OpenSSL 0.9.7a seems to be vulnerable (was: Re: LKM Trojan)
scootgirl.com
zolkat79 at dslextreme.com
Wed Dec 1 01:04:12 UTC 2004
----- Original Message -----
From: "Rahul Sundaram" <rahulsundaram at gmail.com>
To: "For users of Fedora Core releases" <fedora-list at redhat.com>
Sent: Tuesday, November 30, 2004 4:22 PM
Subject: Re: LKM Trojan
> Hi
>
>
>> I used to have lots of false positives , so I just quit using chkrootkit
>> (as my machine isnt all that sensitive and I secured it the best I
>> can..)..
>>
>
> rkhunter (ww.rootkit.nl) can be a nice alternative
Hi Rahul,
I used that tool and it said everything on my system was OK except the
following:
[16:55:09] Scanning OpenSSL...
[16:55:09] /usr/bin/openssl found
[16:55:09] Version 0.9.7a seems to be vulnerable (if unpatched)!
I wonder if this is a false positive since I use the up2date tool
frequently. If not, where can I get this patch?
Thanks,
Karen
http://scootgirl.com/
More information about the fedora-list
mailing list