|
Note: This is an archival copy of Security Sun Alert 200821 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000620.1. |
Category Security Release Phase Resolved 4923450 Date of Resolved Release 13-APR-2005 Impact On Sun Linux 5.0 and Sun Cobalt RaQ550, a vulnerability in OpenSSH may allow a remote unprivileged user to execute arbitrary code with the permissions of the sshd(1M) daemon, typically "root" (uid 0). OpenSSH is a suite of network connectivity tools that can be used to establish encrypted connections between systems on a network. More information on this issue is available at: Red Hat Advisory RHSA-2003:279-07 at: https://rhn.redhat.com/errata/RHSA-2003-279.html and This issue is described in the CERT Vulnerability VU#333628 at: http://www.kb.cert.org/vuls/id/333628 which is referenced in CERT Advisory CA-2003-24 at: http://www.cert.org/advisories/CA-2003-24.html Contributing Factors This issue can occur in the following releases: Sun Linux
Sun Cobalt
The OpenSSH package version can be determined by running the following command: # rpm -qa | grep -i openssh openssh-3.1p1-6 Note: Sun Linux 5.0 is currently shipped with the Sun LX50 Server. Symptoms There are no predictable symptoms that would indicate the described issue has been exploited. Workaround Until patches can be applied, sites may wish to disable the secure shell daemon (sshd(1M)). To see if the sshd(1M) server is enabled, run the following command: # /sbin/chkconfig --list sshd sshd 0:off 1:off 2:off 3:on 4:on 5:on 6:off To temporarily disable OpenSSH for all the run levels: # /sbin/chkconfig --del sshd Resolution Sun Linux patches are available at: http://sunsolve.sun.com/patches/linux/security.html Sun Cobalt RaQ550 patches are available at: http://sunsolve.sun.com/cobalt Modification History Date: 13-APR-2005
Product Sun Linux 5.0 Attachments This solution has no attachment | |||||||||||||||
|
|