new openssh issue

Just in case no one has seen this:

Len Rose wrote:

Just in case no one has seen this:

New ssh Exploit in the Wild - Slashdot

I had not, and I thank you! My debian and NetBSD systems were quickly
patched, but does anybody know whether there's a problem with the
criscos? (as in "how do I configure my router for that?" :wink:

Or better yet, the OpenSSH running on Junipers? Nothing on Juniper's site
about a vulnerability so far.

A posting to full-disclosure quotes Theo as saying HP and Cisco are affected,
and I don’t see any reason that Juniper would NOT be, given the common code
base of the OpenSSH implementations. I’m not going to say the routers are
vulnerable, but I would say that ACLs blocking port 22 to the router might
be a good idea…

Isn't this a common practice anyway? Has been anywhere sensible I've
seen :slight_smile:

If remotely exploitable as the discoverer says, this could potentially have more operational impact :frowning:


I thought the whole purpose of running sshd on your router (or any box for
that matter) is to be able to access it securely from remote locations.
Of course, you could ssh to your patched unix box from outside (assuming
your internal network is ok), then ssh back to the router, but you might
as well just use telnet then (assuming a properly switched and vlan'd

James Smallacombe PlantageNet, Inc. CEO and Janitor