--- Begin Message ---
- To: "openssh-unix-dev@xxxxxxxxxxx" <openssh-unix-dev@xxxxxxxxxxx>
- Subject: Open SSH portable security
- From: "Boecking, Nicklas (DE - Duesseldorf)" <nboecking@xxxxxxxxxxx>
- Date: Wed, 26 Aug 2015 10:12:45 +0000
- Accept-language: en-US, en-GB
- Thread-index: AdDf5vsUHMC5Tl+/QrKlFpncZdndPw==
- Thread-topic: Open SSH portable security
Dear OpenSSH list, while performing a security audit for 3 different systems, I realized that 3 different OpenSSH portable versions are in place on the target systems. According to Nmap, OpenSSH 4.5p1, 5.8.p1 and 5.0p1 are used. While looking up for security vulnerabilities for these specific software versions, no vulnerabilities were listed for these portable versions on http://www.cvedetails.com/version-list/97/585/1/Openbsd-Openssh.html I have two questions regarding this: 1. Do vulnerabilities, found for non-portable versions also apply to the portable versions? Like CVEs from OpenSSH 5.8 to OpenSSH 5.8p1 2. If the answer to 1. Is no, do you know if there are any public known vulnerabilities for the listed portable versions and do you have a resource where to look this up beside "cvedetails" Thanks in advance and Best Regards, NicklasAttachment: smime.p7s
Description: S/MIME cryptographic signature
--- End Message ---
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev