M and MSM Series

MSM460 - Security Vulnerability

Occasional Visitor

MSM460 - Security Vulnerability

Our Company has reciently installed E-MSM460 Accesspoints.

The Devices does have the latest version of Firmware installed.



On a Security Vulnerability Scan the following  issue where picked up :



The remote SSH service is prone to an X11 session hijacking vulnerability.



According to its banner, the version of SSH installed on the remote host is older than 5.0.  Such versions may allow a local user to hijack X11 sessions because it improperly binds TCP ports on the local IPv6 interface if the corresponding ports on the IPv4 interface are in use.



Upgrade to OpenSSH version 5.0 or later.



Accourding the the Solution the OpenSSH needs to be updated.

Is it possible to do this, and if it is, how do I do it?

David J Wood
Trusted Contributor

Re: MSM460 - Security Vulnerability

Though the MSM460 is a Linux device, it does not have X11 installed, so this theoretical vulnerability does not apply.

You can't update the SSH server by itself. All you can do is install the latest HP firmware that you have access to (via warranty or contract).
Dennis Handly
Acclaimed Contributor

Re: MSM460 - Security Vulnerability

>it does not have X11 installed, so this theoretical vulnerability does not apply.


You think that the scanning program just detects that it is Linux and not that it has the X11 ports? open/listening?

David J Wood
Trusted Contributor

Re: MSM460 - Security Vulnerability

I believe the original poster's scanning program is going purely by the AP's SSH banner. If you telnet to port 22 on the AP, you will see something like:




which indicates the device in question (an MSM460 running firmware, the latest generally available public version) claims to implement the SSH 2.0 protocol using OpenSSH Portable 6.1. This is a fairly recent OpenSSH version (6.2 is current, 6.3 is in the process of being released and may already be on some mirrors).



There is a vulnerability with X11 forwarding and dual stack IPv4/IPv6 devices in OpenSSH versions before OpenSSH 5.0. I believe it is a purely theoretical vulnerability so far as the access points go, because they make no use of X11. However, as an HP outsider, I am not sure whether OpenSSH on the AP has been configured to disallow X11 forwarding, which would ensure there is no vulnerability.




I don't know which MSM460 firmware versions use which OpenSSH versions. The original poster may not have access to the latest firmware. Until the implementation of Lifetime Warranty 2.0 on 2013-08-01, the warranty software entitlement on purchasing an MSM4xx device was only for bugfix releases in the same firmware series as was generally available on the date of purchase. If you wish to move to a newer firmware series you must have an active software contract or Care Pack. The MSM460 was originally released with 5.5 firmware. Subsequently, there have been releases in the 5.7 and 6.0 firmware series.


My understanding is that devices bought after the implementation of Lifetime Warranty 2.0 have three years of software updates included in the purchase price - at least in North America and EMEA.