Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1007997.1
Update Date:2012-08-31
Keywords:

Solution Type  Technical Instruction Sure

Solution  1007997.1 :   Mid-range Sun Fire[TM] Servers System Controller SSH Security  


Related Items
  • Sun Netra 1280 Server
  •  
  • Sun Fire 3800 Server
  •  
  • Sun Fire 6800 Server
  •  
  • Sun Fire E2900 Server
  •  
  • Sun Fire 4810 Server
  •  
  • Sun Fire V1280 Server
  •  
  • Sun Fire 4800 Server
  •  
  • Sun Fire E6900 Server
  •  
  • Sun Netra 1290 Server
  •  
  • Sun Fire E4900 Server
  •  
Related Categories
  • PLA-Support>Sun Systems>SPARC>Enterprise>SN-SPARC: Exx00
  •  
  • .Old GCS Categories>Sun Microsystems>Servers>Entry-Level Servers
  •  
  • .Old GCS Categories>Sun Microsystems>Servers>Midrange Servers
  •  
  • .Old GCS Categories>Sun Microsystems>Servers>Midrange V and Netra Servers
  •  

PreviouslyPublishedAs
211031


Applies to:

Sun Fire E6900 Server - Version All Versions and later
Sun Netra 1280 Server - Version All Versions and later
Sun Netra 1290 Server - Version All Versions and later
Sun Fire V1280 Server - Version All Versions and later
Sun Fire 3800 Server - Version All Versions and later
All Platforms

Goal

 List of security alerts fixed in the version of SSH used on the Sun Fire[TM] System Controller.

The version of SSH used on the mid-range Sun Fire[TM] v1280/3800/4800/4810/6800//E2900/E4900/E6900 & Netra[TM] 1280/1290 System Controller (SC) is based on OpenSSH 3.0.2p1.  That release has several security alerts associated with it which are fixed in the version of SSH used on our system controller.

Fix

 

The following issues associated with OpenSSH 3.0.2p1 are either fixed, or do not apply to all releases of SSH on the Sun Fire[TM] System Controller (SC):

CERT Advisory CA-2002-18
http://www.cert.org/advisories/CA-2002-18.html

CVE-2002-0083/Vulnerability Note VU#408419
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0083

CERT Advisory #CA-2003-24
http://www.cert.org/advisories/CA-2002-18.html

CERT Advisory #CA-2002-0640
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0640

CERT Advisory #CA-2002-0639
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0639

CERT Advisory #CA-2001-0872
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0872

BUGTRAQ:20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability]
http://marc.theaimsgroup.com/?l=bugtraq&m=100749779131514&w=2

VULN-DEV:20011205 OpenSSH UseLogin proof of concept exploit
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100747128105913&w=2

CERT Advisory #CA-2007-4995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995

CERT Advisory #CA-2007-5135
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135

CERT Advisory #CA-2008-1483

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483

CERT Advisory #CA-2003-0682

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0682

CERT Advisory #CA-CVE-2003-0693

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0693

CERT Advisory #CA-CVE-2003-0695

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0695

CERT Advisory #CA-CVE-2003-0386

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0386

CERT Advisory #CA-CVE-2002-0575

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0575



 

 

The system controller's SSH is written by TeamF1, their product is called SSHield 1.6.1.

You will not find any of the alerts mentioned in this document listed in any ScApp bug list. They were fixed in SSHield before we released SSH in 5.16.0.

 


Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback