From owner-freebsd-questions@FreeBSD.ORG  Mon Jul 19 19:49:33 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D009416A4D5
	for <freebsd-questions@FreeBSD.ORG>;
	Mon, 19 Jul 2004 19:49:33 +0000 (GMT)
Received: from internet.potentialtech.com (h-66-167-251-6.phlapafg.covad.net
	[66.167.251.6])	by mx1.FreeBSD.org (Postfix) with ESMTP id A341143D46
	for <freebsd-questions@FreeBSD.ORG>;
	Mon, 19 Jul 2004 19:49:33 +0000 (GMT)
	(envelope-from wmoran@potentialtech.com)
Received: from working.potentialtech.com
	(pa-plum-cmts1e-68-68-113-64.pittpa.adelphia.net [68.68.113.64])
	by internet.potentialtech.com (Postfix) with ESMTP id D7BE569A39;
	Mon, 19 Jul 2004 15:49:32 -0400 (EDT)
Date: Mon, 19 Jul 2004 15:49:31 -0400
From: Bill Moran <wmoran@potentialtech.com>
To: Ray Seals <rseals@vdsi.net>
Message-Id: <20040719154931.2c15693d.wmoran@potentialtech.com>
In-Reply-To: <1090257278.579.9.camel@mgl.magellanhealth.com>
References: <1090257278.579.9.camel@mgl.magellanhealth.com>
Organization: Potential Technologies
X-Mailer: Sylpheed version 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd4.9)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Nessus scan of FreeBSD 5.2.1 shows old version of ssh
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jul 2004 19:49:33 -0000

Ray Seals <rseals@vdsi.net> wrote:

> I just ran a Nessus scan against one of my machines.  The scan triggered
> on a version of ssh older than 3.7.1.
> 
> I ran /usr/bin/ssh -v and found that I have version 3.6.1p1.  I'm
> looking for the best way to upgrade this.  Can I just install and run
> 'portupgrade' on SSH?  What are some of the "gotcha" points on doing
> this?

You're about the third person in as many months who's pointed out how
stupid Nessis.

The version in FreeBSD is NOT vulnerable, it's just that Nessis isn't
aware of all the various version numbers that have had this problem
patched.

If you want to silence Nessis, however, the other responder had some
good suggestions.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com