Article ID: 6570, created on Aug 4, 2009, last review on May 11, 2014

  • Applies to:
  • H-Sphere

Symptoms

Parallels H-Sphere Control Panel can not pass PCI (payment card industry) scan because off the following security hole found on
port/service "ssh (22/tcp)" : "OpenSSH < 4.4 Multiple GSSAPI Vulnerabilities"

Resolution


The following Common Vulnerabilities and Exposures are reported:
CVE-2006-5051 -
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5051
CVE-2006-5052 -
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5052


It seams the PCI compliance test was not smartly enough while doing the job.

The reason is that Red Hat (and CentOS as well) included corresponded patches to solve the vulnerabilities long time ago (in openssh packages version 3.6.1p2-33.30.12 and up):

http://rhn.redhat.com/errata/RHSA-2006-0697.html
http://rhn.redhat.com/errata/RHSA-2006-0698.html
http://rhn.redhat.com/errata/RHSA-2006-0697.html

To update the OpenSSH for on FreeBSD boxes, please use the latest port:
http://www.freebsd.org/cgi/ports.cgi?query=openssh&stype=name

f213b9fa8759d57bee5d547445806fe7 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF