Juniper Junos PHP multiple vulnerabilities (JSA10804)

high Nessus Plugin ID 102079

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its self-reported version number and configuration, the remote Juniper Junos device is affected by multiple vulnerabilities in the included PHP version :

- An unspecified flaw exists in the SQLite extension that allows an unauthenticated, remote attacker to bypass the 'open_basedir' constraint. (CVE-2012-3365)

- A heap-based buffer overflow condition exists in file ext/xml/xml.c due to not properly considering parsing depth. An unauthenticated, remote attacker can exploit this issue, via a specially crafted XML document that is processed by the xml_parse_into_struct() function, to cause a denial of service condition or the execution of arbitrary code. (CVE-2013-4113)

- A memory corruption issue exists in the PHP OpenSSL extension in the openssl_x509_parse() function due to improper sanitization of user-supplied input when parsing 'notBefore' and 'notAfter' timestamps in X.509 certificates. An unauthenticated, remote attacker can exploit this issue, via a specially crafted certificate, to cause a denial of service condition or the execution of arbitrary code. (CVE-2013-6420)

- A double-free error exists in the zend_ts_hash_graceful_destroy() function within file Zend/zend_ts_hash.c that allows an unauthenticated, remote attacker to cause a denial of service condition.
(CVE-2014-9425)

Solution

Upgrade to the relevant Junos software release referenced in Juniper security advisory JSA10804.

See Also

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10804

Plugin Details

Severity: High

ID: 102079

File Name: juniper_jsa10804.nasl

Version: 1.3

Type: combined

Published: 7/31/2017

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/JUNOS/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/12/2017

Vulnerability Publication Date: 7/19/2012

Reference Information

CVE: CVE-2012-3365, CVE-2013-4113, CVE-2013-6420, CVE-2014-9425

BID: 54612, 61128, 64225, 71800

JSA: JSA10804