Unzip and install OpenSSH. Solaris10# gunzip openssh-4.7p1-sol9-sparc-local.gz. Solaris10# pkgadd -d openssh-4.7p1-sol9-sparc-local. The packages are now installed. Create /var/empty directory. Solaris10# mkdir /var/empty. Change directory ownership to Root user and sys group. Solaris10# chown root:sys /var/empty. Change permissions. OpenSSH (Secure Shell) is an encrypted, remote access service. Version 4.7p1 has some known vulnerabilities listed here. Searching Metasploit again revealed some exploits for Windows OS, clearly of no use here. Samba smbd 3.X – 4.X.
Gentoo Linux: CVE-2008-5161: OpenSSH: Multiple vulnerabilities
Openssh 4.7p1 Metasploit
Openssh 4.7 P1005
Description
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors. Parallels desktop 16 for mac activation key free.
Solution(s)
- gentoo-linux-upgrade-net-misc-openssh
References
- APPLE-SA-2009-11-09-1
- 32319
- 958563
- 201405-06
- OVAL11279
- RHSA-2009:1287
- 46620