centOS vulnerabilities detected by Nessus [message #53346] |
Thu, 14 June 2018 11:58 |
fvafva
Messages: 8 Registered: June 2018
|
Junior Member |
|
|
Hello,
We are using different versions of openVZ on top of CentOS 6.
Nessus scanner is detecting for example :
The remote host is running Linux Kernel 2.6.32-042stab128.2 on CentOS release 6.9 (Final)
But is reporting the following :
Remote package installed : kernel-2.6.32-696.el6
Should be : kernel-2.6.32-696.6.3.el6
Because it is checking the CentOS version.
My question (I am not familiar enough with openVZ):
stab128. stab129, stab130 ... are all based on different centOS kernels?
Do we have to consider centOS vulnerabilities, like Nessus is doing?
Thanks for your answers.
|
|
|
|
Re: centOS vulnerabilities detected by Nessus [message #53348 is a reply to message #53347] |
Fri, 15 June 2018 09:48 |
fvafva
Messages: 8 Registered: June 2018
|
Junior Member |
|
|
Thaks for your answer.
I agree you include sometimes security fixes that are not yet in RHEL, bravo!
But as Nessus is detecting the RHEL one, and not openVZ one, it is creating some confusion.
For example, if I am using 042stab128.2, Nessus will tell me about vulnerabilities that are in 2.6.32-696.23.1.el6, even if you already fixed them in openVZ.
I would say it is normal behavior, nothing to discuss about that.
But may I consider 042stab128.2 secure? Probably not, as it is not the last version, and 042stab130.1 contains new security fixes.
So every time Nessus is reporting an issue with CentOS version, that probably means I am not up-to-date on openVZ side.
Anyway, thanks for your answer.
|
|
|