Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Nortel Networks Information for VU#369347

Date Notified:2002-06-24
Date Updated:
Status Summary:Vulnerable

Vendor Statement

Nortel Networks has concluded its portfolio review and has determined that the following two products are shipped with OpenSSH:
  1. In STORM, release SN04, the challenge response authentication feature is not used and therefore Nortel Networks recommends that it be disabled, which will not impact the product. The recommendations in CERT Advisory CA-2002-18 to disable features should be followed.
  2. The SFTP sshd server on the SuperNode Data Manager is not affected by the vulnerabilities noted in CERT Advisory CA-2002-18 because the challenge response and separation of privileges mechanisms are not enabled as shipped with ASG Passwerks v3.x.

The core OpenSSH distribution will be upgraded to v3.4 with the SN05 release.

For more information please contact Nortel at:
    North America: 1-8004NORTEL or 1-800-466-7835

    Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009

Contacts for other regions are available at
Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information