From owner-freebsd-questions@FreeBSD.ORG Fri Feb 25 20:15:10 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CC3F16A4CE for ; Fri, 25 Feb 2005 20:15:10 +0000 (GMT) Received: from mx1.sohotech.ca (mx1.sohotech.ca [64.26.169.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB1DF43D2D for ; Fri, 25 Feb 2005 20:15:09 +0000 (GMT) (envelope-from greg@grokking.org) Received: from localhost (unknown [127.0.0.1]) by mx1.sohotech.ca (Postfix) with ESMTP id 10C801771FD for ; Fri, 25 Feb 2005 15:15:09 -0500 (EST) Received: from mx1.sohotech.ca ([127.0.0.1]) by localhost (mx1.sohotech.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 60102-06 for ; Fri, 25 Feb 2005 15:15:05 -0500 (EST) Received: from [192.168.1.6] (chomsky.sohotech.ca [192.168.1.6]) by mx1.sohotech.ca (Postfix) with ESMTP id 93DD01769DC for ; Fri, 25 Feb 2005 15:15:05 -0500 (EST) Message-ID: <421F874A.4030307@grokking.org> Date: Fri, 25 Feb 2005 15:15:06 -0500 From: "greg@grokking.org" User-Agent: Mozilla Thunderbird 1.0 (X11/20041223) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20050225195523.13893.qmail@web90103.mail.scd.yahoo.com> In-Reply-To: <20050225195523.13893.qmail@web90103.mail.scd.yahoo.com> X-Enigmail-Version: 0.89.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at sohotech.ca Subject: Re: updating system version of OpenSSH X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Feb 2005 20:15:10 -0000 David Newman wrote: > What is the procedure for patching/updating system > version of OpenSSH on an FBSD 5.2.1 box? > > I used the excellent Rootkit Hunter security > assessment tool: > > http://www.rootkit.nl/projects/rootkit_hunter.html > > and it found that I'm running OpenSSH 3.6.1p1, which > has at least one vulnerability. > > I only know how to install/upgrade from ports. OpenSSH > is part of the ports collection, but the build I'm > running was included with the OS. > > What's the right way to proceed here? > > thanks > Someone please correct me if I'm wrong on this but I believe rkhunter is just checking the version 3.6.1 and doesn't account for the 'p1' part which refers to a FBSD patch that corrected the vulnerability rkhunter is referring to. IOW, I don't think you need to update ssh on 5.2.1 if your motive is merely that rkhunter flagged it. To be sure, check the older security advisories at freebsd.org and I bet you'll find a reference to it. G