HPE Community
Operating System - HP-UX
1826417 Members
3743 Online
109692 Solutions
New Discussion

Is SSH 3.61..002 for HP-UX secure ?

 
SOLVED
Go to solution
GIRIJA SWAIN
Advisor

‎11-02-2003 05:05 PM

‎11-02-2003 05:05 PM

Is SSH 3.61..002 for HP-UX secure ?

Can any one let me know, if there is any security bug in this latest version of SSH 3.61.002 for HP-UX 11.11 ? I see Open SSH 3.7.1 is the latest and fixed a bug as latest as 19th Sept 2003. Is there any plan of HP to release a depot for 3.7.1 or is it safe to use 3.61.002 for now ?
GSS-PALO-ALTO
0 Kudos
Reply
6 REPLIES 6
Rajeev Shukla
Honored Contributor

‎11-02-2003 05:17 PM

‎11-02-2003 05:17 PM

Re: Is SSH 3.61..002 for HP-UX secure ?

I bet bugs are there in almost all applications and softwares, they are seen only when someone experiences or sees them.
And if HP hasn't released any newer version or there hasn't been any patch release for security vunerability i am sure you can use the existing version.
Trust HP!!!
Reply
Jerome Henry
Honored Contributor

‎11-02-2003 05:51 PM

‎11-02-2003 05:51 PM

Re: Is SSH 3.61..002 for HP-UX secure ?

Hi,

The bug was fixed in HP UX 3.6 version already. Look at this thread :

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=240230

RGDS

J
You can lean only on what resists you...
Reply
GIRIJA SWAIN
Advisor

‎11-02-2003 06:13 PM

‎11-02-2003 06:13 PM

Re: Is SSH 3.61..002 for HP-UX secure ?

Thanks for all the reply so far. I am particularly interested to know if the buffer management bug has been fixed in HP's SSH-3.61.002. Open Forume has reported like this:- "OpenSSH 3.7.1 and newer are not vulnerable to "September 16, 2003: OpenSSH Buffer Management bug", OpenSSH Security Advisory and CERT Advisory CA-2003-24."
GSS-PALO-ALTO
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

‎11-02-2003 09:59 PM

‎11-02-2003 09:59 PM

Solution

Re: Is SSH 3.61..002 for HP-UX secure ?

HP's SSH 3.61.002 does fix one recent buffer overlow bug but there has been another similar bug since. The problem is there is always going to be more bugs found - as soon as you install one version a new bug will be found and you are out of date again, and HP always take a bit more time to package the latest version of SSH into their own product so theyre always going to be 1 or 2 steps behind openssh.

The only way to keep uptodate is use openssh - but again, as soon as you get around to installing the latest version a new bug will be found. Its a no win situation.
Im from Palmerston North, New Zealand, but somehow ended up in London...
Reply
Berlene Herren
Honored Contributor

‎11-03-2003 12:18 AM

‎11-03-2003 12:18 AM

Re: Is SSH 3.61..002 for HP-UX secure ?

Please see HPSBUX0309-282 security bulletin, or this post:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=224090

To date, following the instructions in the above bulletin, HP Secure Shell is safe for use.

Thanks,
Berlene



http://www.mindspring.com/~bkherren/dobes/index.htm
Reply
Mark Grant
Honored Contributor

‎11-03-2003 12:30 AM

‎11-03-2003 12:30 AM

Re: Is SSH 3.61..002 for HP-UX secure ?

Remember the old saying

"all sofware contains at least one bug and can be reduced by at least one instruction"

This means, of course, that all software can be reduced to one intruction that doesn't work.
Never preceed any demonstration with anything more predictive than "watch this"
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.