Will bring false positives, read Ubuntu and Debian's updates

xaitax / CVE-2024-6387_Check

CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH

GNU General Public License v3.0

444 stars 84 forks source link

Will bring false positives, read Ubuntu and Debian's updates #4

Closed YotizJ13 closed 3 months ago

YotizJ13 commented 3 months ago

For example, vulnerable OpenSSH on Ubuntu 22.04 'OpenSSH_8.9p1 Ubuntu-3ubuntu0.6', will become 'OpenSSH_8.9p1 Ubuntu-3ubuntu0.10' after the update with the fix.

xaitax commented 3 months ago

Thanks a lot and good point. Was just a quick one. Will update with proper banners hopefully soon.

Cheers, Alex

c4m4 commented 3 months ago

This look like working only on Debian based system

HemeraOne commented 3 months ago

added in an exclusion array https://github.com/xaitax/CVE-2024-6387_Check/pull/10/

xaitax commented 3 months ago

Added exclusion list as mentioned by @HemeraOne