[j-nsp] SSH version 4 vulnerability on JUNOS
Harri Makela
harri_makela at yahoo.com
Mon Sep 9 12:16:45 EDT 2013
Hi There
I got following report from after the vulneraboility scanning. Now first we don`t use IPv6 and secondly how we can check on Juniper that versio is SSH 4?
Synopsis: The remote SSH service is prone to an X11 session hijacking\nvulnerability.
Description: According to its banner, the version of SSH installed on the remote host is older than 5.0. Such versions may allow a local user to hijack X11 sessions because it improperly binds TCP ports on the local IPv6 interface if the corresponding ports on the IPv4 interface are in use.
Solution : Upgrade to OpenSSH version 5.0 or later.
This is what I have searched on ex-8208 switch and came for SSH:-
set system services ssh root-login deny
set system services ssh protocol-version v2 -----> it says version 2
Sorry if these are too basic questions as I am new to all this.
Thanks
HM
More information about the juniper-nsp
mailing list