Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Buffer overflow vulnerability in FreeBSD fetch (FreeBSD-SA-04:16.fetch.asc)



Article ID: JSA10338 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 3.0
Legacy Advisory Id:
Product Affected:
All JUNOS software releases built prior to Nov. 19, 2004
The fetch utility is used for retrieving files from remote systems. An integer overflow in calculating a buffer size can result in a buffer overflow vulnerability. This could enable a malicious server to execute arbitrary code on the router.

This vulnerability is tracked within Juniper as PR/52842.
JUNOS code has been updated to correct the buffer size calculation, eliminating the possible buffer overflow.
All versions of JUNOS built on or after Nov. 19, 2004 contain the corrected code. Customers are encouraged to upgrade to a release containing the fix.
Severity Level:
Severity Assessment:
This vulnerability can only be exploited if you are already logged in on the router, and you use fetch to retrieve files from an untrusted server.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search