Developers Documentation

×

Warning

0 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


OpenSSH 4.3 is Vulnerable

This entry from Security Metrics is followed up with a long laundry list of CVEs. The main one is CVE-2006-5051.

While this version of ClearOS run version 4.3 of Apache, fixes to the code will be maintained until September 2013 for ClearOS Enterprise (free) and December 2015 for ClearOS Enterprise (free).

Make sure your ClearOS is up to date.

ClearCenter response

Short response

ClearOS contains backported fixes for SSH 4.3.

Long response

Reports that ClearOS are affected by this vulnerability are grossly inaccurate and represent an inability for the audit system to properly distinguish between normal and backported versions of SSH running on Linux.

Resolution

Run updates to ensure that you are up to date.

yum update
content/en_us/kb_3rdparty_security_metrics_openssh_4.3_is_vulnerable.txt · Last modified: 2015/01/29 09:46 (external edit)

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Akb_3rdparty_security_metrics_openssh_4.3_is_vulnerable&1568839199