From: Iftikhar A. Naghmi (inaghmi@AUSTINCC.EDU)
Date: Thu Sep 18 2003 - 16:52:07 EDT
Here is the link to get the patch for ssh3.6.1
http://oss.software.ibm.com/developerworks/projects/opensshi
Iftikhar A. Naghmi
*********************************************************
Systems Programmer Austin Community College
IBM Certified AIX Support Specialist 9101 Tuscany Way
Information Technology Austin, Texas 78754
Phone: (512) 223 1140 Fax: (512) 223 1211
*********************************************************
This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly prohibited.
-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU]On Behalf Of
Adams Kevin J
Sent: Thursday, September 18, 2003 1:41 PM
To: aix-l@Princeton.EDU
Subject: Re: SSH Vulnerability Fix for AIX?
Actually, IBM does support OpenSSH from the Linux Toolbox for 4.3.3 and
developers site for 5.1.
If you have a support agreement, you can all in on it. They will help you.
According to IBM tech support, there will never be other than a patched
3.4p1 for 4.3.3, or 3.6.1p2 for 5.1.
There should be a new patched version available today that addresses the
latest vulnerability.
Kevin Adams
PacifiCare Behavioral Health
Principal Systems Analyst
AIX Certified Advanced Technical Expert
-----Original Message-----
From: Alexandre Sato [mailto:alexandre.sato@BR.ABNAMRO.COM]
Sent: Thursday, September 18, 2003 11:07 AM
To: aix-l@Princeton.EDU
Subject: Re: [aix-l] SSH Vulnerability Fix for AIX?
As long as SSH is NOT AN OFFICIAL PRODUCT from IBM, it does not have any
support, unless from the Open SSH project page. The link you've sent has the
apropriated solution for this vulnerability issue:
Subject: OpenSSH Security Advisory: buffer.adv
This is the 2nd revision of the Advisory.
This document can be found at: http://www.openssh.com/txt/buffer.adv
1. Versions affected:
All versions of OpenSSH's sshd prior to 3.7.1 contain buffer
management errors. It is uncertain whether these errors are
potentially exploitable, however, we prefer to see bugs
fixed proactively.
Other implementations sharing common origin may also have
these issues.
2. Solution:
Upgrade to OpenSSH 3.7.1 or apply the following patch.
So, if you're running a version older than 3.7.1, just make an upgrade
for this version. It's a matter of spending some extra minutes reading the
advise.
Ranbir Singh <Singh@XAVIER.EDU>
Sent by: IBM AIX Discussion List <aix-l@Princeton.EDU>
09/18/03 02:47 PM
Please respond to IBM AIX Discussion List
To: aix-l@Princeton.EDU
cc:
Subject: SSH Vulnerability Fix for AIX?
Does anyone know if IBM (or related) has released an AIX fix for the
new security vulnerability for SSH?
Here is the description of the issue:
http://www.openssh.com/txt/buffer.adv
Thanks,
RS
--------------------------------
"Colorless green ideas sleep furiously."
--------------------------------
Ranbir Singh
Information Systems and Services
O: 513.745.3889
E: singh@xavier.edu
Xavier University
3800 Victory Parkway
Cincinnati, Ohio 45207-7411
This electronic message transmission, including any attachments, contains
information from PacifiCare Health Systems Inc. which may be confidential or
privileged. The information is intended to be for the use of the individual
or entity named above. If you are not the intended recipient, be aware that
any disclosure, copying, distribution or use of the contents of this
information is prohibited.
If you have received this electronic transmission in error, please notify
the sender immediately by a "reply to sender only" message and destroy all
electronic and hard copies of the communication, including attachments.
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:12 EDT