Note: This is an archival copy of Security Sun Alert 201753 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001293.1. |
Category Security Release Phase Resolved Sun Grid Engine 6 Sun Grid Engine 5.3 Bug Id 6480580 Date of Workaround Release 13-OCT-2006 Date of Resolved Release 31-JAN-2007 Impact Security vulnerabilities in OpenSSL (openssl(5)) affect Sun Grid Engine (SGE) 5.3 and N1 Grid Engine 6.0, and may allow a local or remote unprivileged user to create a Denial of Service (DoS) condition if the installation is configured in CSP mode. A detailed description of the OpenSSL security issues can be found at http://www.openssl.org/news/secadv_20060928.txt which corresponds to the following documents: CVE-2006-2937 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 CVE-2006-2940 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 CVE-2006-3738 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 CVE-2006-2937 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 Contributing Factors These issues can occur in the following releases: SPARC Platform
x86 Platform
Linux Platform
Windows
HP-UX
AIX
Mac OS
IRIX
Note: The described issues can only occur on the Sun Grid systems listed above when configured in Certificate Security Protocol (CSP) mode. To determine if a system is configured in CSP mode, the following command can be used: $ grep security_mode $SGE_ROOT/default/common/bootstrap If a system is configured in CSP mode, the output of the above command will indicate "security_mode csp". Symptoms There are no predictable symptoms that would indicate the described issues have been exploited. Workaround There is no workaround for these issues. Please see the Resolution section below. Resolution These issues are addressed in the following releases: SPARC Platform
x86 Platform
Linux Platform
Windows
HP-UX
AIX
Mac OS
IRIX
Note: Sun Grid Engine 5.3 for all platforms will require an upgrade to N1 Grid Engine 6.0 with the appropriate patches to resolve this issue. Modification History Date: 31-JAN-2007 31-Jan-2007:
References124523-01124524-01 124525-01 124526-01 124527-01 124528-01 124529-01 124530-01 124531-01 124532-01 124533-01 124534-01 124519-01 124520-01 124521-01 124522-01 Attachments This solution has no attachment |
|