OpenSSL 0.9.7a seems to be vulnerable (was: Re: LKM Trojan)
Alexander Dalloz
ad+lists at uni-x.org
Wed Dec 1 02:21:08 UTC 2004
Am Mi, den 01.12.2004 schrieb Rahul Sundaram um 2:15:
> > Its a false positive. Lame tools just checking for application version
> > numbers bring lame results.
> whats the alternative?
> Rahul Sundaram
Good question - next one ;) Seriously, from my observation such tools
alerting based on version numbers (nessus is such a application too)
make unexperienced users uncertain. Experienced users don't profit by
such tests, they know where to look for the (in)security reports and how
to find out whether the own applications are safe because up to date
(either because self compilations or using distribution packages which
are patched).
Maybe pointing user's attention to possible security issues is not that
bad at all as it may rise up sensibility. But too much false positives
then are counter productive, I fear.
Regards
Alexander
--
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp
Serendipity 03:20:42 up 10 days, 22:08, load average: 0.23, 0.49, 0.55
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041201/9ae09d11/attachment-0001.sig>
More information about the fedora-list
mailing list