I had the same question about openssh a while ago. Here's the response I got...

I just updated SuSE openssh from 2.9.9p2-141 to 2.9.9p2-154, but Nessus still reports the following...

I thought by updating this package, I wouldn't see the alert messages from Nessus anymore...

(TEXT basically saying that openssh is not current)

Is this normal behavior when it comes to SSH on SuSE? Why does it continue to show as a problem?

Yes, this is normal behavor. NESUS only checks the Service-Version to validate if the service is exploitable or not. NESUS does not try a exploit at all. But our actual ssh-version includes all necesary patches to make ssh secure. The patches are backported to our released ssh-version, because we does not release new version without complete code audit. with kind regards, your SUSE LINUX Support Services-Team -----Original Message----- From: Eric Kahklen [mailto:eric@kahklen.com] Sent: Thursday, March 25, 2004 9:26 AM To: Suse-Security Subject: [suse-security] OpenSSL - Nesus Scan I just ran a nessus scan and it showed OpenSSL vulnerable even though I updated my server when the security fix cam out. Here is the results for OpenSSL. I checked my version and it is OpenSSL 0.9.7b 10 Apr 2003. Either I didn't get my correct version or the update didn't apply. Here is what Nesus said: results|10.0.0|10.0.0.4|https (443/tcp)|11875|Security Hole|The remote host seem to be running a version of OpenSSL which is older than 0.9.6k or 0.9.7c. \n\nThere is a heap corruption bug in this version which might be exploited by an\nattacker to gain a shell on this host.\n\nSolution : If you are running OpenSSL, Upgrade to version 0.9.6k or 0.9.7c or newer\nRisk factor : High\nCVE : CVE-2003-0543, CVE-2003-0544, CVE-2003-0545\nBID : 8732\nOther references : IAVA:2003-A-0027, RHSA:RHSA-2003:291-01, SuSE:SUSE-SA:2003:043\n results|10.0.0|10.0.0.4|www (80/tcp)|11853|Security Warning|\nThe remote host appears to be running a version of Apache 2.x which is older \nthan 2.0.48.\n\nThis version is vulnerable to a bug which may allow a rogue CGI to disable\nthe httpd service by issuing over 4K of data to stderr.\n\nTo exploit this flaw, an attacker would need the ability to upload a rogue\nCGI script to this server and to have it executed by the Apache daemon (httpd).\n\nSolution : Upgrade to version 2.0.48 when it is available\nSee also : http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22030 \nRisk factor : Low\nCVE : CVE-2002-0061, CAN-2003-0789, CAN-2003-0542\nBID : 8926\n Thank you, Eric -- ______________________________________________________________________ Eric Kahklen Seattle, WA -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here