Franco said: > Hi, if i start rkunter it tell me this : > > > - OpenSSL 0.9.7a [ Vulnerable] > - OpenSSH 3.6.1p2 [ Vulnerable] > > > but fedora don't release update, i know that i can upgrade OpenSSH from > rpm and also fron source but i try to upgrade OpenSSL and all seams to > install fine but rkhunter don't see the new installation and tell me that > OpenSSL 0.9.7a is Vulnerable. Checkout question B8 in the rkhunter FAQ. http://www.rootkit.nl/articles/rootkit_hunter_faq.html Like most "vulnerablity scanners", this one is relying on version number. This means it will almost always give you false positives on any Fedora or Red Hat system because of the practice of keeping the stable version and backporting the fixes. http://www.redhat.com/advice/speaks_backport.html -- William Hooper
