[j-nsp] Juniper and OpenSSH exploits

Pekka Savola pekkas at netcore.fi
Tue Sep 23 11:58:40 EDT 2003


On Tue, 23 Sep 2003, Richard A Steenbergen wrote:
> Ok I picked the short straw so I'll ask the question... I've seen the
> advisory for the OpenSSH exploits affecting JunOS, but I haven't seen any
> new builds since the exploit info was publicly released. Anyone know whats
> up with this?

Are you really running your junipers without a filter running on lo0.0, 
protecting TCP/22, etc?  If such are implemented properly, this issue is 
not all that intresting..

However, of course Juniper should issue bugfix images..

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings



More information about the juniper-nsp mailing list