All domestic(U.S. and Canada) versions of JUNOS software released prior to February 9, 2001, are affected. Worldwide versions of JUNOS are not affected.
A remote vulnerability exists in the ssh daemon crc32 compensation attack detector. This vulnerability allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with user ID 0 and can be leveraged to obtain general root access to the system.
Replace the ssh daemon with a corrected version of the daemon. Use the procedure below to implement the patch for currently shipping versions of the JUNOS software. The fixed code will be included in all future versions of the JUNOS software.
Corrected versions of the ssh daemon are available on the Juniper Networks ftp site,
https://www.juniper.net/support/csc/swdist-domestic/updates/sshd.20010209. To download the
corrected software, follow these steps:
- Log in to the Juniper Networks router.
- From the CLI, exit to the shell:
user@lab> start shell
- Gain root privileges:
% su
root@lab%
- Restart the JUNOS CLI.
root@lab% cli
user@lab>
- Copy the corrected code from the Juniper Networks ftp site:
user@lab> file copy ftp://ftp.juniper.net/private/junos/updates/sshd.20010209 sshd
This command places the corrected code in the root users login directory.
- Exit the CLI:
user@lab> quit
This returns you to the shell prompt.
- Verify that your new code is correct:
root@lab% md5 ./sshd
The output from md5 should look like this:
- Rename the existing ssh daemon:
root@lab% mv /usr/sbin/sshd /usr/sbin/sshd.old
- Copy the new ssh daemon into the system directory:
root@lab% cp ./sshd /usr/sbin/sshd
- Set the correct ownership on the new file:
root@lab% chown bin.bin /usr/sbin/sshd
- Set the correct file permissions on the new file:
root@lab% chmod 555 /usr/sbin/sshd command
- Exit out of the shell:
root@lab% exit
% exit
user@lab>