Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

XML Gateway Software - OpenSSH

Hello.

I’m trying to remediate a vulnerability scan that was run against our ACE XML Gateway running version 6.1. The scan came back with three possible vulnerabilities all referring to various versions of OpenSSH. How do I confirm what OpenSSH version my XML Gateway is using?

ACE XML Gateway 6.1-2009-10-20T15

6.1-1138

kernel: 2.4.21-47.ELsmp

Cavium: 1.0-1

Scan showed:

OpenSSH Multiple Memory Management Vulnerabilities fixed in OpenSSH v3.7.1

OpenSSH GSSAPI Credential Disclosure Vulnerability fixed in OpenSSH v4.2

OpenSSH Signal Handling Vulnerability fixed in OpenSSH v4.4

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: XML Gateway Software - OpenSSH

Hello,

Sorry, I did not see your post here.  I only first saw the one in the Ask-the-Expert thread.  Now I see why you posted in the Ask-the-Expert....just trying to get an answer!  ;- )

Sean

6 REPLIES
Silver

Re: XML Gateway Software - OpenSSH

Hello,

Sorry, I did not see your post here.  I only first saw the one in the Ask-the-Expert thread.  Now I see why you posted in the Ask-the-Expert....just trying to get an answer!  ;- )

Sean

New Member

Re: XML Gateway Software - OpenSSH

Thank you Sean.

Brad

Brad Cunningham

Senior Network Technician

Alaska USA Federal Credit Union

PO Box 196613

Anchorage, AK 99519-6613

b.cunningham@alaskausa.org

Phone: 907-786-2937 Fax 907-929-6826

New Member

Re: XML Gateway Software - OpenSSH

Sorry I missed the hint about being in the wrong forum.

I have been unable to find any documentation on Cisco’s site regarding any patching on OpenSSH. Can anyone point me in the right direction so I can have something to say on my remediation?

New Member

Re: XML Gateway Software - OpenSSH

.....or if no documentation exists, is this expected to be fixed in a later release?

Silver

Re: XML Gateway Software - OpenSSH

Hi Brad,

The developement team has been adding security patches to the 3.6 OpenSSH for some time now.  They have told us that the AXG is not vulnerable to any of the security issues that 3.6 had.  Unfortunately, the only documentation we have is what you see on CCO.  If you require further information, then you'll need to open up a case with Cisco TAC so they can engage the necessary folks in engineering that can address your specific questions.

I wish I could be of more help on this in this forum.

Thanks,


Sean

New Member

Re: XML Gateway Software - OpenSSH

Thank you very much for your time.

Brad

579
Views
0
Helpful
6
Replies