OpenSSH < 4.4 Multiple GSSAPI Vulnerabilities & OpenSSH X11 Session Hijacking Vulnerability

OpenSSH < 4.4 Multiple GSSAPI Vulnerabilities & OpenSSH X11 Session Hijacking Vulnerability

The OpenSSH version has actually been patched on our servers for more than a year when the exploit was first announced by the makers of the software. While the version number remains the same, the actual code in the program was modified as per vendor specs. PCI scanning companies appear to be searching for just the version number, and since the number matches that which is in their exploitable list, they are coming up with a false positive match.

You can safely notify them that this has been resolved on our servers.

If they reject the "false positive" notification, please ask them to provide steps to TEST their detection.

reviewed: 10/31/2016


 

  • Email, SSL
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

ScanAlert Test Levels Explanations

So you've signed up for ScanAlert and have your weekly report. If you have notices, here are what...

WebSite Directory Index Vulnerability

Scanalert's "WebSite Directory Index Vulnerability" simply means that if someone goes to a...

Scanalert Warning: The remote host appears to be using a version of OpenSSL which is older than 0.9.6j or 0.9.7b

The OpenSSL version has actually been patched on our servers for more than a year when the...

Scanalert Warning: The remote host appears to have 10 or more open ports

This is part of how the system operates. We have substantial firewalls in place, however since we...

Excessive Open Ports

ScanAlert, HackerSafe, HackerGuardian and HackerProof are the main contenders on the web when it...