Juniper Junos Space < 15.1R1 Multiple Vulnerabilities (JSA10698)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote device is affected by multiple vulnerabilities.

Description :

According to its self-reported version number, the version of Junos
Space running on the remote device is prior to 15.1R1. It is,
therefore, affected by multiple vulnerabilities :

- An error exists within the Apache 'mod_session_dbd'
module, related to save operations for a session, due to
a failure to consider the dirty flag and to require a
new session ID. An unauthenticated, remote attacker can
exploit this to have an unspecified impact.
(CVE-2013-2249)

- An unspecified flaw exists in the MySQL Server component
related to error handling that allows a remote attacker
to cause a denial of service condition. (CVE-2013-5908)

- A flaw exists within the Apache 'mod_dav' module that is
caused when tracking the length of CDATA that has
leading white space. An unauthenticated, remote attacker
can exploit this, via a specially crafted DAV WRITE
request, to cause the service to stop responding.
(CVE-2013-6438)

- A flaw exists within the Apache 'mod_log_config' module
that is caused when logging a cookie that has an
unassigned value. An unauthenticated, remote attacker
can exploit this, via a specially crafted request, to
cause the service to crash. (CVE-2014-0098)

- A flaw exists, related to pixel manipulation, in the
2D component in the Oracle Java runtime that allows an
unauthenticated, remote attacker to impact availability,
confidentiality, and integrity. (CVE-2014-0429)

- A flaw exists, related to PKCS#1 unpadding, in the
Security component in the Oracle Java runtime that
allows an unauthenticated, remote attacker to gain
knowledge of timing information, which is intended to
be protected by encryption. (CVE-2014-0453)

- A race condition exists, related to array copying, in
the Hotspot component in the Oracle Java runtime that
allows an unauthenticated, remote attacker to execute
arbitrary code. (CVE-2014-0456)

- A flaw exists in the JNDI component in the Oracle Java
runtime due to missing randomization of query IDs. An
unauthenticated, remote attacker can exploit this to
conduct spoofing attacks. (CVE-2014-0460)

- A flaw exists in the Mozilla Network Security Services
(NSS) library, which is due to lenient parsing of ASN.1
values involved in a signature and can lead to the
forgery of RSA signatures, such as SSL certificates.
(CVE-2014-1568)

- An unspecified flaw exists in the MySQL Server component
related to the CLIENT:SSL:yaSSL subcomponent that allows
a remote attacker to impact integrity. (CVE-2014-6478)

- Multiple unspecified flaws exist in the MySQL Server
component related to the SERVER:SSL:yaSSL subcomponent
that allow a remote attacker to impact confidentiality,
integrity, and availability. (CVE-2014-6491,
CVE-2014-6500)

- Multiple unspecified flaws exist in the MySQL Server
component related to the CLIENT:SSL:yaSSL subcomponent
that allow a remote attacker to cause a denial of
service condition. (CVE-2014-6494, CVE-2014-6495,
CVE-2014-6496)

- An unspecified flaw exists in the MySQL Server component
related to the C API SSL Certificate Handling
subcomponent that allows a remote attacker to disclose
potentially sensitive information. (CVE-2014-6559)

- An unspecified flaw exists in the MySQL Server component
related to the Server:Compiling subcomponent that allows
an authenticated, remote attacker to cause a denial of
service condition. (CVE-2015-0501)

- An XML external entity (XXE) injection vulnerability
exists in OpenNMS due to the Castor component accepting
XML external entities from exception messages. An
unauthenticated, remote attacker can exploit this, via
specially crafted XML data in a RTC post, to access
local files. (CVE-2015-0975)

- An unspecified flaw exists in the MySQL Server component
related to the Server:Security:Privileges subcomponent
that allows a remote attacker to disclose potentially
sensitive information. (CVE-2015-2620)

- A heap buffer overflow condition exists in QEMU in the
pcnet_transmit() function within file hw/net/pcnet.c
due to improper validation of user-supplied input when
handling multi-TMD packets with a length above 4096
bytes. An unauthenticated, remote attacker can exploit
this, via specially crafted packets, to gain elevated
privileges from guest to host. (CVE-2015-3209)

- Multiple cross-site scripting (XSS), SQL injection, and
command injection vulnerabilities exist in Junos Space
that allow an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2015-7753)

See also :

http://www.nessus.org/u?22595a74

Solution :

Upgrade to Junos Space version 15.1R1 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false