Juniper Junos libxml2 Library Multiple Vulnerabilities (JSA10669)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

According to its self-reported version number, the remote Junos device
is affected by multiple vulnerabilities in the libxml2 library :

- A heap-based buffer overflow vulnerability exists which
can result in arbitrary code execution. (CVE-2011-1944)

- A denial of service vulnerability exists which can
result in excessive CPU consumption. (CVE-2012-0841)

- A heap-based buffer overflow vulnerability exists in
the 'xmlParseAttValueComplex' function which can result
in arbitrary code execution. (CVE-2012-5134)

- A denial of service vulnerability exists due to
excessive CPU and memory consumption in the processing
of XML files containing entity declarations with long
replacement text (also known as 'internal entity
expansion with linear complexity'). (CVE-2013-0338)

- A denial of service vulnerability exists related to the
XML_PARSER_EOF state checking. (CVE-2013-2877)

These vulnerabilities can be exploited by a remote attacker via a
specially crafted XML file.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10669

Solution :

Apply the relevant Junos upgrade referenced in Juniper advisory
JSA10669.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Junos Local Security Checks

Nessus Plugin ID: 80957 ()

Bugtraq ID: 48056
52107
56684
58180
61050

CVE ID: CVE-2011-1944
CVE-2012-0841
CVE-2012-5134
CVE-2013-0338
CVE-2013-2877

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now