[j-nsp] SSH version 4 vulnerability on JUNOS

Harri Makela harri_makela at yahoo.com
Mon Sep 9 12:16:45 EDT 2013


Hi There

I got following report from after the vulneraboility scanning. Now first we don`t use IPv6 and secondly how we can check on Juniper that versio is SSH 4?


Synopsis: The remote SSH service is prone to an X11 session hijacking\nvulnerability.

Description:  According to its banner, the version of SSH installed on the remote host is older than 5.0.  Such versions may allow a local user to hijack X11 sessions because it improperly binds TCP ports on the local IPv6 interface if the corresponding ports on the IPv4 interface are in use.

Solution : Upgrade to OpenSSH version 5.0 or later.

This is what I have searched on ex-8208 switch and came for SSH:-


set system services ssh root-login deny
set system services ssh protocol-version v2   -----> it says version 2


Sorry if these are too basic questions as I am new to all this.

Thanks
HM


More information about the juniper-nsp mailing list