Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

18.4R1-S8: Software Release Notification for JUNOS Software Version 18.4R1-S8

0

0

Article ID: TSB18056 TECHNICAL_BULLETINS Last Updated: 26 May 2021Version: 1.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, MX, PTX, QFX, NFX, SRX, VRR, vMX, vSRX
Alert Description:
Junos Software Service Release version 18.4R1-S8 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 18.4R1-S8 is now available.

18.4R1-S8 - List of Fixed issues
PR Number Synopsis Category: EX4300 PFE
1545530 Junos OS: EX4300: FPC crash upon receipt of specific frames on an interface without L2PT or dot1x configured (CVE-2021-0242)
Product-Group=junos
A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. The DMA buffer leak is seen when receiving these specific, valid unicast frames on an interface without Layer 2 Protocol Tunneling (L2PT) or dot1x configured. Interfaces with either L2PT or dot1x configured are not vulnerable to this issue. Please refer to https://kb.juniper.net/JSA11135 for more information.
PR Number Synopsis Category: EX2300/3400 platform
1535106 EX2300/EX3400 : RTC ERROR and SETTIME failed messages is seen
Product-Group=junos
On EX2300 and EX3400 series, you may observe RTC ERROR and SETTIME failed message sometimes without trigger.
PR Number Synopsis Category: JUNOS kernel/ukernel changes for ACX
1509402 On the ACX710 router, the Packet Forwarding Engine might crash and the fpc process might remain down.
Product-Group=junos
On ACX710 platform, after the PTP(Precision Time Protocol) configuration is removed and the router is rebooted, the PFE might crash and the FPC remains down if PTP traffic is still coming into the router. This issue might also happen when SyncE is configured. This causes the router to crash and not come up.
PR Number Synopsis Category: Track PRs in BGP Flow Spec area & is part of BGP inside RPD.
1537085 Junos OS: A specific BGP VPNv6 flowspec message causes routing protocol daemon (rpd) process to crash with a core (CVE-2021-0236)
Product-Group=junos
Due to an improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved the Routing Protocol Daemon (RPD) service, upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, crashes and restarts causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11131 for more information.
PR Number Synopsis Category: MX-ELM l2ng stormcontrol
1552815 The action-shutdown command of storm control does not work for the ARP broadcast packets.
Product-Group=junos
With knob 'action-shutdown' configured in storm control scenario, the interface will not go to shutdown state if ARP storm exceeds the configured limit. The excess packets will be dropped normally.
PR Number Synopsis Category: QFX Control Plane VXLAN
1548415 Junos OS: Remote code execution vulnerability in overlayd service (CVE-2021-0254)
Product-Group=junos
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the partial DoS. Please refer to https://kb.juniper.net/JSA11147 for more information.
PR Number Synopsis Category: dns-proxy feature
1512212 Junos OS: SRX Series: ISC Security Advisory: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616)
Product-Group=junos
On Juniper Networks Junos OS SRX Series devices an uncontrolled resource consumption vulnerability in BIND may allow an attacker to cause a Denial of Service (DoS) condition. When these devices are configured to use DNS Proxy, these devices do not sufficiently limit the number of fetches performed when processing referrals. In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. In its original design BIND (as well as other nameservers) does not sufficiently limit the number of fetches which may be performed while processing a referral response. A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. Refer to https://kb.juniper.net/JSA11090 for more information.
1537737 Junos OS: SRX Series: An assertion failure in BIND can be used to trigger a Denial of Service (DoS) (CVE-2020-8622)
Product-Group=junos
A vulnerability in BIND, used in Juniper Networks Junos OS on SRX Series devices, may allow an attacker on the network path for a transaction signature-signed request (TSIG-signed request), to trigger an assertion failure, resulting in a Denial of Service (DoS). Refer to https://kb.juniper.net/JSA11116 for more information.
PR Number Synopsis Category: Ethernet OAM (LFM)
1529209 Junos OS: ethtraceroute Local Privilege Escalation vulnerabilities in SUID binaries (CVE-2021-0255)
Product-Group=junos
A local privilege escalation vulnerability in ethtraceroute Ethernet OAM utility of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. Please refer to https://kb.juniper.net/JSA11175 for more information.
PR Number Synopsis Category: Express PFE including evpn, vxlan
1518537 Junos OS: QFX10K Series: Traffic loop Denial of Service (DoS) upon receipt of specific IP multicast traffic (CVE-2021-0221)
Product-Group=junos
In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will cause interface traffic to increase abnormally, ultimately leading to a Denial of Service (DoS) in packet processing. Please refer to https://kb.juniper.net/JSA11111 for more information.
PR Number Synopsis Category: jdhcpd daemon
1564434 Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash and restart. (CVE-2021-0240)
Product-Group=junos
