Juniper Junos Space < 18.2R1 Multiple Vulnerabilities (JSA10880)

High Nessus Plugin ID 126510

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the version of Junos Space running on the remote device is < 18.2R1, and is therefore affected by multiple vulnerabilities:

- Due to untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4, unauthenticated, remote attacker can execute execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. (CVE-2016-10009)
- In OpenSSH before 7.4, an authenticated local attacker can escalate privileges via unspecified vectors, related to serverloop.c. (CVE-2016-10010)
- authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents. an authenticated local attacker can obtain sensitive private-key information by leveraging access to a privilege-separated child process. (CVE-2016-10011)
- In sshd in OpenSSH before 7.4, a local attacker can gain privileges by leveraging access to a sandboxed privilege-separation process due to a bounds check that's enforced by all by the shared memory manager. (CVE-2016-10012)
- The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows local attackers to create zero-length files. (CVE-2017-15906)
- A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. (CVE-2018-0046)

Solution

Upgrade to Junos Space version 18.2R1 or later.

See Also

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10880

Plugin Details

Severity: High

ID: 126510

File Name: juniper_space_jsa10880.nasl

Version: 1.2

Type: local

Published: 2019/07/05

Updated: 2019/07/11

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2016-10009

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.3

Temporal Score: 6.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:juniper:junos_space

Required KB Items: Host/Junos_Space/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/10/10

Vulnerability Publication Date: 2018/10/10

Reference Information

CVE: CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2017-15906, CVE-2018-0046

BID: 94968, 94972, 94975, 94977, 101552, 105566

JSA: JSA10880