[j-nsp] SSH version 4 vulnerability on JUNOS
ML
ml at kenweb.org
Mon Sep 9 12:45:08 EDT 2013
On 9/9/2013 12:16 PM, Harri Makela wrote:
> Hi There
>
> I got following report from after the vulneraboility scanning. Now first we don`t use IPv6 and secondly how we can check on Juniper that versio is SSH 4?
>
>
> Synopsis: The remote SSH service is prone to an X11 session hijacking\nvulnerability.
>
> Description: According to its banner, the version of SSH installed on the remote host is older than 5.0. Such versions may allow a local user to hijack X11 sessions because it improperly binds TCP ports on the local IPv6 interface if the corresponding ports on the IPv4 interface are in use.
>
> Solution : Upgrade to OpenSSH version 5.0 or later.
>
> This is what I have searched on ex-8208 switch and came for SSH:-
>
>
> set system services ssh root-login deny
> set system services ssh protocol-version v2 -----> it says version 2
>
>
> Sorry if these are too basic questions as I am new to all this.
>
> Thanks
> HM
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
"set system services ssh protocol-version v2"
That sets the SHH *protocol* version. The most current version is 2.
JunOS uses OpenSSH code. As far as what version of OpenSSH is in your
version of JunOS: drop to a shell: "start shell" from the JunOS CLI.
% ssh -v
e.g. EX2200 with JUNOS 11.4R2.14
% ssh -v
OpenSSH_5.8, SSH protocols 1.5/2.0, OpenSSL 0.9.8r 8 Feb 2011
SSH release 11.4R2.14 built by builder on 2012-03-17 16:12:45 UTC
However I doubt you have anything to fear from an X11 vulnerability on
JunOS..
More information about the juniper-nsp
mailing list