XML Gateway Software - OpenSSH

Answered Question
Jun 15th, 2010

Hello.

I’m trying to remediate a vulnerability scan that was run against our ACE XML Gateway running version 6.1. The scan came back with three possible vulnerabilities all referring to various versions of OpenSSH. How do I confirm what OpenSSH version my XML Gateway is using?

ACE XML Gateway 6.1-2009-10-20T15

6.1-1138

kernel: 2.4.21-47.ELsmp

Cavium: 1.0-1

Scan showed:

OpenSSH Multiple Memory Management Vulnerabilities fixed in OpenSSH v3.7.1

OpenSSH GSSAPI Credential Disclosure Vulnerability fixed in OpenSSH v4.2

OpenSSH Signal Handling Vulnerability fixed in OpenSSH v4.4

I have this problem too.
0 votes
Correct Answer by Sean Merrow about 6 years 7 months ago

Hello,

Sorry, I did not see your post here.  I only first saw the one in the Ask-the-Expert thread.  Now I see why you posted in the Ask-the-Expert....just trying to get an answer!  ;- )

Sean

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Sean Merrow Thu, 06/17/2010 - 05:44

Hello,

Sorry, I did not see your post here.  I only first saw the one in the Ask-the-Expert thread.  Now I see why you posted in the Ask-the-Expert....just trying to get an answer!  ;- )

Sean

b-cunningham Thu, 06/17/2010 - 14:31

Sorry I missed the hint about being in the wrong forum.

I have been unable to find any documentation on Cisco’s site regarding any patching on OpenSSH. Can anyone point me in the right direction so I can have something to say on my remediation?

b-cunningham Thu, 06/17/2010 - 14:39

.....or if no documentation exists, is this expected to be fixed in a later release?

Sean Merrow Fri, 06/18/2010 - 05:28

Hi Brad,

The developement team has been adding security patches to the 3.6 OpenSSH for some time now.  They have told us that the AXG is not vulnerable to any of the security issues that 3.6 had.  Unfortunately, the only documentation we have is what you see on CCO.  If you require further information, then you'll need to open up a case with Cisco TAC so they can engage the necessary folks in engineering that can address your specific questions.

I wish I could be of more help on this in this forum.

Thanks,


Sean

Actions

This Discussion

Related Content