Simpler Navigation for Servers and Operating Systems
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
Operating System - Tru64 Unix
cancel
Showing results for 
Search instead for 
Did you mean: 

Vulunrability SshTransportMultipleBo patch for 5.1B?

Qing Zhu
Advisor

Vulunrability SshTransportMultipleBo patch for 5.1B?

Hi,
A contractor did a security scan on my company's tru64 boxes, and found this "SshTransportMultipleBo" vulunrablity as high risk.
My systems are runing 5.1b with patch kit 3 or 4. I tried to find patch for this on this website but no success. Can anyone kindly piont me to a link or something to it?

Many thanks,
Qing
2 REPLIES
Vladimir Fabecic
Honored Contributor

Re: Vulunrability SshTransportMultipleBo patch for 5.1B?

Here is URL where you can download PK5 and PK6 for 5.1B
ftp://ftp.itrc.hp.com/patch_bundles/tru64/5.1X/
Download patch kits and list patches in them.
In vino veritas, in VMS cluster
Steven Schweda
Honored Contributor

Re: Vulunrability SshTransportMultipleBo patch for 5.1B?

A Google search for:
SshTransportMultipleBo
led to:

http://www.cert.org/advisories/CA-2002-36.html

which says:

HP Tru64 UNIX V5.1a or HP OpenVMS systems using SSH V2.4.1 should upgrade to SSH V3.2.

2002 is pretty old. On my system (V5.1B with Patch Kit 6):

urtx# ssh -V
ssh: SSH Secure Shell Tru64 UNIX 3.2.0

(It's similar for /usr/sbin/sshd2.)

Are you sure that the problem really exists?