Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

IBM Information for VU#157447

Date Notified:
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

IBM makes available OpenSSH for AIX customers as a software package under the AIX-Linux Affinity initiative. This package is included on the AIX Toolbox for Linux Applications CD, and can be downloaded via the IBM Linux Affinity website. The currently available version of OpenSSH is susceptible to the vulnerability described here. We will update our OpenSSH offering soon to a version that is not vulnerable; this update will be made available for downloading by accessing this URL:

http://www6.software.ibm.com/dl/aixtbx/aixtbx-p

and following the instructions presented there.

Please note that OpenSSH, and all Linux Affinity software, is offered on an "as-is" basis. IBM does not own the source code for this software, nor has it developed and fully tested this code. IBM does not support these software packages.

Customers may wish to obtain and install a non-vulnerable version of OpenSSH (ver. 3.0.2) from other sites, pending the posting of our updated version. However, other sites may not offer recompiled
packages for AIX, making necessary the customer having to build the binaries.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information