[Openvas-discuss] feeds updates
kalin at tpgny.com
Fri Feb 6 21:05:29 CET 2015
just a question on feeds updates...
i'm using openvas to pre-scan machines mostly for pci compliance.
a few days ago synched all the feeds to the current ones:
when i scanned with the "Full and very deep ultimate" i got a green
light from openvas - no alarms/threats...
than i requested a scan form a commercially available scanner. there was
a hit on the openssh version (see below). basically it was detecting the
a "vulnerable" openssh version.
question: CVE-2014-2653 was filed almost a year ago. was there any
particular reason why openvas didn't raise any flags on it?
vulnerability detected by a commercial scanner:
Status: Fail (This must be resolved for your device to be compliant).
Plugin: "OpenSSH SSHFP Record Verification Weakness"
Category: "Misc. "
Priority: "Medium Priority
Synopsis: A secure shell client on the remote host could be used to
bypass host verification methods.
Description: According to its banner, the version of OpenSSH running on
the remote host is 6.1 through 6.6. It is, therefore, affected by a host
verification bypass vulnerability related to SSHFP and certificates that
could allow a malicious SSH server to cause the supplied client to
inappropriately trust the server.
See also: http://thread.gmane.org/gmane.network.openssh.devel/20679
Risk factor: MEDIUM / CVSS BASE SCORE :4.3 CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Version source : SSH-2.0-OpenSSH_6.6
Installed version : 6.6
Fixed version : 6.7
Addition Information CVE: CVE-2014-2653
BID : 66459 Other references : OSVDB:105011
Solution: Update to version 6.7 or later or apply the vendor patch.
More information about the Openvas-discuss