Mailinglist Archive: opensuse-security (9 mails)

< Previous Next >
Re: [opensuse-security] openSSH, 11.3 and CVE-2011-0539
On Monday 18 July 2011 at 11:43 Marcus Meissner wrote:

Presumably there are no 'gotchas' if we install the factor version on
11.3? It will probably turn out to be easier than convincing
securitymetrics that their scanner is wrong.

Try it, if it works you will know immediatey, if it does not also...


:-)

You should really push back, otherwise they will come back and back and
back....

Oh yes. These guys even fail you for running an ftp server. Despite the fact
that the failure report acknowledges that a correctly configured ftp server is
not a security risk. (And, of course, we are running vsftp.)

And the latest scan fails us for various XSS errors that they claim are PHP
based. In fact the site is running on Python :-) They are probably right
about the XSS vulnerability but one tends to lose confidence in them because
they add so much bullshit.

Treaten to get a different auditor with more clues.

I wish. I think they were chosen by the bank.


Paul
--
Paul Reeves
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
List Navigation