Knowledge Search


×
 

Vulnerability in sshd

  [JSA10302] Show Article Properties


Legacy Advisory Id:
FA-SW-0102-001
Product Affected:
All domestic(U.S. and Canada) versions of JUNOS software released prior to February 9, 2001, are affected. Worldwide versions of JUNOS are not affected.
Problem:
A remote vulnerability exists in the ssh daemon crc32 compensation attack detector. This vulnerability allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with user ID 0 and can be leveraged to obtain general root access to the system.
Solution:
Replace the ssh daemon with a corrected version of the daemon. Use the procedure below to implement the patch for currently shipping versions of the JUNOS software. The fixed code will be included in all future versions of the JUNOS software.
Implementation:
Corrected versions of the ssh daemon are available on the Juniper Networks ftp site, https://www.juniper.net/support/csc/swdist-domestic/updates/sshd.20010209. To download the corrected software, follow these steps:
  1. Log in to the Juniper Networks router.
  2. From the CLI, exit to the shell:
     
    user@lab> start shell
    
  3. Gain root privileges:
    % su
    root@lab%
    
  4. Restart the JUNOS CLI.
    root@lab% cli
    
    user@lab>
    
  5. Copy the corrected code from the Juniper Networks ftp site:
    user@lab> file copy ftp://ftp.juniper.net/private/junos/updates/sshd.20010209 sshd
    
    This command places the corrected code in the root user’s login directory.
  6. Exit the CLI:
    user@lab> quit
    
    This returns you to the shell prompt.
  7. Verify that your new code is correct:
    root@lab% md5 ./sshd
    
    The output from md5 should look like this:
  8. Rename the existing ssh daemon:
    root@lab% mv /usr/sbin/sshd /usr/sbin/sshd.old
    
  9. Copy the new ssh daemon into the system directory:
    root@lab% cp ./sshd /usr/sbin/sshd
    
  10. Set the correct ownership on the new file:
    root@lab% chown bin.bin /usr/sbin/sshd
    
  11. Set the correct file permissions on the new file:
    root@lab% chmod 555 /usr/sbin/sshd command
    
  12. Exit out of the shell:
    root@lab% exit
    % exit
    user@lab>
    
Related Links:
Risk Level:
Medium