Reset Search
 

 

Article

VN 2012 001 (CVE-2008-5161 CVE-2006-5051 CVE-2008-1483)

« Go Back

Vulnerability Notice

 
Vulnerability Summary
This is a Legacy Enterasys Vulnerability Notice covering Legacy Enterasys Switches for the following vulnerabilities:
Last Revised: May 1, 2012
Products Potentially Affected

CVE-2008-5161

(ssh-openssh-cbc-mode-info-disclosure) does not affect the OpenSSH server embedded on the Enterasys N, S, K, A, B, C, D, G, and I series platforms as the vulnerability note calls out a specific version of OpenSSH that has never been utilized.

CVE-2006-5051

(ssh-openssh-gssapi-signalrace-double-free) is not applicable to the Enterasys OpenSSH server embedded on the N, S, K, A, B, C, D, G, and I series platforms as these platforms do not support GSSAPI.

CVE-2008-1483

(ssh-openssh-x11-fowarding-info-disclosure) is not applicable to the Enterasys OpenSSH server embedded on N, S, K, A, B, C, D, G, and I series platforms as these platforms do not support X11 forwarding.

Impact Details
Repair Recommendations
The resolution to any threat or issue is dependent upon a number of things, including the setup of the computer network and how the local IT team wants to address the situation. Accordingly, in addition to updating the software as recommended in this document, the local IT team will need to analyze and address the situation in a manner that it determines will best address the set-up of its computer network. Update the software, identified in this Notice, in your Extreme Networks products by replacing it with the latest releases from Extreme Networks including those listed above.

Firmware and software can be downloaded from www.extremenetworks.com/support.
Legal Notice
This advisory notice is provided on an “as is” basis and Extreme Networks makes no representations or warranties of any kind, expressly disclaiming the warranties of merchantability or fitness for a particular use. Use of the information provided herein or materials linked from this advisory notice is at your own risk. Extreme Networks reserves the right to change or update this document at any time, and expects to update this document as new information becomes available. The information provided herein is applicable to current Extreme Networks products identified herein and is not intended to be any representation of future functionality or compatibility with any third-party technologies referenced herein. This notice shall not change any contract or agreement that you have entered into with Extreme Networks.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255