Juniper Junos libxml2 Library Multiple Vulnerabilities (JSA10669)
High Nessus Plugin ID 80957
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Junos device is affected by multiple vulnerabilities in the libxml2 library :
- A heap-based buffer overflow vulnerability exists which can result in arbitrary code execution. (CVE-2011-1944)
- A denial of service vulnerability exists which can result in excessive CPU consumption. (CVE-2012-0841)
- A heap-based buffer overflow vulnerability exists in the 'xmlParseAttValueComplex' function which can result in arbitrary code execution. (CVE-2012-5134)
- A denial of service vulnerability exists due to excessive CPU and memory consumption in the processing of XML files containing entity declarations with long replacement text (also known as 'internal entity expansion with linear complexity'). (CVE-2013-0338)
- A denial of service vulnerability exists related to the XML_PARSER_EOF state checking. (CVE-2013-2877)
These vulnerabilities can be exploited by a remote attacker via a specially crafted XML file.
SolutionApply the relevant Junos upgrade referenced in Juniper advisory JSA10669.