#201753: Security Vulnerabilities In OpenSSL Affect Sun Grid Engine 5.3 and N1 Grid Engine 6.0

Security Vulnerabilities In OpenSSL Affect Sun Grid Engine 5.3 and N1 Grid Engine 6.0

Category :	Security
Release Phase :	Resolved
Product :	Sun Grid Engine 6 Sun Grid Engine 5.3
Bug Id :	6480580
Date of Workaround Release :	13-OCT-2006
Date of Resolved Release :	31-JAN-2007

Impact

Security vulnerabilities in OpenSSL (openssl(5)) affect Sun Grid Engine (SGE) 5.3 and N1 Grid Engine 6.0, and may allow a local or remote unprivileged user to create a Denial of Service (DoS) condition if the installation is configured in CSP mode.

A detailed description of the OpenSSL security issues can be found at

http://www.openssl.org/news/secadv_20060928.txt

which corresponds to the following documents:

CVE-2006-2937 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937

CVE-2006-2940 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940

CVE-2006-3738 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738

CVE-2006-2937 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Contributing Factors

These issues can occur in the following releases:

SPARC Platform

Sun Grid Engine 5.3 (32-bit Solaris)
Sun Grid Engine 5.3 (64-bit Solaris)
Sun Grid Engine 5.3 (32-bit Solaris) NON-Solaris Package format
Sun Grid Engine 5.3 (64-bit Solaris) NON-Solaris Package format
Sun N1 Grid Engine 6.0 (32-bit Solaris) without patch 124519-01
Sun N1 Grid Engine 6.0 (64-bit Solaris) without patch 124520-01
Sun N1 Grid Engine 6.0 (32-bit Solaris) NON-Solaris Package format without patch 124523-01
Sun N1 Grid Engine 6.0 (64-bit Solaris) NON-Solaris Package format without patch without patch 124524-01

x86 Platform

Sun Grid Engine 5.3
Sun Grid Engine 5.3 NON-Solaris Package format
Sun N1 Grid Engine 6.0 without patch 124521-01
Sun N1 Grid Engine 6.0 NON-Solaris Package format without patch 124525-01
Sun N1 Grid Engine 6.0 (x64) without patch 124522-01
Sun N1 Grid Engine 6.0 (x64) NON-Solaris Package format without patch 124526-01

Linux Platform

Sun Grid Engine 5.3
Sun Grid Engine 5.3 (x64)
Sun N1 Grid Engine 6.0 without patch 124527-01
Sun N1 Grid Engine 6.0 (x64) without patch 124528-01

Windows

Sun N1 Grid Engine 6.0 without patch 124534-01

HP-UX

Sun N1 Grid Engine 6.0 without patch 124532-01

AIX

Sun N1 Grid Engine 6.0 (for AIX 4.3) without patch 124529-01
Sun N1 Grid Engine 6.0 (for AIX 5.1) without patch 124530-01

Mac OS

Sun N1 Grid Engine 6.0 without patch 124531-01

IRIX

Sun N1 Grid Engine 6.0 (for IRIX 6.5) without patch 124533-01

Note: The described issues can only occur on the Sun Grid systems listed above when configured in Certificate Security Protocol (CSP) mode.

To determine if a system is configured in CSP mode, the following command can be used:

    $ grep security_mode $SGE_ROOT/default/common/bootstrap

If a system is configured in CSP mode, the output of the above command will indicate "security_mode csp".

Symptoms

There are no predictable symptoms that would indicate the described issues have been exploited.

Workaround

There is no workaround for these issues. Please see the Resolution section below.

Resolution

These issues are addressed in the following releases:

SPARC Platform

Sun N1 Grid Engine 6.0 (32-bit Solaris) with patch 124519-01 or later
Sun N1 Grid Engine 6.0 (64-bit Solaris) with patch 124520-01 or later
Sun N1 Grid Engine 6.0 (32-bit Solaris) NON-Solaris Package format with patch 124523-01 or later
Sun N1 Grid Engine 6.0 (64-bit Solaris) NON-Solaris Package format with patch 124524-01 or later

x86 Platform

Sun N1 Grid Engine 6.0 with patch 124521-01 or later
Sun N1 Grid Engine 6.0 NON-Solaris Package format with patch 124525-01 or later
Sun N1 Grid Engine 6.0 (x64) with patch 124522-01 or later
Sun N1 Grid Engine 6.0 (x64) NON-Solaris Package format with patch or later 124526-01

Linux Platform

Sun N1 Grid Engine 6.0 with patch 124527-01 or later
Sun N1 Grid Engine 6.0 (x64) with patch 124528-01 or later

Windows

Sun N1 Grid Engine 6.0 with patch 124534-01 or later

HP-UX

Sun N1 Grid Engine 6.0 with patch 124532-01 or later

AIX

Sun N1 Grid Engine 6.0 (for AIX 4.3) with patch 124529-01 or later
Sun N1 Grid Engine 6.0 (for AIX 5.1) with patch 124530-01 or later

Mac OS

Sun N1 Grid Engine 6.0 with patch 124531-01 or later

IRIX

Sun N1 Grid Engine 6.0 (for IRIX 6.5) with patch 124533-01 or later

Note: Sun Grid Engine 5.3 for all platforms will require an upgrade to N1 Grid Engine 6.0 with the appropriate patches to resolve this issue.

Modification History

Date: 31-JAN-2007

31-Jan-2007:

Updated Contributing Factors and Resolution sections
State: Resolved

Attachments

This solution has no attachment

Login Required

Login Required