Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1554129.1
Update Date:2013-08-14
Keywords:
Solution Type  Problem Resolution Sure

Solution  1554129.1 :   OpenSSH Privilege Separation Monitor Vulnerability on a Brocade switch.  

Related Items 
    

  • Brocade 4900 Switch
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>DISK>Switch>SN-DK: Brocade Switch
    •  






In this Document


Symptoms


Cause


Solution



Created from <SR 3-7218880931>


Applies to:  

Brocade 4900 Switch - Version Not Applicable to Not Applicable [Release N/A]
Information in this document applies to any platform.



Symptoms


Security vulnerability picked up by scan of network and determined a possible OpenSSH vulnerability on Brocade switches which were running FOS version 5.2.0a.

The vulnerability concern was  with OpenSSH Privilege Separation Monitor Vulnerability.

The vulnerability was fixed in OpenSSH 4.5 or later.


To discuss this information further with Oracle experts and industry peers, we encourage you to review, join or start a discussion in the My Oracle Support Community - Disk/Tape Storage Area Networks


Cause


 The security scan picked up the vulnerability on the switch because the FOS version on the switch contained a version of OpenSSH that is below version 4.5.


Solution


 The following is a doc from the Brocade knowledgebase explaining the vulnerability and how to fix it:


FAQ ID:   FAQ3296
Updated:    04/10/2013
Categories:   FOS

 
Context
Security vulnerability scans run on FOS 6.3.x and older may report a Brocade switch as being vulnerable to CVE-2006-5794: Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication.

NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
Answer
The reported vulnerability is present in the version of OpenSSH (version 3.8.1p1) used in FOS 6.3.x and older.

However, no version of FOS OS is exposed to the vulnerability because the Privilege Separation feature is disabled.

Brocade further prevents this issue in FOS v6.4.0, which uses a newer version of OpenSSH (version 5.2p1) that does not contain the vulnerability.
  


Disclaimer
These documents are provided "as is" and without any warranty of any kind, expressed or implied, including, without limitation, any warranty of non-infringement, merchantability, or fitness for a particular purpose. All warranties are expressly disclaimed. User assumes the full risk of using these instructions. In no event shall Brocade be liable for any actual, direct, indirect, punitive, or consequential damages arising from such use, even if advised of the possibility of such damages.


  



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback