Nortel Networks Information for VU#369347
OpenSSH vulnerabilities in challenge response handling
- Vendor Information Help Date Notified: 24 Jun 2002
- Statement Date:
- Date Updated: 16 Jul 2002
Nortel Networks has concluded its portfolio review and has determined that the following two products are shipped with OpenSSH:
- In STORM, release SN04, the challenge response authentication feature is not used and therefore Nortel Networks recommends that it be disabled, which will not impact the product. The recommendations in CERT Advisory CA-2002-18 to disable features should be followed.
- The SFTP sshd server on the SuperNode Data Manager is not affected by the vulnerabilities noted in CERT Advisory CA-2002-18 because the challenge response and separation of privileges mechanisms are not enabled as shipped with ASG Passwerks v3.x.
The core OpenSSH distribution will be upgraded to v3.4 with the SN05 release.
For more information please contact Nortel at:
- North America: 1-8004NORTEL or 1-800-466-7835
Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009
Contacts for other regions are available at
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.