SB2017071408 - Multiple vulnerabilities in Juniper Junos

Description

This security bulletin contains information about 12 secuirty vulnerabilities.

1) Privilege escalation (CVE-ID: CVE-2017-2341)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to authentication flaw. A local attacker on a virtualized instance can gain host privileges.

Successful exploitation of the vulnerability results in privilege escalation.

2) Buffer overflow (CVE-ID: CVE-2017-10602)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to buffer overflow in the command line interface (CLI). A local attacker with read only privileges can trigger memory corruption and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

3) XML injection (CVE-ID: CVE-2017-10603)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper handling of XML External Entity (XXE) entries when parsing an XML data. A local attacker CAN Inject XML data via the command line interface (CLI) and execute arbitrary commands with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Buffer overflow (CVE-ID: CVE-2017-2344)

The vulnerability allows a local attacker to gain elevated privileges or cause DoS condition on the system.

The weakness exists due to buffer overflow in an internal Junos OS sockets library. A local attacker can run a specially crafted application, trigger memory corruption, cause the kernel panic or execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

5) OS command injection (CVE-ID: CVE-2017-2349)

The vulnerability allows a remote authenticated attacker to gain elevated privileges.

The weakness exists due to command injection flaw in the IDP feature. A remote attacker can execute shell commands and gain root privileges on the system.

Successful exploitation of the vulnerability results in privilege escalation.

6) Denial of service (CVE-ID: CVE-2017-2346)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. A remote attacker can send specially crafted large fragmented packets through an Application Layer Gateway (ALG) to cause the target MS-MPC or MS-MIC Service PIC to crash.

Successful exploitation of the vulnerability results in denial of service.

7) Resource exhaustion (CVE-ID: CVE-2017-2348)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to resource exhaustion. A remote attacker can send a specially crafted IPv6 UDP packet to cause the target Juniper Enhanced jdhcpd daemon to consume excessive CPU resources and crash or restart.

Successful exploitation of the vulnerability results in denial of service.

8) Denial of service (CVE-ID: CVE-2017-10604)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an error in cluster mode on SRX Series systems. A remote attacker can can attempt to login to the root account with an incorrect password to trigger a lockout of the root account.

Successful exploitation of the vulnerability results in denial of service.

9) Denial of service (CVE-ID: CVE-2017-2314)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. A remote attacker can send a specially crafted BGP OPEN message to cause the target routing protocol daemon (rpd) process to crash and restart.

Successful exploitation of the vulnerability results in denial of service.

10) Denial of service (CVE-ID: CVE-2017-2347)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. An adjacent attacker can send a specially crafted MPLS ping packet to cause the target rpd daemon to crash.

Successful exploitation of the vulnerability results in denial of service.

11) Denial of service (CVE-ID: CVE-2017-10605)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper input validation. A remote attacker can send a specially crafted packet to cause the target flowd process to crash.

Successful exploitation of the vulnerability results in denial of service.

12) Denial of service (CVE-ID: CVE-2017-2342)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The weakness exists due to the system falls back to an unencrypted link when MACsec is configured on a port that is not capable of MACsec or when a secure link can not be established. A remote attacker that can monitor the network can view potentially sensitive information on the target link.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787
• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10803
• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10805
• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10801
• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10794
• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10800
• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10806
• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10779
• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10795
• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10789
• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10790