Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)
High Nessus Plugin ID 121068
SynopsisThe remote device is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the remote Junos Space
version is 18.4.x prior to 18.4R1. It is, therefore, affected by
multiple vulnerabilities :
- An integer overflow issue exists in procps-ng. This is
related to CVE-2018-1124. (CVE-2018-1126)
- A directory traversal issue exits in reposync, a part
of yum-utils.tory configuration files. If an attacker
controls a repository, they may be able to copy files
outside of the destination directory on the targeted
system via path traversal. (CVE-2018-10897)
- An integer overflow flaw was found in the Linux
kernel's create_elf_tables() function. An unprivileged
local user with access to SUID binary could use this
flaw to escalate their privileges on the system.
Additionally, Junos Space is affected by several other
vulnerabilities exist as noted in the vendor advisory.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
SolutionUpgrade to Junos Space 18.4R1 or later.