Status of OpenSSH CVEs

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk65269
Technical Level
Product	All
Version	All
OS	SecurePlatform 2.6, Gaia
Platform / Model	All
Date Created	01-Sep-2011
Last Modified	07-May-2020

Solution

This article lists known CVEs for OpenSSH and their status for the OpenSSH packages used in SecurePlatform R70 and above and in Gaia OS. This article does not list all the known CVEs for OpenSSH - only those that were explicitly checked by Check Point.

To check if the installed OpenSSH package is patched against a CVE (e.g., for CVE-2006-4924), run:

[Expert@Hostname]# rpm -q --changelog $(rpm -qa | grep openssh) | grep CVE-2006-4924

Output should loook like:
- CVE-2006-4924 - prevent DoS on deattack detector (#207957)
The rpm -qa | grep ssh command can be used to verify the OpenSSH package version installed on a given machine. This version can be correlated with CVE fixes integrated.

Example:

[Expert@Hostname]# rpm -qa | grep ssh
openssh-4.3p2-26.1.cp990150005
openssh-server-4.3p2-26.1.cp990150005
openssh-clients-4.3p2-26.1.cp990150005

CVE	Comment
2019
CVE-2019-16905	Not vulnerable
2018
CVE-2018-15919	Not relevant - GSS API Authentication is not enabled on Gaia OS
CVE-2018-15473	Refer to Jumbo Hotfix Accumulator for R80.20 from Take 43 Jumbo Hotfix Accumulator for R80.10 from Take 185 Jumbo Hotfix Accumulator for R77.30 from Take 348
2017
CVE-2017-15906	Not vulnerable
2016
CVE-2016-8858	OpenSSH upstream does not consider this as a security issue.
CVE-2016-3115	Not relevant. Default setting in Check Point 'sshd_config' file is 'X11Forwarding=no'.
CVE-2016-0778	Not vulnerable. Refer to sk109636.
CVE-2016-0777	Not vulnerable. Refer to sk109636.
CVE-2016-6515	Not vulnerable
CVE-2015-6565	Not vulnerable
CVE-2016-6210	Low exploitability, contact Check Point Support
CVE-2016-1907	Not vulnerable
CVE-2016-1908	Not relevant
CVE-2016-10009	Not relevant
CVE-2016-10011	Not relevant
CVE-2016-10012	Not relevant
CVE-2016-10010	Not relevant
CVE-2016-10708	Not vulnerable
2015
CVE-2015-6565	Not vulnerable
CVE-2015-6564	Not vulnerable
CVE-2015-5600	Not vulnerable
CVE-2015-5352	Not vulnerable
CVE-2015-6563	Requires Expert access to the system. Refer to sk133652.
CVE-2015-8325	Not vulnerable
2014
CVE-2014-2653	Not relevant
CVE-2014-2532	Not relevant. Check Point does not use wildcards in 'sshd_config' file.
CVE-2014-1692	Not vulnerable
2013
CVE-2013-2566	False positive. Refer to sk93395.
2012
CVE-2012-0814	Not relevant. This is a Debian OpenSSH vulnerability, and it does not affect Red Hat OpenSSH
2011
CVE-2011-5000	Not vulnerable
CVE-2011-4327	Not vulnerable
2010
CVE-2010-4755	Not vulnerable
CVE-2010-4478	Not vulnerable
CVE-2010-5107	Low impact. Fixed in R77.10.
2009
CVE-2009-2904	Not vulnerable
2008
CVE-2008-5161	Not vulnerable. Very low impact. Refer to sk36343.
CVE-2008-3259	Not vulnerable
CVE-2008-1657	Not vulnerable
CVE-2008-1483	Not vulnerable since R70 GA
CVE-2008-3234	Not relevant
CVE-2008-4109	Not relevant
CVE-2008-2359	Not relevant
2007
CVE-2007-2768	Not vulnerable
CVE-2007-4752	Not vulnerable
CVE-2007-3102	Not vulnerable
CVE-2007-2243	Not vulnerable
CVE-2007-0726	Not relevant (bug in OpenSSH on Mac OS X)
2006
CVE-2006-5794	Not vulnerable since R65 GA
CVE-2006-5052	Not vulnerable
CVE-2006-5051	Not vulnerable. Refer to sk61744.
CVE-2006-4924	Not vulnerable. Refer to sk61744.
CVE-2006-0225	Not vulnerable
CVE-2006-5229	Issue is not reproducible
CVE-2006-4925	Not relevant (this is a client-side crash, not DoS)
2005
CVE-2005-2798	Not vulnerable
CVE-2005-2797	Not vulnerable
CVE-2005-2666	Vulnerability is not severe. The fix is too risky.
2004
CVE-2004-2069	Not vulnerable
CVE-2004-1653	Configuration issue. Can be disabled if desired (by changing the 'AllowTcpForwarding' option in the /etc/ssh/sshd_config configuration file) However, it does not look relevant for SecurePlatform users.
2003
CVE-2003-1562	Not vulnerable since R70 GA
CVE-2003-0787	Not vulnerable
CVE-2003-0695	Not vulnerable since R70 GA
CVE-2003-0693	Not vulnerable since R70 GA
CVE-2003-0682	Not vulnerable since R70 GA
CVE-2003-0386	Not vulnerable

Not relevant:

Either Check Point does not use the vulnerable code.
Or Check Point does not have this code in released versions.
Or Check Point changed the code in such a way that this vulnerability does not apply anymore.

Not vulnerable: The issue was relevant to Check Point code and Check Point has already fixed it.

Relevant: The issue exists in Check Point code.

Applies To:

This sk is merged with sk103087

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating