Would any of you guys know what patch addresses the "OpenSSH GSSAPI allows elevated privileges" vulnerability? During a scan, 1 of our 11 ESX 3.5U4 hosts was dinged for this...no idea why the other 10 weren't. Any information would be appreciated.
Message was edited by: Texiwill: Removed microsoft word foo
Hello,
This depends on how the scan was being done. I would compare OpenSSH versions as well as from where 10/11 have gotten their OpenSSH. All patches should come from VMware but it sounds like someone patched OpenSSH by hand.... However, also run 'esxupdate' with the appropriate option to list the patches on a working host and then on the 11th to determine if this one is out of sync. If the patch list is the same then most likely someone switched out OpenSSH on the 10 working hosts.
Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009
Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|
[url=http://www.astroarch.com/wiki/index.php/Virtualization_Security_Round_Table_Podcast]Virtualization Security Round Table Podcast[/url]
I am sure that no one has updated OpenSSH on these hosts as I am the one who updates these servers and I have not had a chance to update hosts in quite some time.
Hello,
Then I would compare 'esxupdate' output to determine what is different on this host. Also, how is this test done, looking at version numbers or looking for the actual vulnerability. If it is versions numbers it could be a false positive.
Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009
Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|
[url=http://www.astroarch.com/wiki/index.php/Virtualization_Security_Round_Table_Podcast]Virtualization Security Round Table Podcast[/url]