Since we have been deploying OpenSSH 3.8p1 I have been consistantly
seeing Nessus misidentify support for SSH protocol 1 but when I go
check by telnet'ing and grabbing the banner it reports that it only
supports SSH protocol 2. I have also inspected the configs and
verified by attempting to use SSH protocol 1 and they definately are
not.
I also found nessus couldn't identify the Netback banner on one of the
many ports Veritas uses. The banner fingerprint and version are
reported below.
Plugin ID: 10881
Vulnerability
ssh(22/tcp)
Medium severity
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.99
. 2.0
Actual response when telnet IPAddress 22
Escape character is '^]'.
SSH-2.0-OpenSSH_3.8p1
False Positive
=================================
Plugin ID: 11154
Vulnerability
bpcd(13782/tcp)
Medium severity
An unknown server is running on this port.
If you know what it is, please send this banner to the Nessus team:
00: 67 65 74 68 6f 73 74 62 79 61 64 64 72 3a 20 45 gethostbyaddr: E
10: 72 72 6f 72 20 30 0a rror 0.
This is Veritas Netbackup 3.5 fp6.
seeing Nessus misidentify support for SSH protocol 1 but when I go
check by telnet'ing and grabbing the banner it reports that it only
supports SSH protocol 2. I have also inspected the configs and
verified by attempting to use SSH protocol 1 and they definately are
not.
I also found nessus couldn't identify the Netback banner on one of the
many ports Veritas uses. The banner fingerprint and version are
reported below.
Plugin ID: 10881
Vulnerability
ssh(22/tcp)
Medium severity
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.99
. 2.0
Actual response when telnet IPAddress 22
Escape character is '^]'.
SSH-2.0-OpenSSH_3.8p1
False Positive
=================================
Plugin ID: 11154
Vulnerability
bpcd(13782/tcp)
Medium severity
An unknown server is running on this port.
If you know what it is, please send this banner to the Nessus team:
00: 67 65 74 68 6f 73 74 62 79 61 64 64 72 3a 20 45 gethostbyaddr: E
10: 72 72 6f 72 20 30 0a rror 0.
This is Veritas Netbackup 3.5 fp6.