Juniper Junos sendmsg Local Privilege Escalation (JSA10797)
High Nessus Plugin ID 102072
SynopsisThe remote device is affected by a privilege escalation vulnerability.
DescriptionAccording to its self-reported version number, the remote Juniper Junos device is affected by a heap-based buffer overflow condition in the sendmsg system call, specifically due to incorrect handling of arguments in the sockargs() function in sys/kern/uipc_syscalls.c. A local attacker can exploit this to overwrite large portions of the kernel memory, resulting in a denial of service condition or the execution of arbitrary code with elevated privileges.
SolutionUpgrade to the relevant Junos software release referenced in Juniper security advisory JSA10797.