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, the Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash if a malformed DHCPv6 packet is received, resulting in a restart of the daemon. The daemon automatically restarts without intervention, but continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Please refer to https://kb.juniper.net/JSA11168 for more information.
PR Number Synopsis Category: Security platform jweb support
1518212 Junos OS: Privilege escalation in J-Web due to arbitrary command and code execution via information disclosure from another users active session (CVE-2021-0210)
Product-Group=junos
An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. Please refer to https://kb.juniper.net/JSA11100 for more information.
PR Number Synopsis Category: MQTT protocol, Mosquitto Broker and Client API
1522265 Junos OS: Receipt of specific packets could lead to Denial of Service in MQTT Server (CVE-2021-0229)
Product-Group=junos
An uncontrolled resource consumption vulnerability in Message Queue Telemetry Transport (MQTT) server of Juniper Networks Junos OS allows an attacker to cause MQTT server to crash and restart leading to a Denial of Service (DoS) by sending a stream of specific packets. Please refer to https://kb.juniper.net/JSA11124 for more information.
PR Number Synopsis Category: IDS features available on MS-MPC/MIC
1536100 Junos OS: MX Series: Dynamic filter fails to match IPv6 prefix (CVE-2021-0205)
Product-Group=junos
When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the prefix as /32, causing the filter to block unexpected traffic. Refer to https://kb.juniper.net/JSA11095 for more information.
PR Number Synopsis Category: FreeBSD Kernel Infrastructure
1500902 The redundancy gmac drivers might cause the unexpected behaviors in the EX2300, EX2300-MP, EX3400, ACX710 platforms
Product-Group=junos
If some redundancy gmac drivers are used on the FreeBSD system of the EX2300, EX2300-MP, EX3400, ACX710 platforms, some behaviors might not be consistent between the PHY (physical layer) function and the SerDes (Serializer/Deserializer) function. Then the management connections between the optic interfaces and ASIC/backplane fabric/PICe bus might be unstable, the management traffic (e.g. management interface might be unavailable) might be disrupted.
1518898 The kernel might crash if a file/directory is accessed for the first time and is not created locally.
Product-Group=junos
On the Junos with Virtual Filesystem (VirtFS), if a file/directory is accessed for the first time and is not created locally, the kernel might crash and generate a vmcore file. Junos might reboot due to this issue.
1525318 Junos OS: telnetd.real Local Privilege Escalation vulnerabilities in SUID binaries (CVE-2021-0223)
Product-Group=junos
A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. Please refer to https://kb.juniper.net/JSA11114 for more information.
PR Number Synopsis Category: vMX Platform Infrastructure related issue tracking
1548422 Traffic with jumbo frame may be discarded on the vMX platforms
Product-Group=junos
On the VMX platforms which are installed on ESXI 6.7 with vmxnet3 driver, traffic with jumbo frame (Packets with MTU more than 1500) may be discarded upon receiving.
PR Number Synopsis Category: SNMP Infrastructure (snmpd, mib2d)
1458057 Junos OS: SNMP fails to properly perform authorization checks on incoming received SNMP requests (CVE-2021-0260)
Product-Group=junos
An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthenticated attacker being able to perform SNMP read actions, an Exposure of System Data to an Unauthorized Control Sphere, or write actions to OIDs that support write operations, against the device without authentication. Please refer to https://kb.juniper.net/JSA11151 for more information.
PR Number Synopsis Category: SRX branch platforms
1512810 Junos OS: SRX Series: A logic error in BIND can be used to trigger a denial of service (DoS) (CVE-2020-8617)
Product-Group=junos
A vulnerability in BIND code, used in Junos OS on SRX Series devices, which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger an assertion failure in tsig.c, resulting in a denial of service (DoS). Refer to https://kb.juniper.net/JSA11091 for more information.
1542931 Tail drops might occur on SRX Series devices if shaping-rate is configured on lt interface.
Product-Group=junos
On the branch SRX platforms, if shaping-rate greater than 2 Mbps and lower than 10Mbps is set on the lt- interface, the maximum traffic rate might not reach shaping-rate, or there might be tail drops during traffic burst.
PR Number Synopsis Category: SSL Proxy functionality on JUNOS
1467856 Junos OS: NFX Series, SRX Series: PFE may crash upon receipt of specific packet when SSL Proxy is configured. (CVE-2021-0206)
Product-Group=junos
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS). By continuously sending these specific packets, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). Refer to https://kb.juniper.net/JSA11096 for more information.
PR Number Synopsis Category: UI Infrastructure - mgd, DAX API, DDL/ODL
1553577 The request system software validate on host command does not validate the correct configuration file.
Product-Group=junos
When using the "request system software validate on host username ", please use the latest os-package on remote host for it to properly use the configuration file sent from the host whose configuration file is being validated.
 
Modification History:
First publication 2021-05-26
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search