From: Adams Kevin J (kevin.adams@PHS.COM)
Date: Thu Sep 18 2003 - 14:41:28 EDT
Actually, IBM does support OpenSSH from the Linux Toolbox for 4.3.3 and
developers site for 5.1.
If you have a support agreement, you can all in on it. They will help you.
According to IBM tech support, there will never be other than a patched
3.4p1 for 4.3.3, or 3.6.1p2 for 5.1.
There should be a new patched version available today that addresses the
latest vulnerability.
Kevin Adams
PacifiCare Behavioral Health
Principal Systems Analyst
AIX Certified Advanced Technical Expert
-----Original Message-----
From: Alexandre Sato [mailto:alexandre.sato@BR.ABNAMRO.COM]
Sent: Thursday, September 18, 2003 11:07 AM
To: aix-l@Princeton.EDU
Subject: Re: [aix-l] SSH Vulnerability Fix for AIX?
As long as SSH is NOT AN OFFICIAL PRODUCT from IBM, it does not have any
support, unless from the Open SSH project page. The link you've sent has the
apropriated solution for this vulnerability issue:
Subject: OpenSSH Security Advisory: buffer.adv
This is the 2nd revision of the Advisory.
This document can be found at: http://www.openssh.com/txt/buffer.adv
1. Versions affected:
All versions of OpenSSH's sshd prior to 3.7.1 contain buffer
management errors. It is uncertain whether these errors are
potentially exploitable, however, we prefer to see bugs
fixed proactively.
Other implementations sharing common origin may also have
these issues.
2. Solution:
Upgrade to OpenSSH 3.7.1 or apply the following patch.
So, if you're running a version older than 3.7.1, just make an upgrade for
this version. It's a matter of spending some extra minutes reading the
advise.
Ranbir Singh <Singh@XAVIER.EDU>
Sent by: IBM AIX Discussion List <aix-l@Princeton.EDU>
09/18/03 02:47 PM
Please respond to IBM AIX Discussion List
To: aix-l@Princeton.EDU
cc:
Subject: SSH Vulnerability Fix for AIX?
Does anyone know if IBM (or related) has released an AIX fix for the
new security vulnerability for SSH?
Here is the description of the issue:
<http://www.openssh.com/txt/buffer.adv>
http://www.openssh.com/txt/buffer.adv
Thanks,
RS
--------------------------------
"Colorless green ideas sleep furiously."
--------------------------------
Ranbir Singh
Information Systems and Services
O: 513.745.3889
E: <mailto:singh@xavier.edu> singh@xavier.edu
Xavier University
3800 Victory Parkway
Cincinnati, Ohio 45207-7411
This electronic message transmission, including any attachments, contains information from PacifiCare Health Systems Inc. which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited.
If you have received this electronic transmission in error, please notify the sender immediately by a "reply to sender only" message and destroy all electronic and hard copies of the communication, including attachments.
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:12 EDT