Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1007997.1
Update Date:2012-08-31
Keywords:
Solution Type  Technical Instruction Sure

Solution  1007997.1 :   Mid-range Sun Fire[TM] Servers System Controller SSH Security  

Related Items 
    

  • Sun Netra 1280 Server
    •  
  • Sun Fire 3800 Server
    •  
  • Sun Fire 6800 Server
    •  
  • Sun Fire E2900 Server
    •  
  • Sun Fire 4810 Server
    •  
  • Sun Fire V1280 Server
    •  
  • Sun Fire 4800 Server
    •  
  • Sun Fire E6900 Server
    •  
  • Sun Netra 1290 Server
    •  
  • Sun Fire E4900 Server
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>SPARC>Enterprise>SN-SPARC: Exx00
    •  
  • .Old GCS Categories>Sun Microsystems>Servers>Entry-Level Servers
    •  
  • .Old GCS Categories>Sun Microsystems>Servers>Midrange Servers
    •  
  • .Old GCS Categories>Sun Microsystems>Servers>Midrange V and Netra Servers
    •  

PreviouslyPublishedAs
211031 


Applies to: 

Sun Fire E6900 Server - Version All Versions and later
Sun Netra 1280 Server - Version All Versions and later
Sun Netra 1290 Server - Version All Versions and later
Sun Fire V1280 Server - Version All Versions and later
Sun Fire 3800 Server - Version All Versions and later
All Platforms



Goal


 List of security alerts fixed in the version of SSH used on the Sun Fire[TM] System Controller.


The version of SSH used on the mid-range Sun Fire[TM] v1280/3800/4800/4810/6800//E2900/E4900/E6900 & Netra[TM] 1280/1290 System Controller (SC) is based on OpenSSH 3.0.2p1.  That release has several security alerts associated with it which are fixed in the version of SSH used on our system controller.


Fix


 


The following issues associated with OpenSSH 3.0.2p1 are either fixed, or do not apply to all releases of SSH on the Sun Fire[TM] System Controller (SC):


CERT Advisory CA-2002-18

http://www.cert.org/advisories/CA-2002-18.html



CVE-2002-0083/Vulnerability Note VU#408419

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0083


CERT Advisory #CA-2003-24

http://www.cert.org/advisories/CA-2002-18.html


CERT Advisory #CA-2002-0640

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0640



CERT Advisory #CA-2002-0639

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0639


CERT Advisory #CA-2001-0872

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0872


BUGTRAQ:20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability]

http://marc.theaimsgroup.com/?l=bugtraq&m=100749779131514&w=2


VULN-DEV:20011205 OpenSSH UseLogin proof of concept exploit

http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100747128105913&w=2


CERT Advisory #CA-2007-4995

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995


CERT Advisory #CA-2007-5135

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135


CERT Advisory #CA-2008-1483


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483



CERT Advisory #CA-2003-0682 


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0682



CERT Advisory #CA-CVE-2003-0693


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0693



CERT Advisory #CA-CVE-2003-0695 


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0695



CERT Advisory #CA-CVE-2003-0386 


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0386



CERT Advisory #CA-CVE-2002-0575 


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0575










 




 


The system controller's SSH is written by TeamF1, their product is called SSHield 1.6.1.


You will not find any of the alerts mentioned in this document listed in any ScApp bug list. They were fixed in SSHield before we released SSH in 5.16.0.


 





Attachments

This solution has no attachment


















       

Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.

 Feedback