Juniper Junos PHP multiple vulnerabilities (JSA10804)

High Nessus Plugin ID 102079

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its self-reported version number and configuration, the remote Juniper Junos device is affected by multiple vulnerabilities in the included PHP version :

- An unspecified flaw exists in the SQLite extension that allows an unauthenticated, remote attacker to bypass the 'open_basedir' constraint. (CVE-2012-3365)

- A heap-based buffer overflow condition exists in file ext/xml/xml.c due to not properly considering parsing depth. An unauthenticated, remote attacker can exploit this issue, via a specially crafted XML document that is processed by the xml_parse_into_struct() function, to cause a denial of service condition or the execution of arbitrary code. (CVE-2013-4113)

- A memory corruption issue exists in the PHP OpenSSL extension in the openssl_x509_parse() function due to improper sanitization of user-supplied input when parsing 'notBefore' and 'notAfter' timestamps in X.509 certificates. An unauthenticated, remote attacker can exploit this issue, via a specially crafted certificate, to cause a denial of service condition or the execution of arbitrary code. (CVE-2013-6420)

- A double-free error exists in the zend_ts_hash_graceful_destroy() function within file Zend/zend_ts_hash.c that allows an unauthenticated, remote attacker to cause a denial of service condition.
(CVE-2014-9425)

Solution

Upgrade to the relevant Junos software release referenced in Juniper security advisory JSA10804.

See Also

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10804

Plugin Details

Severity: High

ID: 102079

File Name: juniper_jsa10804.nasl

Version: 1.3

Type: combined

Published: 2017/07/31

Modified: 2018/07/12

Dependencies: 55932

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/JUNOS/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/07/12

Vulnerability Publication Date: 2012/07/19

Reference Information

CVE: CVE-2012-3365, CVE-2013-4113, CVE-2013-6420, CVE-2014-9425

BID: 54612, 61128, 64225, 71800

JSA: JSA10804

EDB-ID: 30395