Juniper Junos PHP multiple vulnerabilities (JSA10804)
High Nessus Plugin ID 102079
SynopsisThe remote device is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number and configuration, the remote Juniper Junos device is affected by multiple vulnerabilities in the included PHP version :
- An unspecified flaw exists in the SQLite extension that allows an unauthenticated, remote attacker to bypass the 'open_basedir' constraint. (CVE-2012-3365)
- A heap-based buffer overflow condition exists in file ext/xml/xml.c due to not properly considering parsing depth. An unauthenticated, remote attacker can exploit this issue, via a specially crafted XML document that is processed by the xml_parse_into_struct() function, to cause a denial of service condition or the execution of arbitrary code. (CVE-2013-4113)
- A memory corruption issue exists in the PHP OpenSSL extension in the openssl_x509_parse() function due to improper sanitization of user-supplied input when parsing 'notBefore' and 'notAfter' timestamps in X.509 certificates. An unauthenticated, remote attacker can exploit this issue, via a specially crafted certificate, to cause a denial of service condition or the execution of arbitrary code. (CVE-2013-6420)
- A double-free error exists in the zend_ts_hash_graceful_destroy() function within file Zend/zend_ts_hash.c that allows an unauthenticated, remote attacker to cause a denial of service condition.
SolutionUpgrade to the relevant Junos software release referenced in Juniper security advisory JSA10804.