[Openvas-discuss] feeds updates

kalin m kalin at tpgny.com
Fri Feb 6 21:05:29 CET 2015

hi all...

just a question on feeds updates...

i'm using openvas to pre-scan machines mostly for pci compliance.

a few days ago synched all the feeds to the current ones:

nvt 201501290738
scap 201501290703
cert 201501290650

when i scanned with the "Full and very deep ultimate" i got a green 
light from openvas - no alarms/threats...

than i requested a scan form a commercially available scanner. there was 
a hit on the openssh version (see below). basically it was detecting the 
a "vulnerable" openssh version.

question: CVE-2014-2653 was filed almost a year ago. was there any 
particular reason why openvas didn't raise any flags on it?


vulnerability detected by a commercial scanner:

Status:  Fail (This must be resolved for your device to be compliant).
Plugin:  "OpenSSH SSHFP Record Verification Weakness"
Category: "Misc. "
Priority: "Medium Priority

Synopsis:  A secure shell client on the remote host could be used to 
bypass host verification methods.
Description: According to its banner, the version of OpenSSH running on 
the remote host is 6.1 through 6.6. It is, therefore, affected by a host 
verification bypass vulnerability related to SSHFP and certificates that 
could allow a malicious SSH server to cause the supplied client to 
inappropriately trust the server.
See also: http://thread.gmane.org/gmane.network.openssh.devel/20679
Plugin output:
  Version source    : SSH-2.0-OpenSSH_6.6
  Installed version : 6.6
  Fixed version     : 6.7
Addition Information CVE: CVE-2014-2653
BID : 66459 Other references : OSVDB:105011

Solution:  Update to version 6.7 or later or apply the vendor patch.

More information about the Openvas-discuss mailing list