Messaging Gateway

 View Only

  • 1.  Symantec Messaging Gateway V 10.0.1-2

    Posted May 16, 2013 09:11 AM

    I am running the above version and going through my C&A process. I have the following Retina CAT 1 finding for SSH:

    TITLE: OpenSSH Multiple Vulnerabilities (200609)
    DESCRIPTION:OpenSSH contains multiple vulnerabilities within the GSSAPI authentication implementation that could allow remote attackers to determine the validity of usernames, crash the SSH daemon (i.e. denial of service condition), or potentially execute arbitrary code. Note: This audit is for versions of OpenSSH obtained from OpenSSH.org and may report false findings with vendor specific backports.

    Is the appliance for this version of OpenSSH updateable?

     

     



  • 2.  RE: Symantec Messaging Gateway V 10.0.1-2

    Posted May 16, 2013 09:47 AM

    Can you tell me what the specific RedHat package of OpenSSH does this version of SMG run?



  • 3.  RE: Symantec Messaging Gateway V 10.0.1-2

    Posted May 16, 2013 09:47 AM

    You are not able to update the version of compoents directly. Was there a CVE number assosicated with this vulnerability?

    Please also be sure that the you are not allowing SSH traffic from the internet to your Symantec Messaging Gateway devices to help mitigate the risk of the potential vulnerability.

     



  • 4.  RE: Symantec Messaging Gateway V 10.0.1-2

    Posted May 16, 2013 10:17 AM

    CVE-2006-5051 and CVE-2006-5052. Only allowing SSH access from dmin VLAN.



  • 5.  RE: Symantec Messaging Gateway V 10.0.1-2

    Posted May 16, 2013 03:02 PM

    SMG is not vulnerable to the CVE-2006-5051 and CVE-2006-5052 security vulnerability because SMG does not use the GSSAPI authentication.



  • 6.  RE: Symantec Messaging Gateway V 10.0.1-2

    Posted May 17, 2013 07:44 AM

    Thank You for the quick response.

     

    What about CVE-2008-1483 and CVE-2008-3234?

    CVE-2008-1483 

    OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs. 
    References
     

    CVE-2008-3234

    sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.



  • 7.  RE: Symantec Messaging Gateway V 10.0.1-2

    Posted May 17, 2013 10:13 AM

    The SMG is not vulnerable to the CVE-2008-1483 security vulnerability.

     

    Symantec Messaging Gateway is not running Debian or a debian based distro so we do not have a specific statement for CVE-2008-3234.