Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition | |||
|
|
Solution Type Technical Instruction Sure Solution 1007997.1 : Mid-range Sun Fire[TM] Servers System Controller SSH Security
PreviouslyPublishedAs 211031 Description List of security alerts fixed in the version of SSH used on the Sun Fire[TM] System Controller. The version of SSH used on the mid-range Sun Fire[TM] v1280/3800/4800/4810/6800//E2900/E4900/E6900 & Netra[TM] 1280/1290 System Controller (SC) is based on OpenSSH 3.0.2p1. That release has several security alerts associated with it which are fixed in the version of SSH used on our system controller. Steps to Follow The following issues associated with OpenSSH 3.0.2p1 are either fixed, or do not apply to all releases of SSH on the Sun Fire[TM] System Controller (SC): CERT Advisory
CA-2002-18 CERT Advisory
#CA-2003-24 CERT Advisory
#CA-2002-0640 CERT Advisory
#CA-2001-0872 BUGTRAQ:20011204 [Fwd:
OpenSSH 3.0.2 fixes UseLogin
vulnerability] VULN-DEV:20011205
OpenSSH UseLogin proof of concept
exploit CERT Advisory
#CA-2007-4995 CERT Advisory
#CA-2007-5135 CERT Advisory #CA-2008-1483 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 CERT Advisory #CA-2003-0682 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0682 CERT Advisory #CA-CVE-2003-0693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0693 CERT Advisory #CA-CVE-2003-0695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0695 CERT Advisory #CA-CVE-2003-0386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0386 CERT Advisory #CA-CVE-2002-0575 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0575
Product Sun Fire V1280 Server Sun Fire E6900 Server Sun Fire E4900 Server Sun Fire E2900 Server Sun Fire 6800 Server Sun Fire 4810 Server Sun Fire 4800 Server Sun Fire 3800 Server Sun Netra 1290 Server Netra 1280 Server Internal Comments Internal Only Information The system controller's SSH is written by TeamF1, their product is called SSHield 1.6.1. You will not find any of the alerts mentioned in this document listed in any ScApp bug list. They were fixed in SSHield before we released SSH in 5.16.0. serengeti, ssh, CERT, security, Advisory, ScApp Previously Published As 85845 Change History Date: 2006-06-06 User Name: 97961 Action: Approved Comment: - Changed title to reflect the problem statement better - Converted to STM formatting for better readability - Corrected usage of trademarking Version: 3 Date: 2006-06-06 User Name: 97961 Action: Accept Comment: Version: 0 Date: 2006-06-06 User Name: 71349 Action: Approved Comment: Good information. Version: 0 Date: 2006-06-06 Attachments This solution has no attachment |
||||||||||||
|