Knowledge Search


Buffer overflow vulnerability in FreeBSD fetch (FreeBSD-SA-04:16.fetch.asc)

  [JSA10338] Show Article Properties

Legacy Advisory Id:
Product Affected:
All JUNOS software releases built prior to Nov. 19, 2004
The fetch utility is used for retrieving files from remote systems. An integer overflow in calculating a buffer size can result in a buffer overflow vulnerability. This could enable a malicious server to execute arbitrary code on the router.

This vulnerability is tracked within Juniper as PR/52842.
JUNOS code has been updated to correct the buffer size calculation, eliminating the possible buffer overflow.
All versions of JUNOS built on or after Nov. 19, 2004 contain the corrected code. Customers are encouraged to upgrade to a release containing the fix.
Related Links:
Severity Level:
Severity Assessment:
This vulnerability can only be exploited if you are already logged in on the router, and you use fetch to retrieve files from an untrusted server.