SB2019011806 - Multiple vulnerabilities in Juniper Junos OS
Published: January 18, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Infinite loop (CVE-ID: CVE-2019-0001)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd) when receipt of a malformed packet on MX Series devices with dynamic vlan configuration. A remote attacker can send trigger high CPU usage and a crash of the bbe-smgd service.
2) Security restrictions bypass (CVE-ID: CVE-2019-0002)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to the failure of stateless firewall filter rules to take effect. A remote unauthenticated attacker can bypass security restrictions to conduct further attacks.
3) Reachable assertion (CVE-ID: CVE-2019-0003)
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to a reachable assertion failure when a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration. A remote attacker can cause the routing protocol daemon (rpd) process to crash with a core file being generated.
4) Security restrictions bypass (CVE-ID: CVE-2019-0005)
The vulnerability allows a remote attacker to bypass security restrictions.The weakness exists due to the ignoring of IPv6 extension headers by the stateless firewall filter. A remote attacker can bypass security restrictions to forward IPv6 packets.
5) Untrusted pointer dereference (CVE-ID: CVE-2019-0006)
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.The weakness exists due to an uninitialized function pointer dereference in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. A remote attacker can send specially crafted HTTP packets to cause the fxpc daemon crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
6) Security restrictions bypass (CVE-ID: CVE-2019-0007)
The vulnerability allows a remote attacker to bypass security restrictions.The weakness exists due to the use of a predictable IP ID Sequence Number. A remote attacker can bypass security restrictions launch further attacks on the system.
7) Denial of service (CVE-ID: CVE-2019-0009)
The vulnerability allows a local attacker to cause DoS condition.
The vulnerability exists due to unspecified flaw. A local attacker can use high disk I/O operations to disrupt the communication between the routing engine (RE) and the packet forwarding engine (PFE).
8) Resource exhaustion (CVE-ID: CVE-2019-0010)
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to an error when processing malicious input. A remote attacker can send a specially-crafted HTTP traffic, cause UTM to consume all mbufs resulting in a denial of service condition.
9) Improper input validation (CVE-ID: CVE-2019-0011)
The vulnerability allows an adjacent attacker to cause DoS condition.
The vulnerability exists due to an error when processing malicious input. An adjacent attacker can continuously send a specially crafted packet and cause the kernel to crash.
10) Improper input validation (CVE-ID: CVE-2019-0012)
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to an error when configured as a VPLS PE. A remote attacker can send a specially crafted BGP message and cause the routing protocol daemon (rpd) process to crash.
11) Improper input validation (CVE-ID: CVE-2019-0013)
The vulnerability allows an adjacent attacker to cause DoS condition.
The vulnerability exists due to an error when processing malicious input. An adjacent attacker can send a specially crafted IPv4 PIM Join packet and cause the routing protocol daemon (RPD) process to crash.
12) Improper input validation (CVE-ID: CVE-2019-0014)
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to an error when processing malicious input. A remote attacker can send a specially crafted packet for J-Flow and cause the FPC (Flexible PIC Concentrator) process to crash.
13) Security restrictions bypass (CVE-ID: CVE-2019-0015)
The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The vulnerability exists due to an error in the SRX Series Service Gateway. A remote authenticated attacker can establish VPN connections until reboot and gain access to the device.
Remediation
Install update from vendor's website.
References
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10900&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10901&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10902&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10905&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10906&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10903&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10909&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10910&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10911&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10912&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10913&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10914&cat=SIRT_1&actp=LIST
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10915&cat=SIRT_1&actp=LIST