Knowledge Search


Vulnerability in sshd

  [JSA10302] Show Article Properties

Legacy Advisory Id:
Product Affected:
All domestic(U.S. and Canada) versions of JUNOS software released prior to February 9, 2001, are affected. Worldwide versions of JUNOS are not affected.
A remote vulnerability exists in the ssh daemon crc32 compensation attack detector. This vulnerability allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with user ID 0 and can be leveraged to obtain general root access to the system.
Replace the ssh daemon with a corrected version of the daemon. Use the procedure below to implement the patch for currently shipping versions of the JUNOS software. The fixed code will be included in all future versions of the JUNOS software.
Corrected versions of the ssh daemon are available on the Juniper Networks ftp site, To download the corrected software, follow these steps:
  1. Log in to the Juniper Networks router.
  2. From the CLI, exit to the shell:
    user@lab> start shell
  3. Gain root privileges:
    % su
  4. Restart the JUNOS CLI.
    root@lab% cli
  5. Copy the corrected code from the Juniper Networks ftp site:
    user@lab> file copy sshd
    This command places the corrected code in the root user’s login directory.
  6. Exit the CLI:
    user@lab> quit
    This returns you to the shell prompt.
  7. Verify that your new code is correct:
    root@lab% md5 ./sshd
    The output from md5 should look like this:
  8. Rename the existing ssh daemon:
    root@lab% mv /usr/sbin/sshd /usr/sbin/sshd.old
  9. Copy the new ssh daemon into the system directory:
    root@lab% cp ./sshd /usr/sbin/sshd
  10. Set the correct ownership on the new file:
    root@lab% chown bin.bin /usr/sbin/sshd
  11. Set the correct file permissions on the new file:
    root@lab% chmod 555 /usr/sbin/sshd command
  12. Exit out of the shell:
    root@lab% exit
    % exit
Related Links:
Risk Level: