topic Re: openSSH in StoreVirtual Storage

openSSH

5y53ng — Fri, 27 Apr 2012 14:40:50 GMT

Is anyone aware of a patch to upgrade the openSSH version in saniq 9.5? A member of our security team approached me and said it was out of date. The VSA appears to have version 4.3 and the latest version appears to be 6.x.

Re: openSSH

Jitun — Sun, 29 Apr 2012 07:23:02 GMT

There is no Patch to Upgrade openSSH version for SANiQ.

I have requested to check if it will be upgraded in the next version of SANiQ.

Re: openSSH

5y53ng — Tue, 01 May 2012 12:31:45 GMT

Great, thank you!

Re: openSSH

Jitun — Thu, 03 May 2012 14:49:15 GMT

The reason we have v4.3 is because SANiQ 9.5 is based on CentOS 5.5/5.7, and that's the version it ships.

The vulnerabilities in that version (v4.3) are things that can't be used against SANiQ for various reasons (like the way HP configures it)

Re: openSSH

5y53ng — Fri, 04 May 2012 18:43:05 GMT

Thank you Jitun,

Is there any official documentation from HP stating the VSA is not vulnerable to any exploits of 4.3? I'm not concerned about the version, since the iSCSI SAN is private, but I know security will be looking for something official.

Thanks again.

Re: openSSH

Lakey81 — Wed, 26 Feb 2014 15:08:59 GMT

Has anyone got any newer information on this? We just found the same issue with version 10.5 that openssh is coming up with multiple vulnerabilities.