OpenSSL 0.9.7a seems to be vulnerable (was: Re: LKM Trojan)
Ow Mun Heng
Ow.Mun.Heng at wdc.com
Thu Dec 2 02:44:34 UTC 2004
On Wed, 2004-12-01 at 10:21, Alexander Dalloz wrote:
> Am Mi, den 01.12.2004 schrieb Rahul Sundaram um 2:15:
>
> > > Its a false positive. Lame tools just checking for application version
> > > numbers bring lame results.
>
> > whats the alternative?
>
> > Rahul Sundaram
>
> Good question - next one ;) Seriously, from my observation such tools
> alerting based on version numbers (nessus is such a application too)
> make unexperienced users uncertain.
I agree
> Experienced users don't profit by
> such tests, they know where to look for the (in)security reports and how
> to find out whether the own applications are safe because up to date
> (either because self compilations or using distribution packages which
> are patched).
One can always use the rpm -q --changelog packagename .
> Maybe pointing user's attention to possible security issues is not that
> bad at all as it may rise up sensibility. But too much false positives
> then are counter productive, I fear.
Well, at least i they are new, then the question should be asked. Or at
least googled.
>
> Regards
>
> Alexander
--
Ow Mun Heng
Gentoo/Linux on D600 1.4Ghz
Neuromancer 20:13:12 up 22 min, 1 average: 0.18, 0.16, 0.17
More information about the fedora-list
mailing list