The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Juniper Junos OS

computer vulnerability note CVE-2018-0037

Junos OS: denial of service via BGP NOTIFICATION

Synthesis of the vulnerability

An attacker can send malicious BGP NOTIFICATION packets to Junos, in order to trigger a denial of service.
Impacted products: Juniper EX-Series, Junos OS.
Severity: 2/4.
Creation date: 12/07/2018.
Identifiers: CERTFR-2018-AVI-339, CVE-2018-0037, JSA10871, VIGILANCE-VUL-26719.

Description of the vulnerability

The Junos product has a service to manage received BGP NOTIFICATION packets.

However, when malicious BGP NOTIFICATION packets are received, a fatal error occurs.

An attacker can therefore send malicious BGP NOTIFICATION packets to Junos, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2018-0034

Junos OS: denial of service via IPv6 DHCP

Synthesis of the vulnerability

An attacker can send malicious IPv6 DHCP packets to Junos, in order to trigger a denial of service.
Impacted products: Juniper EX-Series, Junos OS, SRX-Series.
Severity: 2/4.
Creation date: 12/07/2018.
Identifiers: CERTFR-2018-AVI-339, CVE-2018-0034, JSA10868, VIGILANCE-VUL-26717.

Description of the vulnerability

The Junos product has a service to manage received IPv6 DHCP packets.

However, when malicious IPv6 DHCP packets are received, a fatal error occurs.

An attacker can therefore send malicious IPv6 DHCP packets to Junos, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2018-0032

Junos OS: denial of service via BGP UPDATE

Synthesis of the vulnerability

An attacker can send malicious BGP UPDATE packets to Junos, in order to trigger a denial of service.
Impacted products: Juniper EX-Series, Junos OS, SRX-Series.
Severity: 2/4.
Creation date: 12/07/2018.
Identifiers: CERTFR-2018-AVI-339, CVE-2018-0032, JSA10866, VIGILANCE-VUL-26716.

Description of the vulnerability

The Junos product has a service to manage received BGP UPDATE packets.

However, when malicious BGP UPDATE packets are received, a fatal error occurs.

An attacker can therefore send malicious BGP UPDATE packets to Junos, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2018-0030

Junos OS: denial of service via MPLS

Synthesis of the vulnerability

An attacker can send malicious MPLS packets to Junos, in order to trigger a denial of service.
Impacted products: Junos OS.
Severity: 2/4.
Creation date: 12/07/2018.
Identifiers: CERTFR-2018-AVI-339, CERTFR-2018-AVI-345, CVE-2018-0030, JSA10864, VIGILANCE-VUL-26714.

Description of the vulnerability

The Junos product has a service to manage received MPLS packets.

However, when malicious MPLS packets are received, a fatal error occurs.

An attacker can therefore send malicious MPLS packets to Junos, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-0027

Junos OS: denial of service via RSVP

Synthesis of the vulnerability

An attacker can send malicious RSVP packets to Junos, in order to trigger a denial of service.
Impacted products: Juniper EX-Series, Junos OS.
Severity: 2/4.
Creation date: 12/07/2018.
Identifiers: CERTFR-2018-AVI-339, CVE-2018-0027, JSA10861, VIGILANCE-VUL-26712.

Description of the vulnerability

The Junos product has a service to manage received RSVP packets.

However, when malicious RSVP packets are received, a fatal error occurs.

An attacker can therefore send malicious RSVP packets to Junos, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2017-1000099 CVE-2017-1000100 CVE-2017-1000101

curl: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of curl.
Impacted products: OpenOffice, Mac OS X, curl, Debian, Fedora, Android OS, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu, WindRiver Linux, VxWorks.
Severity: 3/4.
Creation date: 09/08/2017.
Identifiers: 2011879, bulletinapr2018, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, DLA-1062-1, DSA-3992-1, FEDORA-2017-f1ffd18079, FEDORA-2017-f2df9d7772, HT208221, JSA10874, K-511316, openSUSE-SU-2017:2205-1, RHSA-2018:3558-01, SSA:2017-221-01, USN-3441-1, USN-3441-2, VIGILANCE-VUL-23481.

Description of the vulnerability

Several vulnerabilities were announced in curl.

