Penetration Testing mailing list archives
Re: Patch management tool
From: James Riden <j.riden () massey ac nz>
Date: Fri, 10 Sep 2004 12:59:25 +1200
"Todd Towles" <toddtowles () brookshires com> writes:
Patrick is right, Red Hat will patch services but doesn't change the default version number in their banners. That way, you don't really know what level a service is, if you are trying to attack it. I did a "rpm -q OpenSSH" and it came back with a older version. Maybe it was patched and I couldn't tell..it is possible. But I know for sure I I can't remember the term for this process (patching without changing the presented version) but I do know that RH does it.
% rpm -q kernel kernel-2.4.22-1.2188.nptl 2.4.22 is the kernel version that was used as the base 1.2188 is a number that presumably means something to someone at Red Hat. Redhat tend to backport security fixes into their current version - this is done for stability reasons. When they do this, they rev the number after the last '-', e.g. as in openssh-3.6.1p2-19.
This is a cool trick but in my mind it doesn't protect you very much.
It does protect you - the fix is there, but it does mean you get e.g. nessus reporting openssh as vulnerable when it's not. -- James Riden / j.riden () massey ac nz / Systems Security Engineer GPG public key available at: http://www.massey.ac.nz/~jriden/ This post does not necessarily represent the views of my employer. ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- RE: Patch management tool, (continued)
- RE: Patch management tool roman one (Sep 07)
- Re: Patch management tool Jose Maria Lopez (Sep 07)
- RE: Patch management tool Todd Towles (Sep 07)
- RE: Patch management tool Steffen Kluge (Sep 09)
- Re: Patch management tool Jérôme (Sep 07)
- Re: Patch management tool Jose Maria Lopez (Sep 08)
- RE: Patch management tool Harper, Patrick (Sep 09)
- RE: Patch management tool R. DuFresne (Sep 10)
- RE: Patch management tool Todd Towles (Sep 09)
- Re: Patch management tool Kurt Seifried (Sep 10)
- Re: Patch management tool James Riden (Sep 12)
- RE: Patch management tool Todd Towles (Sep 09)
- RE: Patch management tool Les Bell (Sep 11)