The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Junos OS

vulnerability announce CVE-2013-0149

OSPF: corrupting the routing database

Synthesis of the vulnerability

An attacker can spoof OSPF messages, in order to corrupt the routing database.
Impacted products: CheckPoint IP Appliance, IPSO, CheckPoint Security Gateway, Cisco ASR, ASA, Cisco Catalyst, IOS by Cisco, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Router, ProCurve Switch, HP Switch, Juniper E-Series, Juniper J-Series, JUNOSe, Junos OS, NetScreen Firewall, ScreenOS, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 02/08/2013.
Revisions dates: 01/08/2014, 14/02/2017.
Identifiers: BID-61566, c03880910, CERTA-2013-AVI-458, CERTA-2013-AVI-487, CERTA-2013-AVI-508, cisco-sa-20130801-lsaospf, CQ95773, CSCug34469, CSCug34485, CSCug39762, CSCug39795, CSCug63304, CVE-2013-0149, HPSBHF02912, JSA10575, JSA10580, JSA10582, PR 878639, PR 895456, sk94490, SUSE-SU-2014:0879-1, VIGILANCE-VUL-13192, VU#229804.

Description of the vulnerability

The RFC 2328 defines the OSPF protocol (Open Shortest Path First) which established IP routes, using LSA (Link State Advertisement) messages.

The LSA Type 1 Update (LSU, Link-State Update) message is used to update the routing database. However, the RFC does not request to check the "Link State ID" and "Advertising Router" fields of LSU messages. Several implementations (Cisco, Juniper, etc.) therefore do not perform this check.

An attacker can thus spoof a LSU message if he knows:
 - the IP address of the target router
 - LSA DB sequence numbers
 - the router ID of the OSPF Designated Router

An attacker can therefore spoof OSPF messages, in order to corrupt the routing database.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-3135

ISC BIND: assertion error via the combination DNS64+RPZ

Synthesis of the vulnerability

An attacker can force an assertion failure when functions DNS64 and RPZ of ISC BIND are both enabled, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, BIND, Juniper J-Series, Junos OS, SRX-Series, openSUSE Leap, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Creation date: 09/02/2017.
Identifiers: CVE-2017-3135, DLA-843-1, DSA-3795-1, FEDORA-2017-27099c270a, FEDORA-2017-2b46c8b6c2, FEDORA-2017-96b7f4f53e, FEDORA-2017-d0c9bf9508, HPESBUX03747, JSA10799, K80533167, openSUSE-SU-2017:0620-1, RHSA-2017:0276-01, SSA:2017-041-01, USN-3201-1, VIGILANCE-VUL-21790.

Description of the vulnerability

The ISC BIND product is a DNS server.

It can compute responses for IPv6 address queries from data for IPv4 addresses. However, when this function is enabled and that the function "Response Policy Zone" is also enabled, an assertion may be evaluated as false, which stops the process with a SIGABORT signal.

An attacker can therefore force an assertion failure when functions DNS64 and RPZ of ISC BIND are both enabled, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-7055 CVE-2017-3730 CVE-2017-3731

