Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

2018-01 Security Bulletin: CTPView: Multiple Linux kernel vulnerabilities.

0

0

Article ID: JSA10839 SECURITY_ADVISORIES Last Updated: 10 Jan 2018Version: 3.0
Product Affected:
CTPView 7.1, 7.2, 7.3.
Problem:

CTPView releases 7.1R2, 7.3R3 and 7.4R1 address multiple Linux kernel vulnerabilities in prior releases.

The resolved issues include:

CVE CVSS Summary
CVE-2017-6074 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Linux kernel Linux kernel vulnerability that could allow local privilege escalation
CVE-2017-2634 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Linux kernel vulnerability that could allow denial of service

 

Solution:
These issues are addressed in CTPView 7.1R2, 7.3R3 and 7.4R1 and all subsequent releases.‚Äč

These issues are being tracked as 1284155 which is visible on the Customer Support website.

Workaround:

Customers can contact JTAC for the instruction on how to upgrade to kernel-2.6.18-419.el5.

Implementation:
Software Releases, patches and updates are available at https://www.juniper.net/support/downloads/.
Modification History:
2018-01-10: Initial publication
CVSS Score:
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Severity Level:
High
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."

Related Links

Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search