Hello All
I have Solaris 10 updated to the latest patch, but when I am running vulnerability Scan it shows the below vulnerabilities:
1- rpc.cmsd Service Detected:
RPC services should not be accessible from the internet. Use a firewall to prevent access to the service.
2- Weak SSH Key Exchange Algorithms Supported
Configure the SSH service to no longer support weak key exchange algorithms (aka: KexAlgorithms).
3- Weak SSH Hashing Algorithms Supported
Configure the SSH service to no longer support weak hashing algorithms (aka: MACs).
4- Weak SSH Server Host Key Supported
According to FIPS 186-2, Digital Signature Standard used for SSH host key (ssh-dss) requires the key to be exactly 1024 bits long, which is considered too small and should be disabled. Also, starting from OpenSSH version 7.0, support for ssh-dss host and user keys has been disabled by default at runtime.
do you have any hint to remediate these vulnerabilities
thank you