Entry-Level and Midrange UltraSparc III, IIIi, and IV Sun Fire[TM] and Netra Servers System Controller SSH Security

Asset ID:	1-71-1007997.1
Update Date:	2017-02-02
Keywords:

Solution Type Technical Instruction Sure

Solution 1007997.1 : Entry-Level and Midrange UltraSparc III, IIIi, and IV Sun Fire[TM] and Netra Servers System Controller SSH Security

Related Items


Sun Netra 1280 Server
 Sun Fire T1000 Server
 Sun Fire V445 Server
 Sun Fire 3800 Server
 Sun Fire E2900 Server
 Sun Fire 6800 Server
 Sun Fire V215 Server
 Sun Fire V440 Server
 Sun Fire 4810 Server
 Sun Netra 240 (DC) Server
 Sun Fire V1280 Server
 Sun Fire V240 Server
 Sun Fire 4800 Server
 Sun Netra 240 (AC) Server
 Sun Fire V125 Server
 Sun Fire V250 Server
 Sun Fire V210 Server
 Sun Netra 210 Server
 Sun Fire V245 Server
 Sun Netra 440 Server
 Sun Fire E4900 Server
 Sun Fire E6900 Server
 Sun Netra 1290 Server

Related Categories


PLA-Support>Sun Systems>SPARC>Enterprise>SN-SPARC: SF-x8x0/Ex900
 _Old GCS Categories>Sun Microsystems>Servers>Entry-Level Servers
 _Old GCS Categories>Sun Microsystems>Servers>Midrange Servers
 _Old GCS Categories>Sun Microsystems>Servers>Midrange V and Netra Servers

PreviouslyPublishedAs
211031

Applies to:

Sun Fire V1280 Server - Version All Versions and later
Sun Fire 3800 Server - Version All Versions and later
Sun Fire 4800 Server - Version All Versions and later
Sun Fire 4810 Server - Version All Versions and later
Sun Netra 210 Server - Version All Versions and later
All Platforms

Goal

To list the security alerts fixed in the version of SSH used on the Sun Fire[TM] and Netra System Controller.

The version of SSH used on the System Controller(SC) for the products listed in the 'Product Section' is based on OpenSSH 3.0.2p1. That release has several security alerts associated with it which are fixed in the version of SSH used on our system controller.

Solution

The following issues associated with OpenSSH 3.0.2p1 are either fixed, or do not apply to all releases of SSH on the Sun Fire[TM] System Controller (SC):

CERT Advisory CA-2002-18
http://www.cert.org/advisories/CA-2002-18.html

CVE-2002-0083/Vulnerability Note VU#408419
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0083

CERT Advisory #CA-2003-24
http://www.cert.org/advisories/CA-2002-18.html

CERT Advisory #CA-2002-0640
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0640

CERT Advisory #CA-2002-0639
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0639

CERT Advisory #CA-2001-0872
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0872

BUGTRAQ:20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability]
http://marc.theaimsgroup.com/?l=bugtraq&m=100749779131514&w=2

VULN-DEV:20011205 OpenSSH UseLogin proof of concept exploit
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100747128105913&w=2

CERT Advisory #CA-2007-4995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995

CERT Advisory #CA-2007-5135
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135

CERT Advisory #CA-2008-1483

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483

CERT Advisory #CA-2003-0682

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0682

CERT Advisory #CA-CVE-2003-0693

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0693

CERT Advisory #CA-CVE-2003-0695

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0695

CERT Advisory #CA-CVE-2003-0386

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0386

CERT Advisory #CA-CVE-2002-0575

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0575

The system controller's SSH is written by TeamF1, their product is called SSHield 1.6.1.

You will not find any of the alerts mentioned in this document listed in any SC firmware bug list. They were fixed in SSHield before Oracle released SSH into our products.

Attachments

This solution has no attachment