Sun Microsystems, Inc.  Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1007997.1
Update Date:2010-07-06
Keywords:

Solution Type  Technical Instruction Sure

Solution  1007997.1 :   Mid-range Sun Fire[TM] Servers System Controller SSH Security  


Related Items
  • Sun Fire E6900 Server
  •  
  • Sun Fire 3800 Server
  •  
  • Sun Fire 6800 Server
  •  
  • Sun Netra 1280 Server
  •  
  • Sun Fire E4900 Server
  •  
  • Sun Fire 4800 Server
  •  
  • Sun Fire V1280 Server
  •  
  • Sun Fire E2900 Server
  •  
  • Sun Netra 1290 Server
  •  
  • Sun Fire 4810 Server
  •  
Related Categories
  • GCS>Sun Microsystems>Servers>Midrange V and Netra Servers
  •  
  • GCS>Sun Microsystems>Servers>Entry-Level Servers
  •  
  • GCS>Sun Microsystems>Servers>Midrange Servers
  •  

PreviouslyPublishedAs
211031


Description
List of security alerts fixed in the version of SSH used on the Sun Fire[TM] System Controller.

The version of SSH used on the mid-range Sun Fire[TM] v1280/3800/4800/4810/6800//E2900/E4900/E6900 & Netra[TM] 1280/1290 System Controller (SC) is based on OpenSSH 3.0.2p1.  That release has several security alerts associated with it which are fixed in the version of SSH used on our system controller.



Steps to Follow
The following issues associated with OpenSSH 3.0.2p1 are either fixed, or do not apply to all releases of SSH on the Sun Fire[TM] System Controller (SC):

CERT Advisory CA-2002-18
http://www.cert.org/advisories/CA-2002-18.html

CVE-2002-0083/Vulnerability Note VU#408419
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0083

CERT Advisory #CA-2003-24
http://www.cert.org/advisories/CA-2002-18.html

CERT Advisory #CA-2002-0640
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0640

CERT Advisory #CA-2002-0639
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0639

CERT Advisory #CA-2001-0872
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0872

BUGTRAQ:20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability]
http://marc.theaimsgroup.com/?l=bugtraq&m=100749779131514&w=2

VULN-DEV:20011205 OpenSSH UseLogin proof of concept exploit
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100747128105913&w=2

CERT Advisory #CA-2007-4995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995

CERT Advisory #CA-2007-5135
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135

CERT Advisory #CA-2008-1483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 
CERT Advisory #CA-2003-0682 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0682
CERT Advisory #CA-CVE-2003-0693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0693
CERT Advisory #CA-CVE-2003-0695 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0695
CERT Advisory #CA-CVE-2003-0386 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0386
CERT Advisory #CA-CVE-2002-0575 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0575





Product
Sun Fire V1280 Server
Sun Fire E6900 Server
Sun Fire E4900 Server
Sun Fire E2900 Server
Sun Fire 6800 Server
Sun Fire 4810 Server
Sun Fire 4800 Server
Sun Fire 3800 Server
Sun Netra 1290 Server
Netra 1280 Server

Internal Comments
Internal Only Information

The system controller's SSH is written by TeamF1, their product is called SSHield 1.6.1.


You will not find any of the alerts mentioned in this document listed in any ScApp bug list. They were fixed in SSHield before we released SSH in 5.16.0.


serengeti, ssh, CERT, security, Advisory, ScApp
Previously Published As
85845

Change History
Date: 2006-06-06
User Name: 97961
Action: Approved
Comment: - Changed title to reflect the problem statement better
- Converted to STM formatting for better readability
- Corrected usage of trademarking
Version: 3
Date: 2006-06-06
User Name: 97961
Action: Accept
Comment:
Version: 0
Date: 2006-06-06
User Name: 71349
Action: Approved
Comment: Good information.
Version: 0
Date: 2006-06-06

Attachments
This solution has no attachment
  Copyright © 2011 Sun Microsystems, Inc.  All rights reserved.
 Feedback