Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5672
Contrail Networking: Multiple Vulnerabilities have been
resolved in Contrail Networking R22.3
8 November 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Contrail Networking
Publisher: Juniper Networks
Operating System: Juniper
Resolution: Patch/Upgrade
CVE Names: CVE-2021-23840 CVE-2021-3765 CVE-2021-3712
CVE-2020-28469 CVE-2019-1551 CVE-2019-1543
CVE-2007-6755
Original Bulletin:
https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-R22-3
Comment: CVSS (Max): 7.5 CVE-2021-3765 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Source: NVD
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
Article ID: JSA69903
Product Affected: These issues affect Contrail Networking
Severity Level: High
CVSS Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Problem:
Multiple vulnerabilities in third party software used in Juniper Networks
Contrail Networking have been resolved in release R22.3.
These issues affect all Juniper Networks Contrail Networking versions prior to
R22.3.
These issues were discovered during external security research.
Important security issues resolved include:
CVE CVSS Summary
CVE-2007-6755 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N The NIST SP 800-90A default
statement of the Dual Elliptic Curve Deterministic Random Bit Generation
(Dual_EC_DRBG) algorithm contains point Q constants with a possible
relationship to certain "skeleton key" values, which might allow
context-dependent attackers to defeat cryptographic protection mechanisms by
leveraging knowledge of those values. NOTE: this is a preliminary CVE for
Dual_EC_DRBG; future research may provide additional details about point Q and
associated attacks, and could potentially lead to a RECAST or REJECT of this
CVE.
CVE-2019-1543 7.4 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
every encryption operation. RFC 7539 specifies that the nonce value (IV) should
be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads
the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly
allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes
are significant and any additional leading bytes are ignored. It is a
requirement of using this cipher that nonce values are unique. Messages
encrypted using a reused nonce value are susceptible to serious confidentiality
and integrity attacks. If an application changes the default nonce length to be
longer than 12 bytes and then makes a change to the leading bytes of the nonce
expecting the new value to be a new unique nonce then such an application could
inadvertently encrypt messages with a reused nonce. Additionally the ignored
bytes in a long nonce are not covered by the integrity guarantee of this
cipher. Any application that relies on the integrity of these ignored leading
bytes of a long nonce may be further affected. Any OpenSSL internal use of this
cipher, including in SSL/TLS, is safe because no such use sets such a long
nonce value. However user applications that use this cipher directly and set a
non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL
versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope
of affected deployments this has been assessed as low severity and therefore we
are not creating new releases at this time. Fixed in OpenSSL 1.1.1c (Affected
1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j).
CVE-2019-1551 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) There
is an overflow bug in the x64_64 Montgomery squaring procedure used in
exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis
suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as
a result of this defect would be very difficult to perform and are not believed
likely. Attacks against DH512 are considered just feasible. However, for an
attack the target would have to re-use the DH512 private key, which is not
recommended anyway. Also applications directly using the low level API
BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL
1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).
CVE-2020-28469 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) This
affects the package glob-parent before 5.1.2. The enclosure regex used to check
for strings ending in enclosure containing path separator.
CVE-2021-23840 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Calls
to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the
output length argument in some cases where the input length is close to the
maximum permissable length for an integer on the platform. In such cases the
return value from the function call will be 1 (indicating success), but the
output length value will be negative. This could cause applications to behave
incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this
issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL
versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is
out of support and no longer receiving public updates. Premium support
customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade
to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL
1.0.2y (Affected 1.0.2-1.0.2x).
