Juniper Junos Space < 18.2R1 Multiple Vulnerabilities (JSA10880)
High Nessus Plugin ID 126510
SynopsisThe remote device is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the version of Junos Space running on the remote device is < 18.2R1, and is therefore affected by multiple vulnerabilities:
- Due to untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4, unauthenticated, remote attacker can execute execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. (CVE-2016-10009)
- In OpenSSH before 7.4, an authenticated local attacker can escalate privileges via unspecified vectors, related to serverloop.c. (CVE-2016-10010)
- authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents. an authenticated local attacker can obtain sensitive private-key information by leveraging access to a privilege-separated child process. (CVE-2016-10011)
- In sshd in OpenSSH before 7.4, a local attacker can gain privileges by leveraging access to a sandboxed privilege-separation process due to a bounds check that's enforced by all by the shared memory manager. (CVE-2016-10012)
- The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows local attackers to create zero-length files. (CVE-2017-15906)
- A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. (CVE-2018-0046)
SolutionUpgrade to Junos Space version 18.2R1 or later.