Re: Nessus scan of FreeBSD 5.2.1 shows old version of ssh
On Mon, 19 Jul 2004, Ray Seals wrote: > I just ran a Nessus scan against one of my machines. The scan triggered > on a version of ssh older than 3.7.1. It's a false positive. Nessus just checks the version number, it doesn't try to exploit the vulnerability to find if the system is indeed vulnerable. The sshd version in FreeBSD is older, but it's patched and not vulnerable. Don't worry about it. > > I ran /usr/bin/ssh -v and found that I have version 3.6.1p1. I'm Fer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Nessus scan of FreeBSD 5.2.1 shows old version of ssh
Ray Seals <[EMAIL PROTECTED]> wrote: > I just ran a Nessus scan against one of my machines. The scan triggered > on a version of ssh older than 3.7.1. > > I ran /usr/bin/ssh -v and found that I have version 3.6.1p1. I'm > looking for the best way to upgrade this. Can I just install and run > 'portupgrade' on SSH? What are some of the "gotcha" points on doing > this? You're about the third person in as many months who's pointed out how stupid Nessis. The version in FreeBSD is NOT vulnerable, it's just that Nessis isn't aware of all the various version numbers that have had this problem patched. If you want to silence Nessis, however, the other responder had some good suggestions. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Nessus scan of FreeBSD 5.2.1 shows old version of ssh
Well if you realy want the latest openssh install openssh from ports (portinstall openssh or portinstall openssh-portable) you will have to use portable to build with pam if I remember rightly. The version in the base system does not actualy have the vulnerability Nessus is refering to as it was patched umm 2003-10-05 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:15.openssh.a sc In terms of gotchas there arent many, Read /usr/ports/security/openssh(-portable)/pkg-message And unless you use the OPENSSH_OVERWRITE_BASE option I think you may have to manualy move your existing hostkeys to /usr/local/etc and re-edit the new Config files (I could be wrong here as it's a while since I bothered changing from the version in base) Vince > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ray Seals > Sent: 19 July 2004 18:15 > To: [EMAIL PROTECTED] > Subject: Nessus scan of FreeBSD 5.2.1 shows old version of ssh > > I just ran a Nessus scan against one of my machines. The > scan triggered on a version of ssh older than 3.7.1. > > I ran /usr/bin/ssh -v and found that I have version 3.6.1p1. > I'm looking for the best way to upgrade this. Can I just > install and run 'portupgrade' on SSH? What are some of the > "gotcha" points on doing this? > > -- > Ray Seals <[EMAIL PROTECTED]> > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
