Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Vulnerability in sshd



Article ID: JSA10302 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 2.0
Legacy Advisory Id:
Product Affected:
All domestic(U.S. and Canada) versions of JUNOS software released prior to February 9, 2001, are affected. Worldwide versions of JUNOS are not affected.
A remote vulnerability exists in the ssh daemon crc32 compensation attack detector. This vulnerability allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with user ID 0 and can be leveraged to obtain general root access to the system.
Replace the ssh daemon with a corrected version of the daemon. Use the procedure below to implement the patch for currently shipping versions of the JUNOS software. The fixed code will be included in all future versions of the JUNOS software.
Corrected versions of the ssh daemon are available on the Juniper Networks ftp site, To download the corrected software, follow these steps:
  1. Log in to the Juniper Networks router.
  2. From the CLI, exit to the shell:
    user@lab> start shell
  3. Gain root privileges:
    % su
  4. Restart the JUNOS CLI.
    root@lab% cli
  5. Copy the corrected code from the Juniper Networks ftp site:
    user@lab> file copy sshd
    This command places the corrected code in the root user’s login directory.
  6. Exit the CLI:
    user@lab> quit
    This returns you to the shell prompt.
  7. Verify that your new code is correct:
    root@lab% md5 ./sshd
    The output from md5 should look like this:
  8. Rename the existing ssh daemon:
    root@lab% mv /usr/sbin/sshd /usr/sbin/sshd.old
  9. Copy the new ssh daemon into the system directory:
    root@lab% cp ./sshd /usr/sbin/sshd
  10. Set the correct ownership on the new file:
    root@lab% chown bin.bin /usr/sbin/sshd
  11. Set the correct file permissions on the new file:
    root@lab% chmod 555 /usr/sbin/sshd command
  12. Exit out of the shell:
    root@lab% exit
    % exit
Severity Level:
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search