Juniper Junos FreeBSD libc db Information Disclosure (JSA10756)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

According to its self-reported version number, the remote Juniper
Junos device is affected by an information disclosure vulnerability in
the underlying FreeBSD operating system libc db interface due to
improper initialization of memory for Berkeley DB 1.85 database
structures. A local attacker can exploit this to disclose sensitive
information by reading a database file.

See also :

https://kb.juniper.net/JSA10756

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
advisory JSA10756.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Junos Local Security Checks

Nessus Plugin ID: 92514 ()

Bugtraq ID: 34666

CVE ID: CVE-2009-1436

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now