Note: This is an archival copy of Security Sun Alert 201753 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001293.1.
Article ID : 1001293.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-01-30
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerabilities In OpenSSL Affect Sun Grid Engine 5.3 and N1 Grid Engine 6.0

Category
Security

Release Phase
Resolved

Product
Sun Grid Engine 6
Sun Grid Engine 5.3

Bug Id
6480580

Date of Workaround Release
13-OCT-2006

Date of Resolved Release
31-JAN-2007

Impact

Security vulnerabilities in OpenSSL (openssl(5)) affect Sun Grid Engine (SGE) 5.3 and N1 Grid Engine 6.0, and may allow a local or remote unprivileged user to create a Denial of Service (DoS) condition if the installation is configured in CSP mode.

A detailed description of the OpenSSL security issues can be found at

http://www.openssl.org/news/secadv_20060928.txt

which corresponds to the following documents:

CVE-2006-2937 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937

CVE-2006-2940 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940

CVE-2006-3738 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738

CVE-2006-2937 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Sun Grid Engine 5.3 (32-bit Solaris)
  • Sun Grid Engine 5.3 (64-bit Solaris)
  • Sun Grid Engine 5.3 (32-bit Solaris) NON-Solaris Package format
  • Sun Grid Engine 5.3 (64-bit Solaris) NON-Solaris Package format
  • Sun N1 Grid Engine 6.0 (32-bit Solaris) without patch 124519-01
  • Sun N1 Grid Engine 6.0 (64-bit Solaris) without patch 124520-01
  • Sun N1 Grid Engine 6.0 (32-bit Solaris) NON-Solaris Package format without patch 124523-01
  • Sun N1 Grid Engine 6.0 (64-bit Solaris) NON-Solaris Package format without patch without patch 124524-01

x86 Platform

  • Sun Grid Engine 5.3
  • Sun Grid Engine 5.3 NON-Solaris Package format
  • Sun N1 Grid Engine 6.0 without patch 124521-01
  • Sun N1 Grid Engine 6.0 NON-Solaris Package format without patch 124525-01
  • Sun N1 Grid Engine 6.0 (x64) without patch 124522-01
  • Sun N1 Grid Engine 6.0 (x64) NON-Solaris Package format without patch 124526-01

Linux Platform

  • Sun Grid Engine 5.3
  • Sun Grid Engine 5.3 (x64)
  • Sun N1 Grid Engine 6.0 without patch 124527-01
  • Sun N1 Grid Engine 6.0 (x64) without patch 124528-01

Windows

  • Sun N1 Grid Engine 6.0 without patch 124534-01

HP-UX

  • Sun N1 Grid Engine 6.0 without patch 124532-01

AIX

  • Sun N1 Grid Engine 6.0 (for AIX 4.3) without patch 124529-01
  • Sun N1 Grid Engine 6.0 (for AIX 5.1) without patch 124530-01

Mac OS

  • Sun N1 Grid Engine 6.0 without patch 124531-01

IRIX

  • Sun N1 Grid Engine 6.0 (for IRIX 6.5) without patch 124533-01

Note: The described issues can only occur on the Sun Grid systems listed above when configured in Certificate Security Protocol (CSP) mode.

To determine if a system is configured in CSP mode, the following command can be used:

    $ grep security_mode $SGE_ROOT/default/common/bootstrap

If a system is configured in CSP mode, the output of the above command will indicate "security_mode csp".


Symptoms

There are no predictable symptoms that would indicate the described issues have been exploited.


Workaround

There is no workaround for these issues. Please see the Resolution section below.


Resolution

These issues are addressed in the following releases:

SPARC Platform

  • Sun N1 Grid Engine 6.0 (32-bit Solaris) with patch 124519-01 or later
  • Sun N1 Grid Engine 6.0 (64-bit Solaris) with patch 124520-01 or later
  • Sun  N1 Grid Engine 6.0 (32-bit Solaris) NON-Solaris Package format with patch 124523-01 or later
  • Sun N1 Grid Engine 6.0 (64-bit Solaris) NON-Solaris Package format with patch 124524-01 or later

x86 Platform

  • Sun N1 Grid Engine 6.0 with patch 124521-01 or later
  • Sun N1 Grid Engine 6.0 NON-Solaris Package format with patch 124525-01 or later
  • Sun N1 Grid Engine 6.0 (x64) with patch 124522-01 or later
  • Sun N1 Grid Engine 6.0 (x64) NON-Solaris Package format with patch or later 124526-01

Linux Platform

  • Sun N1 Grid Engine 6.0 with patch 124527-01 or later
  • Sun N1 Grid Engine 6.0 (x64) with patch 124528-01 or later

Windows

  • Sun N1 Grid Engine 6.0 with patch 124534-01 or later

HP-UX

  • Sun N1 Grid Engine 6.0 with patch 124532-01 or later

AIX

  • Sun N1 Grid Engine 6.0 (for AIX 4.3) with patch 124529-01 or later
  • Sun N1 Grid Engine 6.0 (for AIX 5.1) with patch 124530-01 or later

Mac OS

  • Sun N1 Grid Engine 6.0 with patch 124531-01 or later

IRIX

  • Sun N1 Grid Engine 6.0 (for IRIX 6.5) with patch 124533-01 or later

Note: Sun Grid Engine 5.3 for all platforms will require an upgrade to N1 Grid Engine 6.0 with the appropriate patches to resolve this issue.



Modification History
Date: 31-JAN-2007

31-Jan-2007:

  • Updated Contributing Factors and Resolution sections
  • State: Resolved


References

124523-01
124524-01
124525-01
124526-01
124527-01
124528-01
124529-01
124530-01
124531-01
124532-01
124533-01
124534-01
124519-01
124520-01
124521-01
124522-01




Attachments
This solution has no attachment