« Sun Alert 237724 SUN... | Main | Sun Alert 238004 SUN... »
16 May 2008 Sun not impacted by OpenSSL random number generator weakness vulnerability (CVE-2008-0166)
posted by security in Alerts
Sun is not affected by the OpenSSL random number generator weakness vulnerability described in CVE-2008-0166 and CERT Vulnerability Note VU#925211. The versions of OpenSSL bundled with Solaris 10, Nevada, and OpenSolaris are not impacted by this issue. Permalink | Comments [2]
Trackback URL: http://blogs.sun.com/security/entry/sun_not_impacted_by_openssl
Comments:

How comes that SSH Servers on Solaris are not affected by compromised keys in /root/.ssh/authorized_keys which allow remote-code-execution against Solaris servers?

Posted by Philipp Gühring on May 25, 2008 at 07:06 AM PDT #

The vulnerability was never introduced in the OpenSSL packages bundled with any of the mentioned
Solaris releases. Sun Solaris therefore is not impacted by this vulnerability.

Note however that (quoting CERT VU#925211) 'other systems can be indirectly affected if weak keys
generated by the vulnerable systems are imported into them.'

Posted by Sumanth Naropanth on May 25, 2008 at 02:54 PM PDT #

Post a Comment:

Name:
E-Mail:
URL:

Your Comment:

HTML Syntax: NOT allowed

« Sun Alert 237724 SUN... | Main | Sun Alert 238004 SUN... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.