Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Ssh vulnerability (Pine Internet Security Advisory PINE-CERT-20020301)



Article ID: JSA10295 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 3.0
Legacy Advisory Id:
Product Affected:
All releases of JUNOS Internet Software Releases 5.0, 5.1, and 5.2 built before March 8, 2002
A recently discovered vulnerability in OpenSSH code might allow existing ssh users to gain root access. See the following URL for the complete advisory: This is documented in PR/22645.
Replace the ssh application files with the updated versions provided in a jcrypto package released after March 8, 2002, or upgrade to a full release of the JUNOS Internet software released after March 8, 2002. Please contact your Juniper Network Sales Engineer or Juniper Networks technical support to obtain a URL to download the appropriate version of software.
To replace only the ssh applications in releases of the JUNOS Internet Software released prior to March 8, 2002, install a jcrypto package released after March 8, 2002. Download the jcrypto package that corresponds to your routerĂ½s installed version of JUNOS software. To upgrade your router, follow these steps:

  1. Download the appropriate jcrypto package.
  2. Transfer the package to the /var/tmp directory on the router.
  3. Install the new software using the command request system software add /var/tmp/
  4. It is not necessary to reboot the router.
Alternatively, you can upgrade the router using a jbundle or jinstall released on or after March 8. Follow the normal JUNOS upgrade process to install the full release.
Severity Level:
Severity Assessment:
The likelihood of an attack using this vulnerability is low, because it requires a user with existing access to the router to launch it. However, Juniper Networks recommends upgrading to version of the software that contains the fix to eliminate an attack on the router exploiting this weakness.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search