copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2014.0763.2 - UPDATE [Juniper] Juniper Junos Space: Multiple vulnerabilities

Date: 06 November 2014
References: ESB-2010.0403  ASB-2011.0093  ESB-2011.1076.2  ESB-2012.0144  ASB-2012.0144  ESB-2012.0998  ASB-2013.0113  ASB-2014.0005  ESB-2014.2247  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2014.0763.2
   Multiple critical vulnerabilities have been identified in Junos Space
                              6 November 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Juniper Junos Space
Publisher:         Juniper Networks
Operating System:  Juniper
Impact/Access:     Root Compromise          -- Remote/Unauthenticated
                   Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-3413 CVE-2013-3839 CVE-2013-3812
                   CVE-2013-3809 CVE-2013-3808 CVE-2013-3805
                   CVE-2013-3804 CVE-2013-3802 CVE-2013-3801
                   CVE-2013-3794 CVE-2013-3793 CVE-2013-3783
                   CVE-2013-2422 CVE-2013-2392 CVE-2013-2391
                   CVE-2013-2389 CVE-2013-2376 CVE-2013-2375
                   CVE-2013-1896 CVE-2013-1862 CVE-2013-1557
                   CVE-2013-1544 CVE-2013-1537 CVE-2013-1532
                   CVE-2013-1511 CVE-2013-1502 CVE-2012-3143
                   CVE-2012-0818 CVE-2011-5245 CVE-2010-1429
                   CVE-2010-1428 CVE-2010-0738 

Reference:         ASB-2014.0005
                   ASB-2013.0113
                   ASB-2012.0144
                   ASB-2011.0093
                   ESB-2012.0998
                   ESB-2012.0144
                   ESB-2011.1076.2
                   ESB-2010.0403

Original Bulletin: 
   https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10626
   https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10627

Comment: This update is for advisory JSA10627.
         
         This bulletin contains two (2) Juniper Networks security advisories.

Revision History:  November  6 2014: Included RESTEasy vulnerabilities 
                                     CVE-2011-5245 and CVE-2012-0818
                   May      20 2014: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

2014-05 Security Bulletin: Junos Space: Arbitrary command execution 
vulnerability (CVE-2014-3412)

Categories: 	

    Junos Space
    SIRT Advisory
	
Security Advisories ID: 	JSA10626
Last Updated: 			14 May 2014	
Version: 			1.0

Product Affected:
Junos Space and JA1500, JA2500 (Junos Space Appliance) with Junos Space 13.1 
and earlier releases.

Problem:

A vulnerability in Junos Space releases before 13.3R1.8 when firewall is 
disabled, may allow a remote unauthenticated attacker to execute arbitrary 
commands with root privileges leading to complete compromise of the system
and devices managed by Junos Space. A firewall is enabled by default on Junos 
Space. This vulnerability cannot be exploited remotely when the firewall is 
enabled.

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This issue has been assigned CVE-2014-3412.

Solution:
This issue is fixed in Junos Space 13.3R1.8 and all subsequent releases.

Workaround:
Enable firewall on Junos Space and limit access only from trusted hosts.

Implementation:

Junos Space releases can be obtained from:
http://www.juniper.net/support/downloads/?p=space#sw

Related Links:

    KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin 
    Publication Process

    KB16765: In which releases are vulnerabilities fixed?

    KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security  
    Advisories

    Report a Security Vulnerability - How to Contact the Juniper Networks 
    Security Incident Response Team

CVSS Score:
10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Risk Level:
Critical

Risk Assessment:
We consider this to be a critical issue. A remote network based attacker can 
get complete access to Junos Space or other devices managed by Junos Space.

Acknowledgements:

- ----------------------------------------------------------------------------

2014-05 Junos Space: Multiple vulnerabilities resolved by third party software
upgrades

Categories:

    Junos Space
    SIRT Advisory

Security Advisories ID: JSA10627

Last Updated: 05 Nov 2014

Version: 2.0

PRODUCT AFFECTED:

Junos Space and JA1500, JA2500 (Junos Space Appliance) with Junos Space 13.1 
and earlier releases.

PROBLEM:

Junos Space release 13.3R1.8 addresses multiple vulnerabilities in prior 
releases with updated third party software components. The following is a list
of software upgraded and vulnerabilities resolved:

Apache HTTP Server upgraded to 2.2.25 which resolves:

CVE 			CVSS base score 			Type of issue

CVE-2013-1862 		5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 	Arbitrary command execution

CVE-2013-1896 		4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)	Denial of service

Oracle MySQL server upgraded to 5.5.34 which resolves:

CVE 			CVSS base score 			Type of issue

CVE-2013-1502 		1.5 (AV:L/AC:M/Au:S/C:N/I:N/A:P) 	Denial of service

CVE-2013-1511 		3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 	Denial of service

CVE-2013-1532 		4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 	Denial of service

CVE-2013-1544 		4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 	Denial of service

CVE-2013-2375 		6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 	Partial system compromise

CVE-2013-2376 		4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 	Denial of service

CVE-2013-2389 		4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 	Denial of service

CVE-2013-2391 		3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N) 	Unauthorized disclosure or 
								modification