OpenSSL: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Brocade vTM, Cisco ASR, Cisco ATA, AsyncOS, Cisco Catalyst, Cisco Content SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Router, Cisco CUCM, Cisco Manager Attendant Console, Cisco Wireless IP Phone, Cisco WSA, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiOS, FreeBSD, hMailServer, AIX, IRAD, Rational ClearCase, Security Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ, Copssh, Junos OS, Juniper Network Connect, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, ePO, Meinberg NTP Server, MySQL Community, MySQL Enterprise, Data ONTAP, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, VirtualBox, WebLogic, Oracle Web Tier, Palo Alto Firewall PA***, PAN-OS, Percona Server, XtraDB Cluster, pfSense, Pulse Connect Secure, Pulse Secure Client, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, TrendMicro ServerProtect, Ubuntu, VxWorks.
Severity: 2/4.
Creation date: 26/01/2017.
Identifiers: 1117414, 2000544, 2000988, 2000990, 2002331, 2004036, 2004940, 2009389, 2010154, 2011567, 2012827, 2014202, 2014651, 2014669, 2015080, BSA-2016-204, BSA-2016-207, BSA-2016-211, BSA-2016-212, BSA-2016-213, BSA-2016-216, BSA-2016-234, bulletinapr2017, bulletinjan2018, bulletinoct2017, CERTFR-2017-AVI-035, CERTFR-2018-AVI-343, cisco-sa-20170130-openssl, cpuapr2017, cpujan2018, cpujul2017, cpujul2018, cpuoct2017, CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, DLA-814-1, DSA-3773-1, FEDORA-2017-3451dbec48, FEDORA-2017-e853b4144f, FG-IR-17-019, FreeBSD-SA-17:02.openssl, JSA10775, K37526132, K43570545, K44512851, K-510805, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0481-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2017:2011-1, openSUSE-SU-2017:2868-1, openSUSE-SU-2018:0458-1, PAN-70674, PAN-73914, PAN-SA-2017-0012, PAN-SA-2017-0014, PAN-SA-2017-0016, RHSA-2017:0286-01, SA141, SA40423, SB10188, SSA:2017-041-02, SUSE-SU-2018:0112-1, TNS-2017-03, USN-3181-1, VIGILANCE-VUL-21692.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can force a read at an invalid address via Truncated Packet, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2017-3731]

An attacker can force a NULL pointer to be dereferenced via DHE/ECDHE Parameters, in order to trigger a denial of service. [severity:2/4; CVE-2017-3730]

An attacker can use a carry propagation error via BN_mod_exp(), in order to compute the private key. [severity:1/4; CVE-2017-3732]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-2303

Juniper Junos: denial of service via RIP

Synthesis of the vulnerability

An attacker can send malicious RIP packets to Juniper Junos, in order to trigger a denial of service.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 2/4.
Creation date: 12/01/2017.
Identifiers: CERTFR-2017-AVI-012, CVE-2017-2303, JSA10772, VIGILANCE-VUL-21559.

Description of the vulnerability

The Juniper Junos product has a service to manage received RIP packets.

However, when malicious RIP packets are received, a fatal error occurs.

An attacker can therefore send malicious RIP packets to Juniper Junos, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-2302

Juniper Junos: denial of service via BGP

Synthesis of the vulnerability

An attacker can send malicious BGP packets to Juniper Junos, in order to trigger a denial of service.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 2/4.
Creation date: 12/01/2017.
Identifiers: CERTFR-2017-AVI-012, CVE-2017-2302, JSA10771, VIGILANCE-VUL-21557.

Description of the vulnerability

The Juniper Junos product has a service to manage received BGP packets.

However, when malicious BGP packets are received, a fatal error occurs.

An attacker can therefore send malicious BGP packets to Juniper Junos, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2017-2301

Juniper Junos: denial of service via DHCPv6

Synthesis of the vulnerability

An attacker can send malicious DHCPv6 packets to Juniper Junos, in order to trigger a denial of service.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 2/4.
Creation date: 12/01/2017.
Identifiers: CVE-2017-2301, JSA10769, VIGILANCE-VUL-21554.

Description of the vulnerability

The Juniper Junos product has a service to manage received DHCPv6 packets.

However, when malicious DHCPv6 packets are received, a fatal error occurs.

An attacker can therefore send malicious DHCPv6 packets to Juniper Junos, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-2300

Juniper SRX: denial of service via Multicast

Synthesis of the vulnerability

An attacker can send malicious Multicast packets to Juniper SRX, in order to trigger a denial of service.
Impacted products: Junos OS, SRX-Series.
Severity: 2/4.
Creation date: 12/01/2017.
Identifiers: CVE-2017-2300, JSA10768, VIGILANCE-VUL-21553.

Description of the vulnerability

The Juniper SRX product has a service to manage received Multicast packets.

However, when malicious Multicast packets are received, a fatal error occurs.

