Date: Mon, 19 Jul 2004 15:49:31 -0400 From: Bill Moran <wmoran@potentialtech.com> To: Ray Seals <rseals@vdsi.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Nessus scan of FreeBSD 5.2.1 shows old version of ssh Message-ID: <20040719154931.2c15693d.wmoran@potentialtech.com> In-Reply-To: <1090257278.579.9.camel@mgl.magellanhealth.com> References: <1090257278.579.9.camel@mgl.magellanhealth.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ray Seals <rseals@vdsi.net> wrote: > I just ran a Nessus scan against one of my machines. The scan triggered > on a version of ssh older than 3.7.1. > > I ran /usr/bin/ssh -v and found that I have version 3.6.1p1. I'm > looking for the best way to upgrade this. Can I just install and run > 'portupgrade' on SSH? What are some of the "gotcha" points on doing > this? You're about the third person in as many months who's pointed out how stupid Nessis. The version in FreeBSD is NOT vulnerable, it's just that Nessis isn't aware of all the various version numbers that have had this problem patched. If you want to silence Nessis, however, the other responder had some good suggestions. -- Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040719154931.2c15693d.wmoran>