Juniper Junos PHP multiple vulnerabilities (JSA10804)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by multiple vulnerabilities.

Description :

According to its self-reported version number and configuration, the
remote Juniper Junos device is affected by multiple vulnerabilities in
the included PHP version :

- An unspecified flaw exists in the SQLite extension
that allows an unauthenticated, remote attacker to
bypass the 'open_basedir' constraint. (CVE-2012-3365)

- A heap-based buffer overflow condition exists in file
ext/xml/xml.c due to not properly considering parsing
depth. An unauthenticated, remote attacker can exploit
this issue, via a specially crafted XML document that is
processed by the xml_parse_into_struct() function, to
cause a denial of service condition or the execution of
arbitrary code. (CVE-2013-4113)

- A memory corruption issue exists in the PHP OpenSSL
extension in the openssl_x509_parse() function due to
improper sanitization of user-supplied input when
parsing 'notBefore' and 'notAfter' timestamps in X.509
certificates. An unauthenticated, remote attacker can
exploit this issue, via a specially crafted certificate,
to cause a denial of service condition or the execution
of arbitrary code. (CVE-2013-6420)

- A double-free error exists in the
zend_ts_hash_graceful_destroy() function within file
Zend/zend_ts_hash.c that allows an unauthenticated,
remote attacker to cause a denial of service condition.
(CVE-2014-9425)

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10804

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
security advisory JSA10804.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Junos Local Security Checks

Nessus Plugin ID: 102079 ()

Bugtraq ID: 54612
61128
64225
71800

CVE ID: CVE-2012-3365
CVE-2013-4113
CVE-2013-6420
CVE-2014-9425

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now