An attacker can force a read at an invalid address via Globbing, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-1000101]

An attacker can generate a buffer overflow via TFTP, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2017-1000100]

An attacker can force a read at an invalid address via FILE, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-1000099]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-3142 CVE-2017-3143

ISC BIND: two vulnerabilities via TSIG Authentication

Synthesis of the vulnerability

An attacker can use several vulnerabilities via TSIG Authentication of ISC BIND.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, BIND, Junos OS, SRX-Series, NetBSD, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 30/06/2017.
Revision date: 07/07/2017.
Identifiers: AA-01503, AA-01504, bulletinjan2018, CERTFR-2017-AVI-199, CVE-2017-3142, CVE-2017-3143, DLA-1025-1, DLA-1025-2, DSA-3904-1, DSA-3904-2, FEDORA-2017-001f135337, FEDORA-2017-167cfa7b09, FEDORA-2017-59127a606c, FEDORA-2017-d04f7ddd73, HPESBUX03772, JSA10875, K02230327, K59448931, openSUSE-SU-2017:1809-1, RHSA-2017:1679-01, RHSA-2017:1680-01, SSA:2017-180-02, SUSE-SU-2017:1736-1, SUSE-SU-2017:1737-1, SUSE-SU-2017:1738-1, USN-3346-1, USN-3346-2, USN-3346-3, VIGILANCE-VUL-23107.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can use a Zone Transfer, in order to obtain sensitive information. [severity:2/4; AA-01504, CVE-2017-3142]

An attacker can use a Dynamic Update, in order to alter a zone. [severity:3/4; AA-01503, CERTFR-2017-AVI-199, CVE-2017-3143]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-9502

curl on MS-Windows: buffer overflow via an URL of scheme file

Synthesis of the vulnerability

An attacker can generate a buffer overflow via an URL of scheme file in curl, in order to trigger a denial of service, and possibly to run code.
Impacted products: OpenOffice, curl, Juniper EX-Series, Junos OS, SRX-Series.
Severity: 1/4.
Creation date: 14/06/2017.
Identifiers: CVE-2017-9502, JSA10874, VIGILANCE-VUL-22977.

Description of the vulnerability

An attacker can generate a buffer overflow via an URL of scheme file in curl, in order to trigger a denial of service, and possibly to run code.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-3136 CVE-2017-3137 CVE-2017-3138

ISC BIND: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ISC BIND.
Impacted products: Debian, Fedora, HP-UX, BIND, Juniper J-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 13/04/2017.
Identifiers: bulletinjul2018, CERTFR-2017-AVI-112, CVE-2017-3136, CVE-2017-3137, CVE-2017-3138, DLA-957-1, DSA-3854-1, FEDORA-2017-0a876b0ba5, FEDORA-2017-44e494db1e, FEDORA-2017-edce28f24b, FEDORA-2017-ee4b0f53cb, HPESBUX03747, JSA10809, JSA10810, JSA10811, JSA10813, JSA10814, JSA10816, JSA10817, JSA10818, JSA10820, JSA10821, JSA10822, JSA10825, JSA10875, openSUSE-SU-2017:1063-1, RHSA-2017:1095-01, RHSA-2017:1105-01, RHSA-2017:1582-01, RHSA-2017:1583-01, SSA:2017-103-01, SUSE-SU-2017:0998-1, SUSE-SU-2017:0999-1, SUSE-SU-2017:1027-1, USN-3259-1, VIGILANCE-VUL-22445.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can force an assertion error via DNS64 break-dnssec, in order to trigger a denial of service. [severity:3/4; CVE-2017-3136]

An attacker can trigger a fatal error via CNAME Response Ordering, in order to trigger a denial of service. [severity:3/4; CVE-2017-3137]

An attacker can force an assertion error via Null Command String, in order to trigger a denial of service. [severity:2/4; CVE-2017-3138]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2009-0590 CVE-2016-1263 CVE-2016-1275

Junos: eight vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Junos.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 3/4.
Creation date: 13/07/2016.
Revision date: 12/04/2017.
Identifiers: CERTFR-2016-AVI-236, CVE-2009-0590, CVE-2016-1263, CVE-2016-1275, CVE-2016-1276, CVE-2016-1277, CVE-2016-1278, CVE-2016-1279, CVE-2016-1280, JSA10750, JSA10751, JSA10752, JSA10753, JSA10754, JSA10755, JSA10756, JSA10758, VIGILANCE-VUL-20097.

Description of the vulnerability

Several vulnerabilities were announced in Junos.

An attacker can create a memory leak via IPv6 MAC, in order to trigger a denial of service. [severity:2/4; CVE-2016-1275, JSA10750]

An attacker can trigger a fatal error via SRX, in order to trigger a denial of service. [severity:2/4; CVE-2016-1276, JSA10751]

An attacker can send a malicious ICMP packet, in order to trigger a denial of service. [severity:3/4; CVE-2016-1277, JSA10752]

An attacker can bypass security features via Partition Option, in order to escalate his privileges. [severity:2/4; CVE-2016-1278, JSA10753]

An attacker can bypass security features via J-Web, in order to escalate his privileges. [severity:3/4; CVE-2016-1279, JSA10754]

An attacker can bypass security features via Self-signed Certificate, in order to escalate his privileges. [severity:2/4; CVE-2016-1280, JSA10755]

An attacker can bypass security features via Berkeley DB, in order to obtain sensitive information. [severity:2/4; CVE-2009-0590, JSA10756]

An attacker can send a malicious UDP packet, in order to trigger a denial of service. [severity:3/4; CVE-2016-1263, JSA10758]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Juniper Junos OS: