Detections
Analytics
Juniper Junos libxml2 Library Multiple Vulnerabilities (JSA10669)
high Nessus Plugin ID 80957
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
According to its self-reported version number, the remote Junos device is affected by multiple vulnerabilities in the libxml2 library :- A heap-based buffer overflow vulnerability exists which can result in arbitrary code execution. (CVE-2011-1944)
- A denial of service vulnerability exists which can result in excessive CPU consumption. (CVE-2012-0841)
- A heap-based buffer overflow vulnerability exists in the 'xmlParseAttValueComplex' function which can result in arbitrary code execution. (CVE-2012-5134)
- A denial of service vulnerability exists due to excessive CPU and memory consumption in the processing of XML files containing entity declarations with long replacement text (also known as 'internal entity expansion with linear complexity'). (CVE-2013-0338)
- A denial of service vulnerability exists related to the XML_PARSER_EOF state checking. (CVE-2013-2877)
These vulnerabilities can be exploited by a remote attacker via a specially crafted XML file.
Solution
Apply the relevant Junos upgrade referenced in Juniper advisory JSA10669.See Also
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10669
Plugin Details
Severity: High
ID: 80957
File Name: juniper_jsa10669.nasl
Version: 1.9
Type: combined
Family: Junos Local Security Checks
Published: 1/23/2015
Updated: 7/12/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:juniper:junos
Required KB Items: Host/Juniper/JUNOS/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/14/2015
Vulnerability Publication Date: 3/23/2011
Reference Information
CVE: CVE-2011-1944, CVE-2012-0841, CVE-2012-5134, CVE-2013-0338, CVE-2013-2877