From owner-freebsd-questions@FreeBSD.ORG Mon May 24 12:23:46 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 09EC016A4CF for ; Mon, 24 May 2004 12:23:46 -0700 (PDT) Received: from mail.x9media.com (mail.x9media.com [81.209.147.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6DFE43D2D for ; Mon, 24 May 2004 12:23:44 -0700 (PDT) (envelope-from thomas.may@x9media.com) X-AuthUser: thomas.may@x9media.com Received: from PC01 (217.226.41.134:12410) by mail.x9media.com with [XMail 1.19 (FreeBSD/Ix86) ESMTP Server] ; Mon, 24 May 2004 21:32:10 +0200 From: "Thomas May" To: Date: Mon, 24 May 2004 21:22:40 +0200 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Thread-Index: AcRBs6p5WxRinrF2TAK9hkKigJkA+A== Message-Id: <20040524192344.E6DFE43D2D@mx1.FreeBSD.org> Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: freebsd 5.2.1 openssh hole X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 May 2004 19:23:46 -0000 Hi, i have installed the new version 5.2.1 and the ports collection from yesterday. i have checked the server with nessus and I got a security hole warning. You are running a version of OpenSSH which is older than 3.7.1 Versions older than 3.7.1 are vulnerable to a flaw in the buffer management functions which might allow an attacker to execute arbitrary commands on this host. What can I do ? I have installed openssl from the ports tree, but I got the same error. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.689 / Virus Database: 450 - Release Date: 21.05.2004