Knowledge Search


×
 

2013-11 Security Bulletin: Junos Space: MySQL security update

  [JSA10601] Show Article Properties


Product Affected:
Junos Space and JA1500 Junos Space Appliance with Junos Space releases before 13.1R1.
Problem:
MySQL server software included with Junos Space is affected by a number of security vulnerabilities. The following may pose a security risk to Junos Space:

CVE CVSSv2 Base Score and Vector Summary
CVE-2011-2262 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of Service Vulnerability in MySQL
CVE-2012-0486 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of Service Vulnerability in MySQL
CVE-2012-0553 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Buffer overflow in yaSSL as used in MySQL
CVE-2012-0882 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Buffer overflow in yaSSL as used in MySQL
CVE-2012-1702 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of Service Vulnerability in MySQL
CVE-2012-3147 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) Vulnerability in MySQL with impact on integrity and availability.
CVE-2012-3158 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Vulnerability in MySQL with impact on confidentiality, integrity and availability.
CVE-2012-3163 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) Vulnerability in MySQL with impact on Junos Space's confidentiality, integrity and availability.
CVE-2013-0385 6.6 (AV:L/AC:L/Au:N/C:C/I:C/A:N) Vulnerability in MySQL with impact on Junos Space system confidentiality and integrity.
CVE-2013-1492 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Buffer overflow in yaSSL as used in MySQL
CVE-2013-3801 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of Service Vulnerability in MySQL

A firewall is enabled by default on Junos Space which limits access to the MySQL server port to only permitted hosts or Junos Space nodes.
If the firewall is disabled for any reason, the MySQL server port is exposed, which increases the risks posed by the above vulnerabilities.

Solution:
The above listed vulnerabilities are resolved in Junos Space 13.1R1 and later releases.
MySQL server software has been upgraded to 5.5.30 in Junos Space 13.1R1.Junos Space releases can be obtained from:
http://www.juniper.net/support/downloads/?p=space
Workaround:
Enable firewall on Junos Space or limit access to Junos Space only from trusted hosts.
Implementation:
Junos Space releases can be obtained from:
http://www.juniper.net/support/downloads/?p=space
Related Links:
CVSS Score:
9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Severity Level:
High
Severity Assessment:
CVSS score is based on CVE-2012-3163.
Acknowledgements: