This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenSSH 6.2 and 6.3 AES-GCM Cipher Memory Corruption

We have recently ran a Nessus scan against our UTM box that flagged a potentially high vulnerability that OpenSSH is out of date and could be affected by memory corruption.

We were wondering whether this is something that will/has been patched via a UTM update, or something we have to patch ourselves?

This thread was automatically locked due to age.

Parents

0 William Warren over 10 years ago

We have recently ran a Nessus scan against our UTM box that flagged a potentially high vulnerability that OpenSSH is out of date and could be affected by memory corruption.

We were wondering whether this is something that will/has been patched via a UTM update, or something we have to patch ourselves?

many external scans throw false positives against things like utm. Many times it is because the version number is "older" than the latest. Distributions backport fixes from newer version to older versions. did you run this against the wan interface or the lan interface? Also do you have the ssh port on the wan open to all addresses?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 William Warren over 10 years ago

We have recently ran a Nessus scan against our UTM box that flagged a potentially high vulnerability that OpenSSH is out of date and could be affected by memory corruption.

We were wondering whether this is something that will/has been patched via a UTM update, or something we have to patch ourselves?

many external scans throw false positives against things like utm. Many times it is because the version number is "older" than the latest. Distributions backport fixes from newer version to older versions. did you run this against the wan interface or the lan interface? Also do you have the ssh port on the wan open to all addresses?
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data