Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Is JUNOS affected by CVE-2008-1483: OpenSSH vulnerable to hijacked X11 connections?



Article ID: KB16776 KB Last Updated: 02 Sep 2010Version: 3.0

CVE-2008-1483 states: "OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs."

A recent PCI compliance scan has identified JUNOS as being vulnerable to CVE-2008-1483. According to its banner:

"The version of SSH installed on the remote host is older than 5.0. Such versions may allow a local user to hijack X11 sessions because it improperly binds TCP ports on the local IPv6 interface if the corresponding ports on the IPv4 interface are in use."

Is JUNOS actually vulnerable to this issue?



This is a false positive.

This issue doesn't affect JUNOS, since arbitrary applications are not allowed to run on the router. veriexec prevents things without a correct signature from running on the router.

In addition, one would need to have something running on the router that would "use" port 6010 to listen on. JUNOS doesn't have any script interpreters -- like Perl, for instance -- that can do this on the box at all.

Plus, JUNOS doesn't enable X11 forwarding on the server side, by default. It would have to have been explicitly enabled in order for this to have an effect. And JUNOS does not expose any knob in the CLI to do so.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search