Forum Discussion
Modernization of OpenSSH Plugin Coverage Background In an...
Modernization of OpenSSH Plugin Coverage
Background
In an effort to improve the accuracy and maintainability of our OpenSSH vulnerability coverage, Tenable Research has updated our plugins which detect the popular, open source SSH implementation. The impact of these changes upon customers' scans should be minimal.
Changes
Prior to the introduction of these changes, OpenSSH was detected by a generic SSH server plugin. This has been built upon to create a dedicated, remote OpenSSH detection plugin. Prior to making a vulnerability determination, OpenSSH vulnerability plugins will now leverage this new detection to identify installed instances on scan targets. An illustration of scan output before and after the changes may be seen below.
Before:
After:
Additionally, some of the updated plugins have had their requirement for report paranoia removed, following a case by case re-assessment of its necessity for each plugin. Users should see these plugins run successfully in more scenarios, hopefully detecting more outdated and insecure versions of OpenSSH.
Impacted Plugins
A full list of impacted plugins can be seen here.
Release Date
March 27th 2024
3 Replies
Dear @Conor O'Neill , we are observing a lot of new vulns with similar output (plugin id 187201):
Version source : SSH-2.0-OpenSSH_8.7
Installed version : 8.7
Fixed version : 9.6p1 / 9.6
while we have latest available version installed.
We are suspecting that this is a FP - can you confirm that there will be some tweaking of recent changes?
We are also registering a new case with the support.
Hello Mateusz!
We experienced the same in many OS distributions.
Do you have some resolution for the problem since then?
In the meantime Tenable updated the backport.inc file (/nessus/lib/nessus/plugins/backport.inc) in order to correct the backport version detection. As a result of this the number of the false positives are greatly reduced.
