Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

2021-07 Security Bulletin: Junos OS: Out-of-memory condition and crashes can occur after executing a certain CLI command repeatedly (CVE-2021-0293)

0

0

Article ID: JSA11195 SECURITY_ADVISORIES Last Updated: 14 Jul 2021Version: 1.0
Product Affected:
This issue affects Junos OS 18.2, 18.3, 18.4, 19.1, 19.2, 19.3, 19.4, 20.1, 20.2, 20.3.
Problem:

 vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lifetime leads to a memory leak each time the CLI command 'show system connections extensive' is executed. The amount of memory leaked on each execution depends on the number of TCP connections from and to the system. Repeated execution will cause more memory to leak and eventually daemons that need to allocate additionally memory and ultimately the kernel to crash, which will result in traffic loss.

Continued execution of this command will cause a sustained Denial of Service (DoS) condition.

An administrator can use the following CLI command to monitor for increase in memory consumption of the netstat process, if it exists:

user@junos> show system processes extensive | match "username|netstat"

PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
21181 root 100 0 5458M 4913M CPU3 2 0:59 97.27% netstat


The following log message might be observed if this issue happens:

kernel: %KERN-3: pid 21181 (netstat), uid 0, was killed: out of swap space


This issue affects Juniper Networks Junos OS

  • 18.2 versions prior to 18.2R2-S8, 18.2R3-S7.
  • 18.3 versions prior to 18.3R3-S4;
  • 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S7;
  • 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4;
  • 19.2 versions prior to 19.2R1-S6, 19.2R3-S2;
  • 19.3 versions prior to 19.3R2-S6, 19.3R3-S1;
  • 19.4 versions prior to 19.4R1-S4, 19.4R2-S3, 19.4R3-S1;
  • 20.1 versions prior to 20.1R2;
  • 20.2 versions prior to 20.2R2-S1, 20.2R3;
  • 20.3 versions prior to 20.3R1-S1, 20.3R2;

This issue does not affect Juniper Networks Junos OS versions prior to 18.2R1.


Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This issue was seen during production usage.

This issue has been assigned CVE-2021-0293.
 

Solution:

The following software releases have been updated to resolve this specific issue: Junos OS 18.2R2-S8, 18.2R3-S7, 18.3R3-S4, 18.4R1-S8, 18.4R2-S6, 18.4R3-S7, 19.1R1-S6, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R2-S6, 19.3R3-S1, 19.3R3-S2, 19.4R1-S4, 19.4R2-S3, 19.4R3-S1, 20.1R2, 20.2R2-S1, 20.2R3, 20.3R1-S1, 20.3R2, 20.4R1, and all subsequent releases.

This issue is being tracked as 1548355.
 

Workaround:

Please use 'show system connections' (without extensive) and restrict access to 'show system connections extensive'.

To recover please use:

request system process terminate <PID>

with the PID for the netstat process from the output of 'show system processes extensive'.
 

Implementation:
Software releases or updates are available for download at https://support.juniper.net/support/downloads/
 
Modification History:
2021-07-14: Initial Publication.

CVSS Score:
5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Severity Level:
Medium
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search