Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Possible security vulnerability in OpenSSH (CERT CA-2003-24)

0

0

Article ID: JSA10299 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 8.0
Legacy Advisory Id:
PSN-2003-09-007
Product Affected:
All domestic versions of JUNOS Internet Software built prior to September 18, 2003.
Problem:
Several buffer management coding errors have been discovered in the OpenSSH code. These coding errors may introduce a security vulnerability, although no known exploit is currently available. Current assessment of the errors indicates that any vulnerability would most likely be limited to a denial-of-service (DoS) attack against a system running affected OpenSSH code. However, it is conceivable that this vulnerability could be used to execute arbitrary code with the privileges of the ssh or sshd program.

This vulnerability exists only in domestic versions of JUNOS software, used on Juniper Networks M-series and T-series routers; routers running worldwide versions of JUNOS software do not include SSH software and are not affected. The JUNOSe software, used on E-series routers, is not based on OpenSSH and has been confirmed to be unaffected. The JUNOSg software, used on G-series Cable Modem Termination Systems, does not include SSH software and is therefore not affected.

The CERT Coordination Center reference for this vulnerability is CA-2003-24.
Solution:
The buffer management coding errors have been corrected to avoid updating a buffer descriptor structure before the buffer is successfully allocated or resized. All patches to the OpenSSH code available as of September 18, 2003 at 0000 UTC have been incorporated into the JUNOS software.
Implementation:
The corrected code is included in all versions of JUNOS software built on or after September 18, 2003. Customers should contact the Juniper Networks Technical Assistance Center (JTAC) to obtain software that includes the correction.

Alternatively, customers can disable the ssh service.

Customers are encouraged to utilize the firewall filter capabilities of JUNOS software to restrict all access to the router and to permit connections only from authorized sources. Firewall filters alone are insufficient protection, because an attacker can use falsified (spoofed) source IP addresses.

Customers can contact JTAC for assistance in developing appropriate filters.
Severity Level:
Medium
Severity Assessment:
At this time, we believe that the vulnerability resulting from these coding errors is most likely limited to a potential Denial of Service vulnerability. However, it is possible that an attacker could use this vulnerability to execute arbitrary code with the privileges of the ssh or sshd program.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search