Note: This is an archival copy of Security Sun Alert 200821 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000620.1.
Article ID : 1000620.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-24
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun Linux Vulnerability in OpenSSH May Allow a Remote Unprivileged User to Execute Arbitrary Code


Release Phase

Bug Id

Date of Resolved Release


On Sun Linux 5.0 and Sun Cobalt RaQ550, a vulnerability in OpenSSH may allow a remote unprivileged user to execute arbitrary code with the permissions of the sshd(1M) daemon, typically "root" (uid 0). OpenSSH is a suite of network connectivity tools that can be used to establish encrypted connections between systems on a network.

More information on this issue is available at:

Red Hat Advisory RHSA-2003:279-07 at: and

This issue is described in the CERT Vulnerability VU#333628 at: which is referenced in CERT Advisory CA-2003-24 at:

Contributing Factors

This issue can occur in the following releases:

Sun Linux

  • Sun Linux 5.0 with OpenSSH versions 3.1p1-6 or earlier

Sun Cobalt

  • Sun Cobalt RaQ550 with OpenSSH-3.5p1-1C1stackguard or earlier

The OpenSSH package version can be determined by running the following command:

    # rpm -qa | grep -i openssh

Note: Sun Linux 5.0 is currently shipped with the Sun LX50 Server.


There are no predictable symptoms that would indicate the described issue has been exploited.


Until patches can be applied, sites may wish to disable the secure shell daemon (sshd(1M)). To see if the sshd(1M) server is enabled, run the following command:

    # /sbin/chkconfig --list sshd
sshd      0:off   1:off   2:off   3:on   4:on   5:on   6:off

To temporarily disable OpenSSH for all the run levels:

    # /sbin/chkconfig --del sshd


Sun Linux patches are available at:

Sun Cobalt RaQ550 patches are available at:

Modification History
Date: 13-APR-2005
  • Set State to Resolved

Sun Linux 5.0

This solution has no attachment