SecureShell Release Notes (5900-2247, September 2012)

17 Is HP-UX Secure Shell vulnerable to the reported double free bug in the zlib compression

algorithm documented at http://www.cert.org/advisories/CA-2002-07.html?

All versions of HP-UX Secure Shell starting from A.03.10 are built with support for zlib-1.1.4

or later. So, HP-UX Secure Shell is not affected by the bug described above.

HP-UX Secure Shell versions A.05.90.001, A.05.90.002, and A.05.90.007 are built with

zlib v1.2.3.

18 Is HP-UX Secure Shell vulnerable to the following CERTs: http://cve.mitre.org/cgi-bin/

cvename.cgi?name=CAN-2003-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?

name=CAN-2003-0131?

This version of HP-UX Secure Shell is built with OpenSSL-0.9.8t and is not affected by these

two CERTs. The vulnerabilities were fixed in OpenSSL-0.9.7d.

19 What options is HP-UX Secure Shell compiled with?

HP-UX Secure Shell is compiled with the following options:

• Options defined in config.h:

#define USE_PAM 1◦

◦ #define IPV4_IN_IPV6 1

◦ #define GSSAPI 1

◦ #define KRB5 1

◦ #define LIBWRAP 1

◦ #define HAVE_MD5_PASSWORDS 1

◦ #undef SMARTCARD

• Options defined in ssh.h:

#define SSH_DEFAULT_PORT 22◦

◦ #define SSH_SERVICE_NAME ssh

• Options defined in makefile:

◦ prefix=/opt/ssh

◦ mandir=/opt/ssh/share/man

◦ piddir=/var/run

◦ PRIVSEP_PATH=/var/empty

◦ bindir=/opt/ssh/bin

◦ sbindir=/opt/ssh/sbin

◦ xauth_path=/usr/bin/X11/xauth

◦ sysconfdir=/opt/ssh/etc

◦ LIBPAM=-lpam

◦ LIBWRAP=-lwrap

20 As Cisco routers and switches are enabled with SSH-1 and use only DES, how do I configure

HP-UX Secure Shell to work with CISCO SSH-1?

14 HP-UX Secure Shell A.05.90