On Thu Sep 25, 2003 at 04:51:58PM -0400, Albert Whale wrote: > I am running a System Scan on Several machines. The interesting ones to > me are Linux Mandrake 8.2 and 9.1. > > The issue here is that the Scanning Tools (here I am using Nessus), > expect a specific reply in order to accept or reject the applications > which are communicating on the Server. > > Even though the Mandrake OpenSSH software is upgraded to the latest > version (openssh-server-3.6.1p2-1.1.82mdk) available for the package > (from Mandrake), this still does not reflect the package version > supportted for openssh (here being 3.7.1 and above). > > So how do we simplify this Version Numbering and conform with the > Expected results?
If you come up with a good idea, let me know. Changing the version number of openssh to 3.7.1p2 (when it's in fact 3.6.1p2) isn't a good idea. I also take the results given from scanners like nessus with a grain of salt... there's only so much a version number can tell you. -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
