Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vladimir
Champion
Champion

SSH vulnerability detected, please verify.

I've been using Nmap vulners plugin for the past months and it seem to be pretty accurate, so I am a bit concerned with the results of today's scan of my lab network:

Nessus sees mostly nuisance vulnerabilities and does not complain about  CVE-2006-5051:

The rating of 9.3 is listed here:  NVD - CVE-2006-5051 it was modified on 10/10/2017.

0 Kudos
Reply
6 Replies
PhoneBoy
Admin
Admin

The problem with most vulnerability scanners is they just say "On, you're running OpenSSH 4.3" and therefore must be vulnerable to this laundry list of CVEs without actually checking if it's a real issue or not.

Even though we're still running OpenSSH 4.3, we've patched the issue.

Refer to: Check Point response to OpenSSH vulnerabilities: CVE-2006-5051 and CVE-2006-4924 

0 Kudos
Reply
Vladimir
Champion
Champion

Last update on CP in the link you have included is from 15-May-2014. The reclassification happen on 10/10/2017.

0 Kudos
Reply
PhoneBoy
Admin
Admin

NVD may have changed the classification for the problem in October 2017, but the underlying issue (and fix) is the same as it was back in 2006 when the issue was first discovered.

Thus there's nothing to update in the SK.

Vladimir
Champion
Champion

Very well. Can you delete this post?

0 Kudos
Reply
Vladimir
Champion
Champion

That being said, the statement is still valid, maybe SK date should simply be updated.

PhoneBoy
Admin
Admin

Don't see a reason to delete it as the general topic is bound to come up again.

It sure did in the days I worked in the TAC