![]() | Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition | ||
|
|
![]() |
||||||||||||
Solution Type Technical Instruction Sure Solution 1007997.1 : Mid-range Sun Fire[TM] Servers System Controller SSH Security
PreviouslyPublishedAs 211031 Applies to:Sun Fire E6900 Server - Version All Versions and laterSun Netra 1280 Server - Version All Versions and later Sun Netra 1290 Server - Version All Versions and later Sun Fire V1280 Server - Version All Versions and later Sun Fire 3800 Server - Version All Versions and later All Platforms GoalList of security alerts fixed in the version of SSH used on the Sun Fire[TM] System Controller. The version of SSH used on the mid-range Sun Fire[TM] v1280/3800/4800/4810/6800//E2900/E4900/E6900 & Netra[TM] 1280/1290 System Controller (SC) is based on OpenSSH 3.0.2p1. That release has several security alerts associated with it which are fixed in the version of SSH used on our system controller. Fix
The following issues associated with OpenSSH 3.0.2p1 are either fixed, or do not apply to all releases of SSH on the Sun Fire[TM] System Controller (SC): CERT Advisory CA-2002-18 CERT Advisory #CA-2003-24 CERT Advisory #CA-2002-0640 CERT Advisory #CA-2001-0872 BUGTRAQ:20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability] VULN-DEV:20011205 OpenSSH UseLogin proof of concept exploit CERT Advisory #CA-2007-4995 CERT Advisory #CA-2007-5135 CERT Advisory #CA-2008-1483 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 CERT Advisory #CA-2003-0682 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0682 CERT Advisory #CA-CVE-2003-0693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0693 CERT Advisory #CA-CVE-2003-0695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0695 CERT Advisory #CA-CVE-2003-0386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0386 CERT Advisory #CA-CVE-2002-0575 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0575
The system controller's SSH is written by TeamF1, their product is called SSHield 1.6.1. You will not find any of the alerts mentioned in this document listed in any ScApp bug list. They were fixed in SSHield before we released SSH in 5.16.0.
Attachments This solution has no attachment |
||||||||||||
|