Knowledge Search


×
 

2018-10 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 18.2R1 release

  [JSA10880] Show Article Properties


Product Affected:
Junos Space Network Management Platform prior to 18.2R1
Problem:

Multiple vulnerabilities have been resolved in the Junos Space Network Management Platform 18.2R1 release.

Important security issues resolved as a result of these upgrades include:

CVE CVSS Summary
CVE-2016-10009 7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
CVE-2016-10010 7.0 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
CVE-2016-10011 5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
CVE-2016-10012 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
CVE-2017-15906 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
CVE-2018-0046 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS

 

Solution:

The following software releases have been updated to resolve these specific issues: Junos Space Network Management Platform 18.2R1, and all subsequent releases.

These issues are being tracked as PR 1337619 and 1302769 which are visible on the Customer Support website.
 

Workaround:

Use access lists or firewall filters to limit access to the device only from trusted hosts and administrators.

  • CVE-2018-0046: There are no viable workarounds for this issue.
Implementation:
Software Releases, patches and updates are available at https://www.juniper.net/support/downloads/.
 
Modification History:
2018-10-10: Initial publication

Related Links:
CVSS Score:
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Risk Level:
High
Risk Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
Acknowledgements:
CVE-2018-0046: The Juniper SIRT would like to would like to acknowledge and thank Marcel Bilal from IT-Dienstleistungszentrum Berlin