Back to search

Sun Patch: SunOS 5.10: ssh scp patch

Severity CVSS Published Added Modified
6 (AV:N/AC:M/Au:N/C:N/I:P/A:P) September 15, 2010 September 15, 2010 November 26, 2014

Description

From Sun Patch 143559-10

Sun has released a security patch addressing the following issues:

6492415 ignore UsePrivilegeSeparation keyword in SunSSH
6628516 old OpenSSH privilege separation code is not needed in SunSSH
6968233 problem with ssh server
7020701 problem with ssh server
 
(from 143559-09)
 
7013910 Sun ssh lacks mandatory diffie-hellman-group14-sha1 support
 
(from 143559-08)
 
6688153 sshd should not call setsockopt() on a non socket
6714346 sshd does not enforce empty password restrictions
6978348 ssh/sftp via inetd records the peername as a "UNKNOWN" after HW crypto change
6993643 VerifyReverseMapping handling of ifdef IPV4_IN_IPV6 incomplete: cannot verify
 
(from 143559-07)
 
6989182 CVE 2008-7270 change SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
7015771 fix CVE-2010-4180 in OpenSSL
 
(from 143559-06)
 
6983497 ssh and scp commands with multiple @ fail with node name or service name not known
 
(from 143559-05)
 
6336266 ssh SIGWINCH handling races; some servers are very unforgiving
6543577 ssh hangs when logging out
6953845 sshd monitor process needs better debugging
6953854 channel handler could process just created channels
 
(from 143559-04)
 
6480090 ConnectTimeout functionality desired for SUNWssh
6541995 honor Host directives when processing ConnectTimeout option
 
(from 143559-03)
 
        This revision accumulates generic Sustaining patch 143140-04
        into Solaris S10U9 update.
 
(from 143559-02)
 
        This revision accumulates generic Sustaining patch 143140-03
        into Solaris S10U9 update.
 
(from 143559-01)
 
        This revision accumulates generic Sustaining patch 143140-02
        into Solaris S10U9 update.
 
(from 143140-04)
 
6898546 fix TLS renegotiation problem in OpenSSL (CVE-2009-3555)
 
(from 143140-03)
 
6599821 CVE-2007-3108 needs to be fixed
 
(from 143140-02)
 
6850734 enabled aes192/aes256 support in ssh/sshd does not work on S10U3 or older releases
6882255 sftp connection fails when .bashrc generates output on stderr
6886656 unlimited window size causes problems with limited buffer sizes
6894519 USE_PIPES is not used on Solaris and should be removed
 
(from 143140-01)
 
6868716 dangling sshd authentication thread after timeout exit of monitor

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

sunpatch-solaris-143559

Related Vulnerabilities