Juniper Junos libgd Compressed GD2 Data RCE (JSA10798)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by a remote code execution
vulnerability.

Description :

According to its self-reported version number, the remote Juniper
Junos device is affected by an integer signedness error in the
included GD Graphics Library (libgd) when handling compressed GD2 data
due to improper validation of user-supplied input. An unauthenticated,
remote attacker can exploit this, via specially crafted compressed GD2
data, to cause a heap-based buffer overflow, resulting in a denial of
service condition or the execution of arbitrary code.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10798

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
security advisory JSA10798.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Junos Local Security Checks

Nessus Plugin ID: 102073 ()

Bugtraq ID: 87087

CVE ID: CVE-2016-3074

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now