Mid-range Sun Fire[TM] Servers System Controller SSH Security

Asset ID:	1-71-1007997.1
Update Date:	2010-07-06
Keywords:

Solution Type Technical Instruction Sure

Solution 1007997.1 : Mid-range Sun Fire[TM] Servers System Controller SSH Security

Related Items


Sun Fire E6900 Server
 Sun Fire 3800 Server
 Sun Fire 6800 Server
 Sun Netra 1280 Server
 Sun Fire E4900 Server
 Sun Fire 4800 Server
 Sun Fire V1280 Server
 Sun Fire E2900 Server
 Sun Netra 1290 Server
 Sun Fire 4810 Server

Related Categories


GCS>Sun Microsystems>Servers>Midrange V and Netra Servers
 GCS>Sun Microsystems>Servers>Entry-Level Servers
 GCS>Sun Microsystems>Servers>Midrange Servers

PreviouslyPublishedAs
211031

Description
List of security alerts fixed in the version of SSH used on the Sun Fire[TM] System Controller.

The version of SSH used on the mid-range Sun Fire[TM] v1280/3800/4800/4810/6800//E2900/E4900/E6900 & Netra[TM] 1280/1290 System Controller (SC) is based on OpenSSH 3.0.2p1. That release has several security alerts associated with it which are fixed in the version of SSH used on our system controller.

Steps to Follow
The following issues associated with OpenSSH 3.0.2p1 are either fixed, or do not apply to all releases of SSH on the Sun Fire[TM] System Controller (SC):

CERT Advisory CA-2002-18
http://www.cert.org/advisories/CA-2002-18.html

CVE-2002-0083/Vulnerability Note VU#408419
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0083

CERT Advisory #CA-2003-24
http://www.cert.org/advisories/CA-2002-18.html

CERT Advisory #CA-2002-0640
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0640

CERT Advisory #CA-2002-0639
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0639

CERT Advisory #CA-2001-0872
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0872

BUGTRAQ:20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability]
http://marc.theaimsgroup.com/?l=bugtraq&m=100749779131514&w=2

VULN-DEV:20011205 OpenSSH UseLogin proof of concept exploit
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100747128105913&w=2

CERT Advisory #CA-2007-4995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995

CERT Advisory #CA-2007-5135
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135

CERT Advisory #CA-2008-1483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 
CERT Advisory #CA-2003-0682 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0682
CERT Advisory #CA-CVE-2003-0693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0693
CERT Advisory #CA-CVE-2003-0695 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0695
CERT Advisory #CA-CVE-2003-0386 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0386
CERT Advisory #CA-CVE-2002-0575 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0575

Product
Sun Fire V1280 Server
Sun Fire E6900 Server
Sun Fire E4900 Server
Sun Fire E2900 Server
Sun Fire 6800 Server
Sun Fire 4810 Server
Sun Fire 4800 Server
Sun Fire 3800 Server
Sun Netra 1290 Server
Netra 1280 Server

Internal Comments
Internal Only Information

The system controller's SSH is written by TeamF1, their product is called SSHield 1.6.1.

You will not find any of the alerts mentioned in this document listed in any ScApp bug list. They were fixed in SSHield before we released SSH in 5.16.0.

serengeti, ssh, CERT, security, Advisory, ScApp
Previously Published As
85845

Change History
Date: 2006-06-06
User Name: 97961
Action: Approved
Comment: - Changed title to reflect the problem statement better
- Converted to STM formatting for better readability
- Corrected usage of trademarking
Version: 3
Date: 2006-06-06
User Name: 97961
Action: Accept
Comment:
Version: 0
Date: 2006-06-06
User Name: 71349
Action: Approved
Comment: Good information.
Version: 0
Date: 2006-06-06

Attachments

This solution has no attachment