Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

2010-03 Security Bulletin: Junos-based SRX & J-series UAC: Resource policy ordering issue

0

0

Article ID: JSA10426 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 2.0
Legacy Advisory Id:
PSN-2009-12-607
Product Affected:
J2320, J2350, J4350, J6350, SRX100, SRX210, SRX240, SRX650, SRX3400, SRX3600, SRX5600, SRX5800
Junos 9.4 and later
Problem:
UAC Infranet Enforcer(IE) resource policies should be applied in the Infranet Auth Table according to the order those policies are listed in the Infranet Controller(IC) Web Admin.

On a Junos IE, these policies are not evaluated in the correct order.

On a ScreenOS IE, these policies are applied in the correct order.
Solution:
This issue is resolved in Junos 9.4R4 and any later release posted on or after November 18, 2009. This specifically includes the following and all subsequent releases:
9.4R4, 9.5R4, 9.6R3, 10.0R1, 10.1R1

Workaround:
KB16200 describes how to configure your UAC resource policies such that they get applied in the desired order when the policies get pushed to an SRX or J-series device acting as an Infranet Enforcer.
CVSS Score:
5.0
Severity Level:
Medium
Severity Assessment:
Some policies may not be applied.

Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search