Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dnpl
Explorer

OpenSSH vulnerable in Check Point R80.20

Jump to solution

Recently we had a pentration test on our Azure data centre. And they hignlighted an issue with OpenSSH within Check Point R80.20. Is it possible to upgrade OpenSSH within Check Point R80.20 or do we need to upgrade Check point to R80.40 to get around this issue?

I found the following post regarding relevant fixes made to Check Point OpenSSH package. Is this still relevant now Check Point R80.20?

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

I’m guessing most of these CVEs are listed here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

For any that aren’t, I recommend a TAC case to get a formal answer.

View solution in original post

5 Replies
PhoneBoy
Admin
Admin

What was the precise issue found?
If it is the one in that SK, yes, we patched that issue in our version of OpenSSH.
Some issues do require a newer version of OpenSSH which requires upgrading.

0 Kudos
dnpl
Explorer

So this is the message we recieved :-

We have observed that the SSH service (port TCP/22), exposed in the environment was identified as the outdated OpenSSH version 4.3 released in 2006, and that is found to be affected by at least 17 security issues2.

Although we found that the vendor, Check Point, has backported patches for OpenSSH 4.3 that mitigates CVE-2006-5051 and CVE-2006-49243 in Check Point R80.20, we were not able to identify that issues discovered in later versions of said software4, has also been backported for the version in question.

0 Kudos
PhoneBoy
Admin
Admin

Most likely, we've patched them or determined they are not relevant because of how we've compiled or deployed OpenSSH.
If you can get a precise list of CVEs, this can probably be confirmed by searching SecureKnowledge.

0 Kudos
dnpl
Explorer

Here is a list of CVE's identified as security issues :--

CVE-2017-15906
CVE-2016-10708
CVE-2014-1692
CVE-2012-0814
CVE-2011-5000
CVE-2011-4327
CVE-2010-5107
CVE-2010-4755
CVE-2010-4478
CVE-2009-2904
CVE-2008-4109
CVE-2008-3259
CVE-2007-4752
CVE-2007-2243
CVE-2006-5052
CVE-2006-5051
CVE-2006-4924

The following link contains more information on each security https://www.cvedetails.com/vulnerability-list/vendor_id-97/product_id-585/version_id-37157/Openbsd-O... 

0 Kudos
PhoneBoy
Admin
Admin

I’m guessing most of these CVEs are listed here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

For any that aren’t, I recommend a TAC case to get a formal answer.

View solution in original post