Malware Devil

Loading...

Thursday, October 15, 2020

ESB-2020.3553 – [Juniper] Junos OS: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3553
JSA11047 - 2020-10 Security Bulletin: FreeBSD-SA-19:20.bsnmp : Insufficient
        message length validation in bsnmp library (CVE-2019-5610)
                              15 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Junos OS
Publisher:         Juniper Networks
Operating System:  Juniper
Impact/Access:     Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-5610  

Reference:         ESB-2019.3031.2

Original Bulletin: 
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11047

- --------------------------BEGIN INCLUDED TEXT--------------------

2020-10 Security Bulletin: FreeBSD-SA-19:20.bsnmp : 
Insufficient message length validation in bsnmp library (CVE-2019-5610)

Article ID  : JSA11047
Last Updated: 14 Oct 2020
Version     : 1.0

Product Affected:
This issue affects Junos OS 15.1, 16.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2,
18.2X75, 18.3, 18.4, 19.1, 19.2, 19.3.
Problem:

The bsnmp software library is a SNMP (Simple Network Management Protocol)
implementation included with Juniper Networks Junos OS for the snmpd process.

A programming error allows a remote user to read unrelated data or trigger a
snmpd process crash.

This issue affects Juniper Networks Junos OS

  o 15.1 versions prior to 15.1R7-S7;
  o 16.1 versions prior to 16.1R7-S8;
  o 17.2 versions prior to 17.2R3-S4;
  o 17.2X75 versions prior to 17.2X75-D45;
  o 17.3 versions prior to 17.3R3-S8;
  o 17.4 versions prior to 17.4R2-S12, 17.4R3-S3;
  o 18.1 versions prior to 18.1R3-S9;
  o 18.2 versions prior to 18.2R3-S6;
  o 18.2X75 versions prior to 18.2X75-D34, 18.2X75-D420, 18.2X75-D53,
    18.2X75-D60;
  o 18.3 versions prior to 18.3R2-S3, 18.3R3-S1;
  o 18.4 versions prior to 18.4R1-S5, 18.4R2-S5, 18.4R3;
  o 19.1 versions prior to 19.1R1-S4, 19.1R2-S2, 19.1R3;
  o 19.2 versions prior to 19.2R1-S5, 19.2R2;
  o 19.3 versions prior to 19.3R2.

This issue does not affect Junos OS with FreeBSD 6, for example Junos OS
15.1X49.

To verifiy which FreeBSD version is used in Junos OS, the administrator can use
the following commands:

user&device> start shell
% sysctl kern.osreldate
kern.osreldate: 601000  start shell
% sysctl kern.osreldate
kern.osreldate: 1001510

Read More

The post ESB-2020.3553 – [Juniper] Junos OS: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/10/15/esb-2020-3553-juniper-junos-os-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3553-juniper-junos-os-multiple-vulnerabilities
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...