Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Potential JUNOS CLI Security vulnerabilities

0

0

Article ID: JSA10289 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 2.0
Legacy Advisory Id:
FA-SW-0204-002
Product Affected:
All releases of JUNOS software released prior to April 11, 2002
Problem:

Several minor security-related errors exist in versions of JUNOS software released prior to April 11, 2002. Some of the utilities used to process CLI commands do not properly validate command arguments; as a result, if the user provides certain invalid arguments, the commands do not work correctly and generate incorrect results.

Additionally, in some situations the file command does not adequately verify that its filename argument has a valid length, leading to a buffer-overflow condition.

These coding errors belong to a class of errors that have resulted in security vulnerabilities in other software. However, Juniper Networks considers it unlikely that these errors in JUNOS software can be exploited.

These bugs are documented as PR/23571 and PR/23573.

Solution:

Argument checking is improved for all affected commands. The corrected code is included in all releases of JUNOS software released on or after April 11, 2002.

Implementation:

To obtain corrections for these errors, upgrade the JUNOS software to a version released on or after April 11, 2002.

Severity Level:
Low
Severity Assessment:
None of these errors can be triggered remotely; they all require that the user be logged in to the router using a valid username and password. No known security exploit of these errors has been identified.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search