service version disclosure
Kevin Kofler
kevin.kofler at chello.at
Sat Jan 7 04:46:04 UTC 2012
Reindl Harald wrote:
> would it not be a good idea to NOT disclosure service versions?
> https://bugzilla.redhat.com/show_bug.cgi?id=718133
>
> you will more and more have the "problem" of 3rd party
> security scans to your servers and currently in the case
> of openssh the only solution is to tkae the F16-src-rpm
> and rebuild it for your F15 machines
If the scan is looking at the version to determine vulnerability, it is
completely broken, useless and unsupportable, because fixes can be
backported.
Kevin Kofler
More information about the devel
mailing list