Knowledge Search


×
 

2014-05 Junos Space: Multiple vulnerabilities resolved by third party software upgrades

  [JSA10627] Show Article Properties


Product Affected:
Junos Space and JA1500, JA2500 (Junos Space Appliance) with Junos Space 13.1 and earlier releases.
Problem:

Junos Space release 13.3R1.8 addresses multiple vulnerabilities in prior releases with updated third party software components. The following is a list of software upgraded and vulnerabilities resolved:

Apache HTTP Server upgraded to 2.2.25 which resolves:

CVE CVSS base score Type of issue
CVE-2013-1862 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Arbitrary command execution
CVE-2013-1896 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Denial of service

Oracle MySQL server upgraded to 5.5.34 which resolves:

CVE CVSS base score Type of issue
CVE-2013-1502 1.5 (AV:L/AC:M/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-1511 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-1532 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-1544 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-2375 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) Partial system compromise
CVE-2013-2376 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-2389 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-2391 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N) Unauthorized disclosure or modification
CVE-2013-2392 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3783 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3793 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3794 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3801 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service
CVE-2013-3802 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3804 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3805 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3808 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3809 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) Unauthorized modification
CVE-2013-3812 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3839 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service

OpenJDK Runtime Environment was upgraded to 7u45 which resolves a number of vulnerabilities that affect server deployments of Java including but not limited to:

CVE CVSS base score Type of issue
CVE-2012-3143 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in JMX
CVE-2013-1537 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in Java RMI
CVE-2013-1557 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in Java RMI
CVE-2013-2422 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in Java Libraries

RedHat JBoss application server upgraded to 7.1 resolves:

CVE CVSS base score Type of issue
CVE-2010-0738 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Arbitrary code execution as root
CVE-2010-1428 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Arbitrary code execution as root
CVE-2010-1429 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Information disclosure
CVE-2012-0818 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) XML External Entities Resolution (XXE) vulnerability in Redhat RESTEasy
CVE-2011-5245 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) XML External Entities Resolution (XXE) vulnerability in Redhat RESTEasy

The MySQL server used in Junos Space prior to 13.3R1.8 has a user account with a hardcoded password. If the firewall that is enabled by default in Junos Space is disabled for any reason, then information stored by Junos Space on MySQL database could be accessed over the network, leading to an information disclosure vulnerability. Information in the MySQL database can be misused to get complete control of the system or devices managed by Junos Space. MySQL server configuration in 13.3R1.8 has been hardened and restricted to resolve this vulnerability. This issue is assigned CVE-2014-3413. CVSS v2 base score for this vulnerability is 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Solution:
This issue is fixed in Junos Space 13.3R1.8 and all subsequent releases.
Workaround:
These vulnerabilities can be mitigated by enabling the firewall on Junos Space and limiting access only from trusted hosts.
Implementation:
Junos Space releases can be obtained from:
http://www.juniper.net/support/downloads/?p=space#sw



Modification History:

14 May 2014: Initial release.
5 Nov 2014: Included RESTEasy vulnerabilities CVE-2011-5245 and CVE-2012-0818.
7 Sep 2016: Corrected the name of Java Runtime Environment used by Space.


Related Links:
CVSS Score:
10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Risk Level:
Critical
Risk Assessment:
We consider this to be a critical issue. A remote network based attacker can get complete access to Junos Space or other devices managed by Junos Space.
Acknowledgements:
Juniper SIRT would like to acknowledge and thank Tenable Network Security for responsibly reporting CVE-2014-3413 vulnerability.