An attacker can therefore send malicious Multicast packets to Juniper SRX, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-9131 CVE-2016-9147 CVE-2016-9444

ISC BIND: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ISC BIND.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, BIND, Juniper J-Series, Junos OS, SRX-Series, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 12/01/2017.
Identifiers: bulletinjan2017, c05381687, CERTFR-2017-AVI-013, CERTFR-2017-AVI-111, CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2016-9778, DLA-805-1, DSA-3758-1, FEDORA-2017-59ca54c94e, FEDORA-2017-87992a0557, FEDORA-2017-8f23f564ad, FEDORA-2017-f44f2f5a48, HPESBUX03699, JSA10785, K02138183, openSUSE-SU-2017:0182-1, openSUSE-SU-2017:0193-1, RHSA-2017:0062-01, RHSA-2017:0063-01, RHSA-2017:0064-01, RHSA-2017:1583-01, SSA:2017-011-01, SSRT110304, SUSE-SU-2017:0111-1, SUSE-SU-2017:0112-1, SUSE-SU-2017:0113-1, USN-3172-1, VIGILANCE-VUL-21552.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can force an assertion error via ANY Response, in order to trigger a denial of service. [severity:2/4; CVE-2016-9131]

An attacker can force an assertion error via DNSSEC Information Response, in order to trigger a denial of service. [severity:2/4; CVE-2016-9147]

An attacker can force an assertion error via DS Record Response, in order to trigger a denial of service. [severity:2/4; CVE-2016-9444]

An attacker can force an assertion error via nxdomain-redirect, in order to trigger a denial of service. [severity:2/4; CVE-2016-9778]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-9586 CVE-2016-9952 CVE-2016-9953

cURL: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of cURL.
Impacted products: Mac OS X, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Ubuntu.
Severity: 2/4.
Creation date: 21/12/2016.
Identifiers: APPLE-SA-2017-07-19-2, CVE-2016-9586, CVE-2016-9952, CVE-2016-9953, DLA-767-1, FEDORA-2016-86d2b5aefb, FEDORA-2016-edbb33ab2e, HT207615, HT207922, JSA10874, openSUSE-SU-2017:1105-1, USN-3441-1, USN-3441-2, VIGILANCE-VUL-21435.

Description of the vulnerability

Several vulnerabilities were announced in cURL.

An attacker can generate a buffer overflow via float numbers, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-9586]

On WinCE platforms, an attacker can tamper with X.501 names in the X.509 certificate validation process, in order to spoof a server. [severity:2/4; CVE-2016-9952]

On WinCE platforms, an attacker can raise a read only buffer overflow in the X.509 certificate validation process, in order to read the server process memory or crash it. [severity:2/4; CVE-2016-9953]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2016-7053 CVE-2016-7054 CVE-2016-7055

OpenSSL 1.1: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL 1.1.
Impacted products: Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco ESA, IOS by Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Wireless Controller, NetWorker, VNX Operating Environment, VNX Series, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiOS, IRAD, Tivoli Storage Manager, Copssh, Junos OS, Juniper Network Connect, NSM Central Manager, NSMXpress, SRX-Series, MySQL Community, MySQL Enterprise, Data ONTAP, OpenSSL, openSUSE Leap, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, WebLogic, Oracle Web Tier, Percona Server, pfSense, Pulse Connect Secure, Pulse Secure Client.
Severity: 2/4.
Creation date: 10/11/2016.
Revision date: 13/12/2016.
Identifiers: 2004036, 2004940, 2011567, 492284, 492616, bulletinapr2017, CERTFR-2018-AVI-343, cisco-sa-20161114-openssl, cpujan2018, cpujul2017, CVE-2016-7053, CVE-2016-7054, CVE-2016-7055, ESA-2016-148, ESA-2016-149, FG-IR-17-019, JSA10775, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2018:0458-1, SA40423, VIGILANCE-VUL-21093.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL 1.1.

An attacker can generate a buffer overflow via ChaCha20/Poly1305, in order to trigger a denial of service. [severity:2/4; CVE-2016-7054]

An attacker can force a NULL pointer to be dereferenced via CMS Structures, in order to trigger a denial of service. [severity:2/4; CVE-2016-7053]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Junos OS: