The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SRX-Series

computer vulnerability announce CVE-2016-4923

Junos: Cross Site Scripting via J-Web

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via J-Web of Junos, in order to run JavaScript code in the context of the web site.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 13/10/2016.
Identifiers: CERTFR-2016-AVI-344, CVE-2016-4923, JSA10764, VIGILANCE-VUL-20857.

Description of the vulnerability

The Junos product offers a web service.

However, it does not filter received data via J-Web before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via J-Web of Junos, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-4922

Junos: privilege escalation via CLI

Synthesis of the vulnerability

An attacker can bypass restrictions via the CLI of Junos, in order to escalate his privileges.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 13/10/2016.
Identifiers: CERTFR-2016-AVI-344, CVE-2016-4922, JSA10763, VIGILANCE-VUL-20856.

Description of the vulnerability

An attacker can bypass restrictions via the CLI of Junos, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-4921

Junos: denial of service via IPv6

Synthesis of the vulnerability

An attacker can send malicious IPv6 packets to Junos, in order to trigger a denial of service.
Impacted products: Juniper J-Series, Junos OS, SRX-Series.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 13/10/2016.
Identifiers: CERTFR-2016-AVI-344, CVE-2016-4921, JSA10762, VIGILANCE-VUL-20855.

Description of the vulnerability

The Junos product has a service to manage received IPv6 packets.

However, when malicious IPv6 packets are received, a fatal error occurs.

An attacker can therefore send malicious IPv6 packets to Junos, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-8858

OpenSSH: denial of service via kex_input_kexinit

Synthesis of the vulnerability

An unauthenticated attacker can send some SSH messages to OpenSSH, in order to trigger a denial of service.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, FreeBSD, AIX, Juniper J-Series, Junos OS, SRX-Series, Data ONTAP, OpenBSD, OpenSSH, openSUSE Leap, Solaris, pfSense.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 11/10/2016.
Identifiers: bulletinoct2016, CVE-2016-8858, FreeBSD-SA-16:33.openssh, JSA10837, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0344-1, openSUSE-SU-2017:0674-1, pfSense-SA-17_03.webgui, SA136, VIGILANCE-VUL-20819.

Description of the vulnerability

The OpenSSH product uses the kex_input_kexinit() function during the initialization of the key exchange.

However, the ssh_dispatch_set() function is not called, which leads to the consumption of memory and CPU.

An unauthenticated attacker can therefore send some SSH messages to OpenSSH, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-2776

ISC BIND: assertion error via buffer.c

Synthesis of the vulnerability

An attacker can force an assertion error via buffer.c of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, BIND, Juniper J-Series, Junos OS, SRX-Series, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 28/09/2016.
Identifiers: AA-01419, bulletinoct2016, c05321107, CERTFR-2017-AVI-111, CVE-2016-2776, DLA-645-1, DSA-3680-1, FEDORA-2016-2d9825f7c1, FEDORA-2016-3af8b344f1, FEDORA-2016-cbef6c8619, FEDORA-2016-cca77daf70, FreeBSD-SA-16:28.bind, JSA10785, K18829561, openSUSE-SU-2016:2406-1, RHSA-2016:1944-01, RHSA-2016:1945-01, RHSA-2016:2099-01, SOL18829561, SSA:2016-271-01, SUSE-SU-2016:2399-1, SUSE-SU-2016:2401-1, SUSE-SU-2016:2405-1, USN-3088-1, VIGILANCE-VUL-20707.

Description of the vulnerability

The ISC BIND product build replies to DNS queries in the dns_message_render*() functions of the lib/dns/message.c file.

However, the DNS_MESSAGE_HEADERLEN header size is not used to check the free space in the response to build. An assertion error thus occurs in the buffer.c file, because developers did not except this case, which stops the process.

An attacker can therefore force an assertion error via buffer.c of ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-7167

libcurl: integer overflow via curl_escape

Synthesis of the vulnerability

An attacker can generate an integer overflow via functions of the curl_escape() family of libcurl, in order to trigger a denial of service, and possibly to run code.
Impacted products: SDS, SES, SNS, OpenOffice, Mac OS X, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, pfSense, Puppet, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/09/2016.
Identifiers: bulletinoct2016, cpuoct2018, CVE-2016-7167, DLA-1568-1, DLA-625-1, FEDORA-2016-7a2ed52d41, FEDORA-2016-80f4f71eff, HT207423, JSA10874, openSUSE-SU-2016:2768-1, RHSA-2017:2016-01, RHSA-2018:3558-01, SSA:2016-259-01, STORM-2019-002, SUSE-SU-2016:2699-1, SUSE-SU-2016:2714-1, USN-3123-1, VIGILANCE-VUL-20606.

Description of the vulnerability

The libcurl library provides the curl_escape(), curl_easy_escape(), curl_unescape() and curl_easy_unescape() functions to convert special characters.

However, if the requested size is too large, an integer overflows, and an allocated memory area is too short.

