Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Vulnerability in sshd

0

0

Article ID: JSA10302 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 2.0
Legacy Advisory Id:
FA-SW-0102-001
Product Affected:
All domestic(U.S. and Canada) versions of JUNOS software released prior to February 9, 2001, are affected. Worldwide versions of JUNOS are not affected.
Problem:
A remote vulnerability exists in the ssh daemon crc32 compensation attack detector. This vulnerability allows an attacker to overwrite arbitrary portions of memory. The altered memory locations affect code that is executed by the daemon with user ID 0 and can be leveraged to obtain general root access to the system.
Solution:
Replace the ssh daemon with a corrected version of the daemon. Use the procedure below to implement the patch for currently shipping versions of the JUNOS software. The fixed code will be included in all future versions of the JUNOS software.
Implementation:
Corrected versions of the ssh daemon are available on the Juniper Networks ftp site, https://www.juniper.net/support/csc/swdist-domestic/updates/sshd.20010209. To download the corrected software, follow these steps:
  1. Log in to the Juniper Networks router.
  2. From the CLI, exit to the shell:
     
    user@lab> start shell
    
  3. Gain root privileges:
    % su
    root@lab%
    
  4. Restart the JUNOS CLI.
    root@lab% cli
    
    user@lab>
    
  5. Copy the corrected code from the Juniper Networks ftp site:
    user@lab> file copy ftp://ftp.juniper.net/private/junos/updates/sshd.20010209 sshd
    
    This command places the corrected code in the root user’s login directory.
  6. Exit the CLI:
    user@lab> quit
    
    This returns you to the shell prompt.
  7. Verify that your new code is correct:
    root@lab% md5 ./sshd
    
    The output from md5 should look like this:
  8. Rename the existing ssh daemon:
    root@lab% mv /usr/sbin/sshd /usr/sbin/sshd.old
    
  9. Copy the new ssh daemon into the system directory:
    root@lab% cp ./sshd /usr/sbin/sshd
    
  10. Set the correct ownership on the new file:
    root@lab% chown bin.bin /usr/sbin/sshd
    
  11. Set the correct file permissions on the new file:
    root@lab% chmod 555 /usr/sbin/sshd command
    
  12. Exit out of the shell:
    root@lab% exit
    % exit
    user@lab>
    
Severity Level:
Medium
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search