Thank you very much for an update Tim. Much appreciated.
________________________________ From: Tim Eberhard <xmi...@gmail.com> To: Harri Makela <harri_mak...@yahoo.com> Cc: "juniper-nsp@puck.nether.net" <juniper-nsp@puck.nether.net> Sent: Monday, 9 September 2013, 17:45 Subject: Re: [j-nsp] SSH version 4 vulnerability on JUNOS I've checked in with Juniper CERT a couple of times after SSH vulnerabilities get made public and given the fact they run such older ssh binaries. The answer i've received every time is they run a modified version of OpenSSH 4.4, and disallow unsigned, third party or modified binaries to run under Junos by default. With that said, I wouldn't really worry about an X11 session hijacking vulnerability.. given you don't have X11 installed on your device. This seems like a generic scan report that looks for anything under OpenSSH 5.0 and just tells you to upgrade. I think you're safe to ignore here Harri. Hope this helps, -Tim Eberhard On Mon, Sep 9, 2013 at 9:16 AM, Harri Makela <harri_mak...@yahoo.com> wrote: Hi There > >I got following report from after the vulneraboility scanning. Now first we >don`t use IPv6 and secondly how we can check on Juniper that versio is SSH 4? > > >Synopsis: The remote SSH service is prone to an X11 session >hijacking\nvulnerability. > >Description: According to its banner, the version of SSH installed on the >remote host is older than 5.0. Such versions may allow a local user to hijack >X11 sessions because it improperly binds TCP ports on the local IPv6 interface >if the corresponding ports on the IPv4 interface are in use. > >Solution : Upgrade to OpenSSH version 5.0 or later. > >This is what I have searched on ex-8208 switch and came for SSH:- > > >set system services ssh root-login deny >set system services ssh protocol-version v2 -----> it says version 2 > > >Sorry if these are too basic questions as I am new to all this. > >Thanks >HM >_______________________________________________ >juniper-nsp mailing list juniper-nsp@puck.nether.net >https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp