The author of rkhunter was unaware that SuSE provides package patches
for security updates rather than version updated packages. This
causes a section of the root-kit check to report erroneously, example
for my SuSE 9.0:
*** report from rkhunter ***
* Application version scan
- GnuPG 1.2.2 [ Vulnerable ]
- Apache 1.3.28 [ Vulnerable ]
- OpenSSL 0.9.7b [ Vulnerable ]
- PHP 4.3.3 [ Vulnerable ]
- Procmail MTA 3.15.1 [ Vulnerable ]
- OpenSSH 3.7.1p2 [ Unknown ]
*** my security updated versions ***
- GnuPG 1.2.2 gpg-1.2.2-121
- Apache 1.3.28 apache-1.3.28-74 apache2-2.0.48-128
- OpenSSL 0.9.7b openssl-0.9.7b-133
- PHP 4.3.3 mod_php4-4.3.3-177 apache2-mod_php4-4.3.3-177
- Procmail MTA 3.15.1 procmail-3.15.1-479
- OpenSSH 3.7.1p2 openssh-3.7.1p2-113
If he knows the *current* patched versions for the six packages cited
above, he can correctly report. This information is requested for the
following supported SuSE versions: 7.3 / 8.0 / 8.1 / 8.2 / 9.0 / 9.1
If, as you obtain security updates, you would make notice of the
update patch version number, he could update the rkhunter index to
properly report vulnerabilities.
This test is of benefit for us all and, I believe, a good thing.
If the information is posted to this list, I will forward to him or
you may mail him direct:
Michael Boelen