Note: This is an archival copy of Security Sun Alert 201753 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001293.1.
Sun Grid Engine 6
Sun Grid Engine 5.3
Date of Workaround Release
Date of Resolved Release
Security vulnerabilities in OpenSSL (openssl(5)) affect Sun Grid Engine (SGE) 5.3 and N1 Grid Engine 6.0, and may allow a local or remote unprivileged user to create a Denial of Service (DoS) condition if the installation is configured in CSP mode.
A detailed description of the OpenSSL security issues can be found at
which corresponds to the following documents:
CVE-2006-2937 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
CVE-2006-2940 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
CVE-2006-3738 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
CVE-2006-2937 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
These issues can occur in the following releases:
Note: The described issues can only occur on the Sun Grid systems listed above when configured in Certificate Security Protocol (CSP) mode.
To determine if a system is configured in CSP mode, the following command can be used:
$ grep security_mode $SGE_ROOT/default/common/bootstrap
If a system is configured in CSP mode, the output of the above command will indicate "security_mode csp".
There are no predictable symptoms that would indicate the described issues have been exploited.
There is no workaround for these issues. Please see the Resolution section below.
These issues are addressed in the following releases:
Note: Sun Grid Engine 5.3 for all platforms will require an upgrade to N1 Grid Engine 6.0 with the appropriate patches to resolve this issue.
This solution has no attachment