Highlighted
MarcSonn
1 Copper

Equallogic Series - OpenSSH vulnerabilities

Jump to solution

Anyone know of a good "central source" for Dell responses on all the SSH/SSL vulnerabilties floating around?  I've got a shelf out there running 7.0.7 that an auditor ran across and said it had an OpenSSH vulnerability.  No note of what vulnerability, etc., but it has the client curious.

Thank you!

0 Kudos
1 Solution

Accepted Solutions

RE: Equallogic Series - OpenSSH vulnerabilities

Jump to solution

Hello, 

There is no central single source with all affected versions.  The release notes for the latest version of 7.x will have a summary off all the fixes up until then.  Then again in the current 8.1.x stream.  

Many, in fact, near 100% of the scanners out there use the reported version in determining vulnerability.  They don't actually verify the vulnerability actually exists. 

This PDf has info on securing the EQL storage. But I would first upgrade to the latest firmware v8.1.3. 

http://en.community.dell.com/techcenter/extras/m/white_papers/20442230/download

If the array is still under contract, you can open a case, once you know what specific issue

These commands, especially once you upgrade to 8.x will disable older SSH ciphers

 

How to tighten SSH security on array

grpparams cliaccess-ssh v1-protocol enable|disable

grpparams crypto-legacy-protocols enable|disable

Regards, 

Don 

Social Media and Community Professional
#IWork4Dell
Get Support on Twitter - @dellcarespro

2 Replies

RE: Equallogic Series - OpenSSH vulnerabilities

Jump to solution

Hello, 

There is no central single source with all affected versions.  The release notes for the latest version of 7.x will have a summary off all the fixes up until then.  Then again in the current 8.1.x stream.  

Many, in fact, near 100% of the scanners out there use the reported version in determining vulnerability.  They don't actually verify the vulnerability actually exists. 

This PDf has info on securing the EQL storage. But I would first upgrade to the latest firmware v8.1.3. 

http://en.community.dell.com/techcenter/extras/m/white_papers/20442230/download

If the array is still under contract, you can open a case, once you know what specific issue

These commands, especially once you upgrade to 8.x will disable older SSH ciphers

 

How to tighten SSH security on array

grpparams cliaccess-ssh v1-protocol enable|disable

grpparams crypto-legacy-protocols enable|disable

Regards, 

Don 

Social Media and Community Professional
#IWork4Dell
Get Support on Twitter - @dellcarespro

MarcSonn
1 Copper

RE: Equallogic Series - OpenSSH vulnerabilities

Jump to solution

Awesome information; thank you!