OBSOLETE Patch-ID# 140774-03


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security sshd audit log ssh-keygen
Synopsis: Obsoleted by: 139555-08 SunOS 5.10: sshd patch
Date: Mar/19/2009


Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.

Solaris Release: 10

SunOS Release: 5.10

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 140775

Topic: SunOS 5.10: sshd patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
644803115339725
673066115497542
673462015499848
675018915509452
676189015516810
677239215523256


Changes incorporated in this version: 6730661

Patches accumulated and obsoleted by this patch: 128253-01 128318-01

Patches which conflict with this patch:

Patches required with this patch: 120011-14 137137-09 (or greater)

Obsoleted by: 139555-08

Files included with this patch:

/usr/bin/ssh
/usr/bin/ssh-add
/usr/bin/ssh-agent
/usr/bin/ssh-keygen
/usr/bin/ssh-keyscan
/usr/lib/ssh/ssh-keysign
/usr/lib/ssh/sshd

Problem Description:

6730661 sshd should re-try pam_chauthtok() when it returns PAM_AUTHTOK_ERR
 
(from 140774-02)
 
6761890 ssh protocol security vulnerability may be used to reveal some plaintext
 
(from 140774-01)
 
6734620 sshd doesn't audit failed logins correctly.
6750189 sshd doesn't set pam_retval correctly for password-based authentication failures
6772392 sshd auditing could be more accurate for failed logins to invalid accounts
 
(from 128318-01)
 
        This revision accumulates generic Sustaining patch 128253-01
        into Solaris S10U5 update.
 
(from 128253-01)
 
6448031 ssh-keygen does not overwrite old key information when told yes


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' scripts provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
NOTE 1:  Before installing this patch, please be sure to install the latest
         patch utilities patches for your OS. This list of patches is defined
         at http://sunsolve.sun.com
 
         Please use the pull down list which appears after the text:
         "Latest Patch Update: To ensure the correct functioning of the
         patching utilities on your system, stay up to date on the
         following patches"


README -- Last modified date: Saturday, November 10, 2012