ssh vulneribility

M.Thomas · ‎09-28-2006

we have this note from security...
OpenSSH GSSAPI Credential Disclosure Vulnerability

156.99.4.5 (-, -) port 22/tcp HP-UX 11 CVSS: - Active

SOLUTION:
This issue affects versions of OpenSSH prior to 4.2. The vendor released OpenSSH version 4.2 to address this issue.

so will the upgrade help, if so what would be the steps and would it require a downtime as this is a prod box. Also if i upgrade will it fix this issue?

Please advise

Thanks

Thomas

Arunvijai_4 · ‎09-28-2006

Hi Thomas,

Latest version for Secure shell available from HP is, A.04.30.014. It should fix the security hole.

And, there is no downtime required to install Secure shell. Older SSH connection will remain the same untill reconnected.

URL : http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

-Arun

"A ship in the harbor is safe, but that is not what ships are built for"

M.Thomas · ‎09-28-2006

Arun:

so just swinstall the new depot file and we are done. nothing to change? that sounds so simple. please confirm, this is a production box

Thanks

Thomas

Arunvijai_4 · ‎09-28-2006

Hi Thomas,

Yes, Just swinstall will be fine. It is better you go through the release notes for secure shell,

http://docs.hp.com/en/internet.html#Secure%20Shell

-Arun

"A ship in the harbor is safe, but that is not what ships are built for"

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

ssh vulneribility

ssh vulneribility

Re: ssh vulneribility

Re: ssh vulneribility

Re: ssh vulneribility