I've checked in with Juniper CERT a couple of times after SSH vulnerabilities get made public and given the fact they run such older ssh binaries.
The answer i've received every time is they run a modified version of OpenSSH 4.4, and disallow unsigned, third party or modified binaries to run under Junos by default. With that said, I wouldn't really worry about an X11 session hijacking vulnerability.. given you don't have X11 installed on your device. This seems like a generic scan report that looks for anything under OpenSSH 5.0 and just tells you to upgrade. I think you're safe to ignore here Harri. Hope this helps, -Tim Eberhard On Mon, Sep 9, 2013 at 9:16 AM, Harri Makela <harri_mak...@yahoo.com> wrote: > Hi There > > I got following report from after the vulneraboility scanning. Now first > we don`t use IPv6 and secondly how we can check on Juniper that versio is > SSH 4? > > > Synopsis: The remote SSH service is prone to an X11 session > hijacking\nvulnerability. > > Description: According to its banner, the version of SSH installed on the > remote host is older than 5.0. Such versions may allow a local user to > hijack X11 sessions because it improperly binds TCP ports on the local IPv6 > interface if the corresponding ports on the IPv4 interface are in use. > > Solution : Upgrade to OpenSSH version 5.0 or later. > > This is what I have searched on ex-8208 switch and came for SSH:- > > > set system services ssh root-login deny > set system services ssh protocol-version v2 -----> it says version 2 > > > Sorry if these are too basic questions as I am new to all this. > > Thanks > HM > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp