Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

2014-05 Junos Space: Multiple vulnerabilities resolved by third party software upgrades

0

0

Article ID: JSA10627 SECURITY_ADVISORIES Last Updated: 07 Sep 2016Version: 3.0
Product Affected:
Junos Space and JA1500, JA2500 (Junos Space Appliance) with Junos Space 13.1 and earlier releases.
Problem:

Junos Space release 13.3R1.8 addresses multiple vulnerabilities in prior releases with updated third party software components. The following is a list of software upgraded and vulnerabilities resolved:

Apache HTTP Server upgraded to 2.2.25 which resolves:

CVE CVSS base score Type of issue
CVE-2013-1862 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Arbitrary command execution
CVE-2013-1896 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Denial of service

Oracle MySQL server upgraded to 5.5.34 which resolves:

CVE CVSS base score Type of issue
CVE-2013-1502 1.5 (AV:L/AC:M/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-1511 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-1532 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-1544 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-2375 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) Partial system compromise
CVE-2013-2376 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-2389 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-2391 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N) Unauthorized disclosure or modification
CVE-2013-2392 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3783 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3793 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3794 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3801 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service
CVE-2013-3802 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3804 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3805 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3808 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3809 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) Unauthorized modification
CVE-2013-3812 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3839 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service

OpenJDK Runtime Environment was upgraded to 7u45 which resolves a number of vulnerabilities that affect server deployments of Java including but not limited to:

CVE CVSS base score Type of issue
CVE-2012-3143 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in JMX
CVE-2013-1537 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in Java RMI
CVE-2013-1557 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in Java RMI
CVE-2013-2422 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in Java Libraries

RedHat JBoss application server upgraded to 7.1 resolves:

CVE CVSS base score Type of issue
CVE-2010-0738 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Arbitrary code execution as root
CVE-2010-1428 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Arbitrary code execution as root
CVE-2010-1429 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Information disclosure
CVE-2012-0818 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) XML External Entities Resolution (XXE) vulnerability in Redhat RESTEasy
CVE-2011-5245 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) XML External Entities Resolution (XXE) vulnerability in Redhat RESTEasy

The MySQL server used in Junos Space prior to 13.3R1.8 has a user account with a hardcoded password. If the firewall that is enabled by default in Junos Space is disabled for any reason, then information stored by Junos Space on MySQL database could be accessed over the network, leading to an information disclosure vulnerability. Information in the MySQL database can be misused to get complete control of the system or devices managed by Junos Space. MySQL server configuration in 13.3R1.8 has been hardened and restricted to resolve this vulnerability. This issue is assigned CVE-2014-3413. CVSS v2 base score for this vulnerability is 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Solution:
This issue is fixed in Junos Space 13.3R1.8 and all subsequent releases.
Workaround:
These vulnerabilities can be mitigated by enabling the firewall on Junos Space and limiting access only from trusted hosts.
Implementation:
Junos Space releases can be obtained from:
http://www.juniper.net/support/downloads/?p=space#sw



Modification History:

14 May 2014: Initial release.
5 Nov 2014: Included RESTEasy vulnerabilities CVE-2011-5245 and CVE-2012-0818.
7 Sep 2016: Corrected the name of Java Runtime Environment used by Space.


CVSS Score:
10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Severity Level:
Critical
Severity Assessment:
We consider this to be a critical issue. A remote network based attacker can get complete access to Junos Space or other devices managed by Junos Space.
Acknowledgements:
Juniper SIRT would like to acknowledge and thank Tenable Network Security for responsibly reporting CVE-2014-3413 vulnerability.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search