This article lists known CVEs for OpenSSH and their status for the OpenSSH packages used in SecurePlatform R70 and above and in Gaia OS. This article does not list all the known CVEs for OpenSSH - only those that were explicitly checked by Check Point.
- To check if the installed OpenSSH package is patched against a CVE (e.g., for CVE-2006-4924), run:
[Expert@Hostname]# rpm -q --changelog $(rpm -qa | grep openssh) | grep CVE-2006-4924
Output should look like:
- CVE-2006-4924 - prevent DoS on deattack detector (#207957)
- The rpm -qa | grep ssh command can be used to verify the OpenSSH package version installed on a given machine. This version can be correlated with CVE fixes integrated.
Example:
[Expert@Hostname]# rpm -qa | grep ssh
openssh-4.3p2-26.1.cp990150005
openssh-server-4.3p2-26.1.cp990150005
openssh-clients-4.3p2-26.1.cp990150005
Not relevant:
- Either Check Point does not use the vulnerable code.
- Or Check Point does not have this code in released versions.
- Or Check Point changed the code in such a way that this vulnerability does not apply anymore.
Not vulnerable: The issue was relevant to Check Point code and Check Point has already fixed it.
Relevant: The issue exists in Check Point code.
Applies To:
- This sk is merged with sk103087