Rootkit Hunter & Cpanel (vulnerable versions of software)

[Angel78]

GnuPg 1.2.1,
OpenSSL 0.9.7a
ProFTPd 1.2.9
OpenSSH 3.6.1p2


are shown as vulnerable versions, when rkhunter 1.1.6 is run. Is this true or it's like different versioning system done by RHE 3.0 causes this?

[chirpy]

Have a search on the forum, this has already been explained. Rkhunter is wrong in this regard as RH almost always backports security updates.

[Angel78]

Have a search on the forum, this has already been explained. Rkhunter is wrong in this regard as RH almost always backports security updates.

ok, thank you, I wasnt 100%. sure



those red letters Vulnerable in SSH scared me

[speckados]

A bad response.

OpenSSL/0.9.7a IT?S NOT A SECURE VERSION

On Cpanel it's easy send to administrators to:

Configure Apache + PHP + SuEXEC.

Bat that it's correct response.

Vulneravilitie from OpenSSL/0.9.7a it's a Attack Denial Service it's currently used for crackers.

It' very wrong that a major upgrade for OpenSSL it's not patched to easyapache.

[chirpy]

Nope, you are wrong. If you had done as I advised in my post you wouldn't have made this mistake.

[speckados]

Incorrect?

Perphas my english it's bad.

But I'm very angry.

Too much problems with security on cpanel (35 machines), and all see: "It's you rproblem, it's apache and php not suexec , etc..."

Problem it's a poor worry for security on Cpanel systems.

OpenSSL it's wor ng version.

That it's all folks!!!!

[chirpy]

No, openssl is not the wrong version - you simply haven't bothered to investigate properly as I have already suggested to you.