like a reference with the security patch you might need:http://slackware.com...security.555090Note I say "might" because even with the patch it looks like the release number is the same. Some distros don't increment the version number when it's just a security fix and there's no way for rkhunter to know this since it only goes by the version number. Doesn't hurt to run the upgrade commands though. If you have the latest release, nothing should happen or it'll tell you you already have it.

Posted ImagePosted Image Posted Image
CNI Radio/Archlinux G+/Configs/PGP Key π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#6 OFFLINE   linuxdude32

linuxdude32

    Board Bigwig

  • Members
  • PipPipPipPipPipPipPipPipPipPipPip
  • 2,702 posts

Posted 23 November 2005 - 03:56 PM

View Postsecuritybreach, on Nov 22 2005, 04:29 PM, said:

I already installed the patched openssl and rkhunter still sees it as a vulnerability. Oh well. Thanks anyway linuxdud32
You're welcome. I get the same issue sometimes when I run it under SUSE. SUSE has been known to backport patches to previous releases but rkhunter still thinks it's unpatched.  As long as you keep up-to-date on patches then you're know you're right and it's wrong. :thumbsup:
Jason Wallwork




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users