Hi everyone. I wonder if someone can help us with this.
A customer bought a CPS-MSP-1RU-K9, described as MSP 1-RU Cisco Physical Security MultiService Platform Assy, which I have read comes with SuSE Enterprise Linux (x86_64) Service Pack 1 Preinstalled.
They ran a vulnerability scan on the server and found several outdated packages which should be replaced with newer versions. The problem is that SP1 is no longer supported and I can't update the server. The lowest version that I can find patches for is SP3 on Novell, and to get there I need to upgrade to SP2 and then to SP3 (the same is for SP4, I'd need to go from SP1 to SP2, then to SP3, and to SP4 in the end).
Is VSOM 6.3 (or 7.2, because version 6.3 has vulnerabilities as well) supported on SP3/SP4? Also, the preinstalled version is the 64bit one? (I've downloaded the DVD's for the x86 version and I just read somewhere that it comes preinstalled with the 64bit one, is this true?)
I attach a PDF with the vulnerabilities found (I can't post more info because it's confidential), and it can give you a pretty good idea of what I'm talking about. Of course, I'm not even sure if the vulnerabilities are even fixed in SP4, but I need to know if the platform will work in SP4 before getting to the task of upgrading the OS. And, if it won't work on versions later than SP1 I need to document it so they accept it.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...