Knowledge Search


×
 

Buffer overflow vulnerability in FreeBSD fetch (FreeBSD-SA-04:16.fetch.asc)

  [JSA10338] Show Article Properties


Legacy Advisory Id:
PSN-2004-11-014
Product Affected:
All JUNOS software releases built prior to Nov. 19, 2004
Problem:
The fetch utility is used for retrieving files from remote systems. An integer overflow in calculating a buffer size can result in a buffer overflow vulnerability. This could enable a malicious server to execute arbitrary code on the router.

This vulnerability is tracked within Juniper as PR/52842.
Solution:
JUNOS code has been updated to correct the buffer size calculation, eliminating the possible buffer overflow.
Implementation:
All versions of JUNOS built on or after Nov. 19, 2004 contain the corrected code. Customers are encouraged to upgrade to a release containing the fix.
Related Links:
Severity Level:
Low
Severity Assessment:
This vulnerability can only be exploited if you are already logged in on the router, and you use fetch to retrieve files from an untrusted server.