Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Minor security vulnerability in JUNOS Internet software kernel

0

0

Article ID: JSA10296 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 2.0
Legacy Advisory Id:
FA-SW-0203-008
Product Affected:
All versions of JUNOS software released prior to February 9, 2002.
Problem:
A security-related vulnerability was recently discovered in the JUNOS software. This vulnerability is described in detail in the FreeBSD Security Advisory FreeBSD-SA-02:09.fstatfs and in PR/21769. A user logged in to a Juniper Networks router could panic the JUNOS kernel by calling the fstatfs() system call using an invalid file descriptor. (The descriptor becomes invalid because the file is deleted.) Only file descriptors that refer to files in a procfs file system are known to exploit this race condition.
Solution:
The fstatfs() system call was updated to remove the race condition.
Implementation:
The fix is included in all versions of JUNOS software released on or after February 10, 2002.
Severity Level:
Low
Severity Assessment:
There is minimal risk associated with this vulnerability. To exploit it, a user would have to be logged in to a Juniper Networks router and invoke the fstatfs() system call using a file descriptor referring to a file deleted from a procfs file system. You cannot invoke the fstatfs() system call in this manner from the JUNOS command-line interface (CLI).

This vulnerability cannot be exploited remotely
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search