Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Local security vulnerability (FreeBSD-SA-02:23.stdio)

0

0

Article ID: JSA10291 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 2.0
Legacy Advisory Id:
FA-SW-0204-004
Product Affected:
All versions of JUNOS Internet software released prior to April 23, 2002.
Problem:
Normally, when a program is started, several standard file descriptors are opened, which are assigned to standard input, standard output, and standard error. If a program is started when not all these standard file descriptors are opened, the program might open a file and inadvertently associate it with one of the standard descriptors. The program might then read data from or write data to the file inappropriately. If the file is one that the user would normally not have privileges to open, this might result in an opportunity for privilege escalation. PR/24073.
Solution:
The JUNOS kernel has been modified to prevent programs from unintentionally opening arbitrary files using the standard file descriptors.
Implementation:
Install a version of JUNOS Internet software released on or after April 23, 2002.
Severity Assessment:
The risks associated with this vulnerability are minimal. A user can exploit the vulnerability only after logging in to the router. Additionally, the vulnerability can be exploited only by using unsupported shell access.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search