Hi all,

I upgraded from 5.1 to 5.2.1p3 over the weekend, and finished off with a Nessus
scan to check that ssh was the only port visible to the outside world. Despite
a recent (i.e. last Thursday) cvsup to sync the source tree, I'm getting a
high severity warning about a hole in SSH based on the version number reported
(3.6.1p1 FreeBSD-20030924). I'm using the core ssh, not the version from ports.
Does anyone know if this problem is real, or a false-positive?

As an aside, can sshd be prevented from reporting its version number on
connect, or is this something that a client-app needs to know?



[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to