Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
6646
Views
0
Helpful
7
Replies

Need to upgrade dropbear to 2012.55

Go to solution
Michael Ricci
Level 1
Level 1

‎10-18-2012 03:22 PM

I have a C210 M2 that has a security vulnerabily with dropbear, so I have to upgrade to version 2012.55. I've never upgraded this, nor even HEARD of this before, and I can't find any well written documentation either.

Can anyone provide step-by-step instuctions on how to upgrade? I think I downloaded the correct file, it is called dropbear_2012.55.orig.tar.gz

3 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Daniel Laden
Level 4
Level 4
In response to Michael Ricci

‎10-18-2012 04:10 PM

I am getting clarity on this.  Initial feedback is that CIMC was reviewed for this exploit and deemed not vulnerable as we do not have public key authentication enabled.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0920

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency.

CSCtz41855    CVE-2012-0920 Dropbear Vulnerability CIMC

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtz41855

Unfortunately, the bug details have not been make public.

Thank You,

Dan Laden

Need assistance with an implementation?

http://www.cisco.com/go/pdihelpdesk

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Daniel Laden
Level 4
Level 4

‎10-18-2012 03:44 PM

One is not able to update subelements of the CIMC.  I would need to upgrade the entire CIMC.  If upgrading, it is recommended to use the Host Upgrade Utility to upgrade all elements to the same release familiy associated to the CIMC version (on same HUU utility).

Release Notes for Cisco UCS C-Series Software, Release 1.4(6)

http://www.cisco.com/en/US/docs/unified_computing/ucs/release/notes/OL-27678-01.html

Cisco Host Upgrade Utility Release 1.4(6) Quick Start Guide

http://www.cisco.com/en/US/docs/unified_computing/ucs/c/sw/lomug/1.4.x/install/b_huu_1_4_6x.html

What pointed you to want to upgrade the dropbear version?  Was it  CVE-2012-0920? 

Thank You,

Dan Laden

Need assistance with an implementation?

http://www.cisco.com/go/pdihelpdesk

0 Helpful

Go to solution
Michael Ricci
Level 1
Level 1
In response to Daniel Laden

‎10-18-2012 04:03 PM

Thanks for your response Dan.

Yes, I am upgrading in response to CVE-2012-0920. I upgraded to firmware version 1.4(3p) on the CIMC last week. This was the latest firmware I was authorized to upgrade up to, but I was still hit on an IA scan yesterday as having an older version of dropbear.

What other steps do I need to take?

Thanks

0 Helpful

Go to solution
Daniel Laden
Level 4
Level 4
In response to Michael Ricci

‎10-18-2012 04:10 PM

I am getting clarity on this.  Initial feedback is that CIMC was reviewed for this exploit and deemed not vulnerable as we do not have public key authentication enabled.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0920

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency.

CSCtz41855    CVE-2012-0920 Dropbear Vulnerability CIMC

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtz41855

Unfortunately, the bug details have not been make public.

Thank You,

Dan Laden

Need assistance with an implementation?

http://www.cisco.com/go/pdihelpdesk

0 Helpful

Go to solution
Michael Ricci
Level 1
Level 1
In response to Daniel Laden

‎10-18-2012 04:24 PM

How do we verify that public key authentication is enabled or disabled?

0 Helpful

Go to solution
Daniel Laden
Level 4
Level 4
In response to Michael Ricci

‎10-18-2012 04:42 PM

Another bug on the topic.  This bug explicitly states C-Series, CVE-2012-0920, and that its not impacting.

CVE-2012-0920 Dropbear Vulnerability - CIMC - C-Series

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtz41952

I dont know as an end user, one can confirm public key authentication is enabled or disabled.

Thank You,

Dan Laden

Need assistance with an implementation?

http://www.cisco.com/go/pdihelpdesk

0 Helpful

Go to solution
Daniel Laden
Level 4
Level 4
In response to Daniel Laden

‎10-18-2012 11:29 PM

I was also advised the CIMC version 1.5x will have the updated beardrop as well.  Timeline unknown, you should be able to get that from your Channel SE.

Thank You,

Dan Laden

Need assistance with an implementation?

http://www.cisco.com/go/pdihelpdesk

0 Helpful

Go to solution
ppierre3
Level 1
Level 1
In response to Daniel Laden

‎11-10-2017 12:28 PM

I have the CISCO WIRELESS-AC VPN ROUTER-RV134W on a a PCI ASV scan informed to upgrade to Dropbear SSH 2016.74 or later. I am unable to find the steps of how to upgrade the Dropbear after locating the latest version.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Top