Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Potential security vulnerability in JUNOS Internet software (CERT Coordination Center Vulnerability Note VU#368819)

0

0

Article ID: JSA10300 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 2.0
Legacy Advisory Id:
FA-SW-0203-005
Product Affected:
All releases of JUNOS software
Problem:
A bug in the zlib compression library might manifest itself as a vulnerability in programs that are linked with zlib. This vulnerability might allow an intruder to conduct a denial-of-service (DoS) attack, gather information, or execute arbitrary code.

Note that the CERT/CC has not received any reports of exploitation of this bug. Based on the information available at this time, it is difficult to determine whether this bug can be successfully exploited.

Details of the vulnerability can be found in the Related Link below.
Solution:
This Field Alert will be updated and reissued as soon as risk assessment is complete and any necessary updates or patches are available.
Severity Level:
None
Severity Assessment:
Juniper Networks has completed an initial assessment of this vulnerability, and we believe that our software is not susceptible. Test programs show that our memory allocation algorithm correctly detects and warns about any attempt to exploit the vulnerability described in the CERT/CC advisory.

We continue to evaluate the risks associated with this vulnerability. If we determine that JUNOS software is susceptible, we will quickly issue any patches or software updates required to maintain the security of Juniper Networks routers.

Future JUNOS software releases will include a corrected version of the zlibz code.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search