CVE-2013-2392 		4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 	Denial of service

CVE-2013-3783 		4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)	Denial of service

CVE-2013-3793 		4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 	Denial of service

CVE-2013-3794 		4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 	Denial of service

CVE-2013-3801 		5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 	Denial of service

CVE-2013-3802 		4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 	Denial of service

CVE-2013-3804 		4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 	Denial of service

CVE-2013-3805 		4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 	Denial of service

CVE-2013-3808 		4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 	Denial of service

CVE-2013-3809 		4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) 	Unauthorized modification

CVE-2013-3812 		3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 	Denial of service

CVE-2013-3839 		4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 	Denial of service

Oracle Java SE JDK upgraded to 7u45 which resolves a number of vulnerabilities
that affect server deployments of Java including but not limited to:

CVE 			CVSS base score 			Type of issue

CVE-2012-3143 		10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 	Critical vulnerability in JMX

CVE-2013-1537 		10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 	Critical vulnerability in Java RMI

CVE-2013-1557 		10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 	Critical vulnerability in Java RMI

CVE-2013-2422 		10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 	Critical vulnerability in Java Libraries

RedHat JBoss application server upgraded to 7.1 resolves:

CVE 			CVSS base score 			Type of issue

CVE-2010-0738 		10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 	Arbitrary code execution as root

CVE-2010-1428 		10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 	Arbitrary code execution as root

CVE-2010-1429 		5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 	Information disclosure

CVE-2012-0818 		5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 	XML External Entities Resolution (XXE) 
								vulnerability in Redhat RESTEasy

CVE-2011-5245 		5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 	XML External Entities Resolution (XXE) 
								vulnerability in Redhat RESTEasy

The MySQL server used in Junos Space prior to 13.3R1.8 has a user account with
a hardcoded password. If the firewall that is enabled by default in Junos 
Space is disabled for any reason, then information stored by Junos Space on 
MySQL database could be accessed over the network, leading to an information 
disclosure vulnerability. Information in the MySQL database can be misused to
get complete control of the system or devices managed by Junos Space. MySQL 
server configuration in 13.3R1.8 has been hardened and restricted to resolve 
this vulnerability. This issue is assigned CVE-2014-3413. CVSS v2 base score 
for this vulnerability is 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C).

SOLUTION:

This issue is fixed in Junos Space 13.3R1.8 and all subsequent releases.

WORKAROUND:

These vulnerabilities can be mitigated by enabling the firewall on Junos Space
and limiting access only from trusted hosts.

IMPLEMENTATION:

Junos Space releases can be obtained from:

http://www.juniper.net/support/downloads/?p=space#sw

MODIFICATION HISTORY:

14 May 2014: Initial release.

5 Nov 2014: Included RESTEasy vulnerabilities CVE-2011-5245 and CVE-2012-0818.

RELATED LINKS:

KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin 
Publication Process

KB16765: In which releases are vulnerabilities fixed?

KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security 
Advisories

Report a Security Vulnerability - How to Contact the Juniper Networks Security
Incident Response Team

CVSS SCORE:

10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

RISK LEVEL:

Critical

RISK ASSESSMENT:

We consider this to be a critical issue. A remote network based attacker can 
get complete access to Junos Space or other devices managed by Junos Space.

ACKNOWLEDGEMENTS:

Juniper SIRT would like to acknowledge and thank Tenable Network Security for
responsibly reporting CVE-2014-3413 vulnerability.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVFrlBhLndAQH1ShLAQKJxg/+KjGgC1NbNLidvTP1lPhC98gKgF0cPOv8
RvdrBg/eJPEiA8xrlGmmbgTbR0UlRTVLgM0c4o9+YXFBFaviXDvF4wCepxa4HPKY
XB+tbK1IvhVqD3YGSE5LksfQIKHMtZqF3ynkQ0Fqp6DVr8kgmwdb05jndrHbbu9F
R2StLr2WrOCoFeS3/9SVTOQmyUIgvdGCHlu7YtsVra83l6k4RFK0VnVF8i6gStGq
/+h/oE3Cwps7cf9n4xYK/sHDQvi0R9ixUeD79GrzfR2+OhR1kHyJgXE/TBJ/Hrv1
vkny3UZ29uSWKwOm7kVbs8XX3SHwPMgbHLThc9REoVArmQKaxz4VVurfZZEKescZ
J2N0ul+LzWD9u/RGOHWgDkC6VRaOhllj0WuL6pkPbhHXs6LghfDvjKUvmKZ124HS
WzfOVcSQxmzEK6/bBvnIfVTL/0ZyIZ6jQrsJxtkhV2lTokrTbwv1y9bymWu6RROp
GmNfKNWKi/mlqzKw05XVg964uGCEva/xuPA4yr+kmI9vLv46X3ad8RdluhEwHNqF
owZ1qX3dX0jranI5+n3+LCkgYd/Kkcq0sjVW5FnXSJzxfrTbTRQYKYCiADK3FK3i
9xyAIbP50KX2cxfbKxvQP+uUD0Tiv8HxeaQjUFQ0ARTgYvsyOVA5czF47En1IQD5
Qub2H2/Pqok=
=vCFP
-----END PGP SIGNATURE-----