Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7048
Views
10
Helpful
10
Replies

FreeBSD

Go to solution
mynetapp_
Level 1
Level 1

‎02-15-2016 02:40 AM

We are running the latest software version 9.7.0-125 and the vulnerability scanner is Nessus. According to FreeBSD the Engineering Release version 9.2 is end of support whereas version 9 Stable Release support is 31/12/2016.

Is it reasonable to confirm with Cisco that the Nessus output is false positive or is there an alternative patch for this?

I assume that CISCO ESA is using a modified version of FreeBSD, that the above is irrelevant, I am correct this in thought process.

2 people had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Aditya Chaganti
Level 1
Level 1
In response to mynetapp_

‎02-17-2016 03:04 AM

We had similar problems and upon raising a support incident, we were informed that Cisco was aware of this and FreeBSD version in asyncOS would be upgraded in version 10.x 

Hope this information helps.

View solution in original post

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee
In response to mynetapp_

‎02-22-2016 12:11 PM

AsyncOS 10.x for Email Security is tracking at this time for June 2016 release, pending successful Beta and Beta exit.  And yes, to confirm to the current thread, FreeBSD 10 is one of the Beta features being incorporated and tested.

-Robert

Cheers,
Robert Sherwin

View solution in original post

10 Replies 10

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎02-15-2016 08:17 PM

Hello,


It depends on what the vulnerability the scanner is picking up  -- we could perhaps provide more information if it's within scope.

However the ESA does run a modified version of FreeBSD

Regards,

Matthew

0 Helpful

Go to solution
mynetapp_
Level 1
Level 1
In response to Mathew Huynh

‎02-16-2016 11:26 PM

Nessus has identified that the version of FreeBSD is 9.2 and reports this finding as critical, as running an unsupported OS is non-PCI compliant.

It is not a vulnerability (no CVE) but rather a finding. It is similar to running WindowsXP in a PCI environment. I do understand that AsyncOS is a modified version of FreeBSD but still it is up to audit interpretation if this is sufficient enough.

0 Helpful

Go to solution
Aditya Chaganti
Level 1
Level 1
In response to mynetapp_

‎02-17-2016 03:04 AM

We had similar problems and upon raising a support incident, we were informed that Cisco was aware of this and FreeBSD version in asyncOS would be upgraded in version 10.x 

Hope this information helps.

Go to solution
mynetapp_
Level 1
Level 1
In response to Aditya Chaganti

‎02-22-2016 11:32 AM

Does anyone have an idea when 10.x is to be released?

Thanks Aditya and Mathew for the replies.

0 Helpful

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee
In response to mynetapp_

‎02-22-2016 12:11 PM

AsyncOS 10.x for Email Security is tracking at this time for June 2016 release, pending successful Beta and Beta exit.  And yes, to confirm to the current thread, FreeBSD 10 is one of the Beta features being incorporated and tested.

-Robert

Cheers,
Robert Sherwin

Go to solution
mynetapp_
Level 1
Level 1
In response to Robert Sherwin

‎02-26-2018 12:48 AM

Hi, coming back to this again.

In order to get FreeBSD 10.x, is it required to reinitialize the device, or with the upgrade is it applied.

We are now running version 11 and noticed that the FreeBSD is still reported as version 9.3.

I'm now trying to identify in the is a reporting error or something else.

 

 

0 Helpful

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee
In response to mynetapp_

‎02-26-2018 10:56 AM

The FreeBSD version that our AsyncOS relies on is only upgraded from Cisco w/in the OS itself.

 

If you are running 11.0 or 11.1, you should be running:

FreeBSD <hostname> 10.1-RELEASE FreeBSD 10.1-RELEASE #0: Fri Jan 19 19:58:49 IST 2018

 

I verified the above from my lab on 11.1.0-069.

 

How were you detecting that you are only running 9.3?

 

 

 

Cheers,
Robert Sherwin
0 Helpful

Go to solution
mynetapp_
Level 1
Level 1
In response to Robert Sherwin

‎02-26-2018 11:07 AM

Thanks for the reply.
The security department has a software analysis tool, I don’t have the details
I’m curious to know if you upgrade from version AsyncOS 9.7 to version 11, does the FreeBSD also get upgraded or only patched. Version 9.7 was running was running FreeBSD 9.3 and version 11.0 should be running 10.0. I don’t know how to detect the underlying OS, so I can’t confirm in manually, to also test in my lab.
See attached screen grab, sorry for the black blob, but you can understand 😊.
[cid:image001.png@01D3AF45.B6EA02B0]
0 Helpful

Go to solution
mynetapp_
Level 1
Level 1
In response to Robert Sherwin

‎02-26-2018 10:41 PM

The answer to how it is identified, they are using Nessus Professional.

0 Helpful

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee
In response to Robert Sherwin

‎02-27-2018 07:23 AM

I do not see the image you posted in the reply.

 

But, anytime that the AsyncOS version is upgraded, it will upgrade the underlying OS that we base the version on.  There should be no patching, or any cause that there would be a version mis-match.  You can open a support tunnel to the appliance, and we can work to provide the direct 'uname' output for you, if needed.

 

Looking @ Nessus scan I ran against my 11.1.0-069 build:

 

nessus_scan.png

 

And looking @ Metasploit scan that I ran against my 11.1.0-069 build:

 

metasploit.png

 

Hope this helps.

 

Cheers,
Robert Sherwin
0 Helpful
Customers Also Viewed These Support Documents