CVE-2021-3712 7.4 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H) ASN.1
strings are represented internally within OpenSSL as an ASN1_STRING structure
which contains a buffer holding the string data and a field holding the buffer
length. This contrasts with normal C strings which are repesented as a buffer
for the string data which is terminated with a NUL (0) byte. Although not a
strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i"
functions (and other similar parsing functions) as well as any string whose
value has been set with the ASN1_STRING_set() function will additionally NUL
terminate the byte array in the ASN1_STRING structure. However, it is possible
for applications to directly construct valid ASN1_STRING structures which do
not NUL terminate the byte array by directly setting the "data" and "length"
fields in the ASN1_STRING array. This can also happen by using the
ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data
have been found to assume that the ASN1_STRING byte array will be NUL
terminated, even though this is not guaranteed for strings that have been
directly constructed. Where an application requests an ASN.1 structure to be
printed, and where that ASN.1 structure contains ASN1_STRINGs that have been
directly constructed by the application without NUL terminating the "data"
field, then a read buffer overrun can occur. The same thing can also occur
during name constraints processing of certificates (for example if a
certificate has been directly constructed by the application instead of loading
it via the OpenSSL parsing functions, and the certificate contains non NUL
terminated ASN1_STRING structures). It can also occur in the X509_get1_email(),
X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can
cause an application to directly construct an ASN1_STRING and then process it
through one of the affected OpenSSL functions then this issue could be hit.
This might result in a crash (causing a Denial of Service attack). It could
also result in the disclosure of private memory contents (such as private keys,
or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed
in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
CVE-2021-3765 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
validator.js is vulnerable to Inefficient Regular Expression Complexity
Solution:
The following software releases have been updated to resolve these specific
issues: Contrail Networking R22.3, and all subsequent releases.
These issues are being tracked as PR CN2-5003.d
Note: Juniper SIRT's policy is not to evaluate releases which are beyond End of
Engineering (EOE) or End of Life (EOL).
IMPLEMENTATION:
Software Releases, patches and updates are available at
https://support.juniper.net/support/downloads/.
Workaround:
There are no known workarounds for these issues.
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
Modification History:
2022-10-12: Initial Publication.
Related Information:
KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin
Publication Process
KB16765: In which releases are vulnerabilities fixed?
KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security
Advisories
Report a Security Vulnerability - How to Contact the Juniper Networks
Security Incident Response Team
https://www.juniper.net/documentation/product/us/en/cloud-native-contrail-networ
king/
Last Updated: 2022-10-12
Created: 2022-10-12
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY2oNEskNZI30y1K9AQgsDA//eaVwKqKjjz/70/Q4XtqzPeu4SaL7uCvF
LQn3yELZ12RTwNHgISx+ztM5QG8HEBnGa0wLuvy55qoC3481FndqABppM4va1Fcb
sm8unekq9N+b1tzcvwxrA9W6PV2QieUynCTcSN6oyiiJ6TdMGnpC9MWpZFgaRS48
QSA/pycA2rvgQMvzANH5MR9OMNQxPSFnKg8BR5s3FBG1aj6qcrCoScgeNn8O9Mf2
QrBWj+VIVJTYQVq8V2GyfOJBUXdtY1F13wmsTCFdAyXJGkebgpmghgS9Iq7ZwvXI
sgz6Kr3QPcRCn1j0PVDyFuOQ9SFpVLaijq+mUZ2r+3ZPBHbbc08ozvRCCoQSzf4P
irJPGGN8euY1K38YXfK3bc70x3r+pTM/vtIdoW2VhVY0FHyn8GZlnPe/1sXN9mym
YD4gGpy4dHO6QyGrPu7amhBRH/dYYhrNWzYVrVkhkUR37n14ZTvEB6GsQCQt5+me
wMqwLK+JEGR0508LkoqprVc+U7Xc6sW/DjXC37STEQ650PJAgB0GeAjr/acprCSO
EBLO7a5Wsi7IP35ATq9am7SKT3F6T6lfZQiBEUco9hrcZhPGr68XZCBjs4txoCkP
3F3EaGEKzy/XP+Q3NrH5FqZVXn4gI5Ku07DInD4d+O33WpKRGLy99TklpPIu5kUn
UD84fMzHXi0=
=uNA+
-----END PGP SIGNATURE-----