Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Minor security vulnerability in Software Packages system

0

0

Article ID: JSA10298 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 2.0
Legacy Advisory Id:
FA-SW-0203-009
Product Affected:
All versions of JUNOS Internet software released prior to January 9, 2002.
Problem:
A security-related vulnerability was recently discovered in the Software Packages system included in the JUNOS software. This vulnerability, described in detail in the FreeBSD Security Advisory FreeBSD-SA-02:01.pkg_add and in PR/20778, could permit a user who was already logged in to a Juniper Networks router to interfere with the installation of JUNOS software updates, possibly compromising the newly installed software.
Solution:
The Software Packages system was updated to deny access by other users to the temporary directory used for package installation.
Implementation:
The fix is included in all versions of JUNOS software released on or after January 10, 2002. Releases 5.0R4, 5.1R3, and 5.2R1 all contain the fix.
Severity Level:
Low
Severity Assessment:
There is minimal risk associated with this vulnerability. To exploit the vulnerability, a user would need to be logged in while a software package installation was being performed, locate the temporary installation directory, examine its contents, identify world-writeable components of the software package being installed, and overwrite selected components prior to completion of the software package installation.

This vulnerability cannot be exploited remotely.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search