An attacker can therefore generate an integer overflow via functions of the curl_escape() family of libcurl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-7141

cURL: session reuse even if client certificate changed

Synthesis of the vulnerability

The TLS client of libcurl can reuse a session even if the client certificate changed, which may lead to the authentication with an incorrect identity.
Impacted products: OpenOffice, Mac OS X, Brocade vTM, curl, Debian, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, Puppet, RHEL, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 05/09/2016.
Identifiers: BSA-2016-204, BSA-2016-207, BSA-2016-211, BSA-2016-212, BSA-2016-213, BSA-2016-216, BSA-2016-234, cpuoct2018, CVE-2016-7141, DLA-1568-1, DLA-616-1, HT207423, JSA10874, openSUSE-SU-2016:2379-1, RHSA-2016:2575-02, RHSA-2018:3558-01, USN-3123-1, VIGILANCE-VUL-20516.

Description of the vulnerability

The libcurl library can be installed with NSS, instead of OpenSSL.

The TLS client of libcurl can reuse a session even if the client certificate changed, which may lead to the authentication with an incorrect identity.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-5419 CVE-2016-5420 CVE-2016-5421

cURL: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of cURL.
Impacted products: SDS, SES, SNS, OpenOffice, Mac OS X, Brocade vTM, curl, Debian, Fedora, Android OS, Juniper EX-Series, Junos OS, SRX-Series, openSUSE, openSUSE Leap, Solaris, Puppet, RHEL, Slackware, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, client access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 03/08/2016.
Identifiers: bulletinoct2016, cpuoct2018, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, DLA-586-1, DSA-3638-1, FEDORA-2016-24316f1f56, FEDORA-2016-8354baae0f, HT207423, JSA10874, openSUSE-SU-2016:2227-1, openSUSE-SU-2016:2379-1, RHSA-2016:2575-02, RHSA-2018:3558-01, SSA:2016-219-01, STORM-2019-002, USN-3048-1, VIGILANCE-VUL-20295.

Description of the vulnerability

Several vulnerabilities were announced in cURL.

The TLS client of libcurl can resume a session even if the client certificate changed, which may lead to the authentication with an incorrect identity. [severity:2/4; CVE-2016-5419]

The TLS client of libcurl can reuse a session even if the client certificate changed, which may lead to the authentication with an incorrect identity. [severity:2/4; CVE-2016-5420]

An attacker can force the usage of a freed memory area via curleasyinit(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5421]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-6515

OpenSSH: denial of service via crypt

Synthesis of the vulnerability

An attacker can send a long password, which is hashed by crypt() via OpenSSH, in order to trigger a denial of service.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Brocade vTM, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, IBM System x Server, Juniper EX-Series, Juniper J-Series, Junos OS, Junos Space, SRX-Series, McAfee Email Gateway, Data ONTAP, OpenSSH, openSUSE Leap, RHEL, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 01/08/2016.
Identifiers: BSA-2016-204, BSA-2016-207, BSA-2016-210, BSA-2016-211, BSA-2016-212, BSA-2016-213, BSA-2016-216, BSA-2017-247, CERTFR-2017-AVI-012, CERTFR-2019-AVI-325, CVE-2016-6515, DLA-1500-1, DLA-1500-2, DLA-594-1, FEDORA-2016-4a3debc3a6, FreeBSD-SA-17:06.openssh, JSA10770, JSA10940, K31510510, MIGR-5099595, MIGR-5099597, NTAP-20171130-0003, openSUSE-SU-2016:2339-1, RHSA-2017:2029-01, SA136, SOL31510510, SSA-181018, USN-3061-1, VIGILANCE-VUL-20279.

Description of the vulnerability

The OpenSSH product uses the crypt() function to hash passwords provided by users.

However, if the sent password is too long, the crypt() function consumes numerous resources.

An attacker can therefore send a long password, which is hashed by crypt() via OpenSSH, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-6210

OpenSSH: user detection via BLOWFISH

Synthesis of the vulnerability

An attacker can use a long password on OpenSSH, in order to detect if a login name is valid.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, Data ONTAP, OpenSSH, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 18/07/2016.
Identifiers: bulletinoct2016, CERTFR-2016-AVI-279, CERTFR-2019-AVI-325, CVE-2016-6210, DLA-578-1, DSA-3626-1, FEDORA-2016-16e8d38f57, FEDORA-2016-341c83dbd3, FEDORA-2016-7440fa5ce2, JSA10940, K14845276, NTAP-20190206-0001, openSUSE-SU-2016:2339-1, RHSA-2017:2029-01, RHSA-2017:2563-01, SA136, SSA:2016-219-03, USN-3061-1, VIGILANCE-VUL-20133.

Description of the vulnerability

The OpenSSH product uses a workaround, so authentication trials with an invalid login last as long as a normal authentication. In order to do so, a fake password entry is created, with a hash based on the BLOWFISH algorithm.

However, BLOWFISH is faster than SHA256/SHA512 usually used. If the password to hash is long, the time difference can be measured.

An attacker can therefore use a long password on OpenSSH, in order to detect if a login name is valid.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SRX-Series: