https://community.cisco.com/t5/network-security/pix-and-openssh-security-buffer-adv-advisory/m-p/147719#M580321 <HTML><HEAD></HEAD><BODY><P>None of the PIX, FWSM, IOS, VPN3000, VPN5000 or CatOS SSH code is based on OpenSSH code, and therefore is NOT susceptible to the latest vulnerability.</P><P></P><P>Not sure on the IDS code as yet, we're still checking into it. </P><P></P><P>I'd keep checking here (<A class="jive-link-custom" href="http://www.cisco.com/warp/public/707/advisory.html" target="_blank">http://www.cisco.com/warp/public/707/advisory.html</A>) if you're interested, when we know more I'd say we'll release an announcement here.</P></BODY></HTML> Wed, 17 Sep 2003 03:33:29 GMT gfullage 2003-09-17T03:33:29Z https://community.cisco.com/t5/network-security/pix-and-openssh-security-buffer-adv-advisory/m-p/147718#M580314 <P>Are any of the PIX OS versions susceptible to the latest OpenSSH Security buffer.adv advisory?</P><P></P><P><A class="jive-link-custom" href="http://www.openssh.com/txt/buffer.adv" target="_blank">http://www.openssh.com/txt/buffer.adv</A></P> Fri, 21 Feb 2020 06:59:47 GMT https://community.cisco.com/t5/network-security/pix-and-openssh-security-buffer-adv-advisory/m-p/147718#M580314 david 2020-02-21T06:59:47Z https://community.cisco.com/t5/network-security/pix-and-openssh-security-buffer-adv-advisory/m-p/147719#M580321 <HTML><HEAD></HEAD><BODY><P>None of the PIX, FWSM, IOS, VPN3000, VPN5000 or CatOS SSH code is based on OpenSSH code, and therefore is NOT susceptible to the latest vulnerability.</P><P></P><P>Not sure on the IDS code as yet, we're still checking into it. </P><P></P><P>I'd keep checking here (<A class="jive-link-custom" href="http://www.cisco.com/warp/public/707/advisory.html" target="_blank">http://www.cisco.com/warp/public/707/advisory.html</A>) if you're interested, when we know more I'd say we'll release an announcement here.</P></BODY></HTML> Wed, 17 Sep 2003 03:33:29 GMT https://community.cisco.com/t5/network-security/pix-and-openssh-security-buffer-adv-advisory/m-p/147719#M580321 gfullage 2003-09-17T03:33:29Z https://community.cisco.com/t5/network-security/pix-and-openssh-security-buffer-adv-advisory/m-p/147720#M580328 <HTML><HEAD></HEAD><BODY><P>CatOS is susceptible, PIX is not.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/public/707/cisco-sa-20030917-openssh.shtml" target="_blank">http://www.cisco.com/warp/public/707/cisco-sa-20030917-openssh.shtml</A>.</P><P></P><P>The following products, have their SSH server implementation based on the OpenSSH code, and are affected by the OpenSSH vulnerabilities.</P><P></P><P> * Cisco Catalyst Switching Software (CatOS)</P><P> * CiscoWorks 1105 Hosting Solution Engine (HSE)</P><P> * CiscoWorks 1105 Wireless LAN Solution Engine (WLSE)</P><P> * Cisco SN 5428 Storage Router</P><P></P><P> Vulnerable versions are:</P><P> * SN5428-2.5.1-K9</P><P> * SN5428-3.2.1-K9</P><P> * SN5428-3.2.2-K9</P><P> * SN5428-3.3.1-K9</P><P> * SN5428-3.3.2-K9</P><P> * SN5428-2-3.3.1-K9</P><P> * SN5428-2-3.3.2-K9</P><P> This does not include release sr2122-3.1.1-K9, which only contains SSL and no SSH. Cisco has not released code with SSH for the SN5420 storage router.</P><P></P><P> The following products, which incorporate a SSH server, have been confirmed to be not vulnerable to the OpenSSH vulnerabilities.</P><P></P><P> * Cisco IOS, both SSH version 1.5 and SSH version 2.0</P><P> * Cisco PIX Firewall</P><P> * Cisco Catalyst 6000 FireWall Service Module (FWSM)</P><P> * Cisco VPN3000 and Cisco VPN5000</P><P></P><P> No other Cisco products are currently known to be affected by these vulnerabilities.</P><P></P></BODY></HTML> Thu, 18 Sep 2003 09:26:00 GMT https://community.cisco.com/t5/network-security/pix-and-openssh-security-buffer-adv-advisory/m-p/147720#M580328 Solace 2003-09-18T09:26:00Z https://community.cisco.com/t5/network-security/pix-and-openssh-security-buffer-adv-advisory/m-p/147721#M580332 <HTML><HEAD></HEAD><BODY><P>Just to clarify:</P><P>The CSIDS appliance is vulnerable (as per the updated advisory, and my own testing), but the IDSM is not.</P></BODY></HTML> Thu, 18 Sep 2003 16:52:21 GMT https://community.cisco.com/t5/network-security/pix-and-openssh-security-buffer-adv-advisory/m-p/147721#M580332 rcarskadden 2003-09-18T16:52:21Z