This post is more than 5 years old
2 Posts
0
6362
Equallogic Series - OpenSSH vulnerabilities
Anyone know of a good "central source" for Dell responses on all the SSH/SSL vulnerabilties floating around? I've got a shelf out there running 7.0.7 that an auditor ran across and said it had an OpenSSH vulnerability. No note of what vulnerability, etc., but it has the client curious.
Thank you!
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
1
May 11th, 2016 11:00
Hello,
There is no central single source with all affected versions. The release notes for the latest version of 7.x will have a summary off all the fixes up until then. Then again in the current 8.1.x stream.
Many, in fact, near 100% of the scanners out there use the reported version in determining vulnerability. They don't actually verify the vulnerability actually exists.
This PDf has info on securing the EQL storage. But I would first upgrade to the latest firmware v8.1.3.
http://en.community.dell.com/techcenter/extras/m/white_papers/20442230/download
If the array is still under contract, you can open a case, once you know what specific issue
These commands, especially once you upgrade to 8.x will disable older SSH ciphers
How to tighten SSH security on array
grpparams cliaccess-ssh v1-protocol enable|disable
grpparams crypto-legacy-protocols enable|disable
Regards,
Don
MarcSonn
2 Posts
1
May 11th, 2016 14:00
Awesome information; thank you!