Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.0763.2
Multiple critical vulnerabilities have been identified in Junos Space
6 November 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Juniper Junos Space
Publisher: Juniper Networks
Operating System: Juniper
Impact/Access: Root Compromise -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2014-3413 CVE-2013-3839 CVE-2013-3812
CVE-2013-3809 CVE-2013-3808 CVE-2013-3805
CVE-2013-3804 CVE-2013-3802 CVE-2013-3801
CVE-2013-3794 CVE-2013-3793 CVE-2013-3783
CVE-2013-2422 CVE-2013-2392 CVE-2013-2391
CVE-2013-2389 CVE-2013-2376 CVE-2013-2375
CVE-2013-1896 CVE-2013-1862 CVE-2013-1557
CVE-2013-1544 CVE-2013-1537 CVE-2013-1532
CVE-2013-1511 CVE-2013-1502 CVE-2012-3143
CVE-2012-0818 CVE-2011-5245 CVE-2010-1429
CVE-2010-1428 CVE-2010-0738
Reference: ASB-2014.0005
ASB-2013.0113
ASB-2012.0144
ASB-2011.0093
ESB-2012.0998
ESB-2012.0144
ESB-2011.1076.2
ESB-2010.0403
Original Bulletin:
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10626
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10627
Comment: This update is for advisory JSA10627.
This bulletin contains two (2) Juniper Networks security advisories.
Revision History: November 6 2014: Included RESTEasy vulnerabilities
CVE-2011-5245 and CVE-2012-0818
May 20 2014: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
2014-05 Security Bulletin: Junos Space: Arbitrary command execution
vulnerability (CVE-2014-3412)
Categories:
Junos Space
SIRT Advisory
Security Advisories ID: JSA10626
Last Updated: 14 May 2014
Version: 1.0
Product Affected:
Junos Space and JA1500, JA2500 (Junos Space Appliance) with Junos Space 13.1
and earlier releases.
Problem:
A vulnerability in Junos Space releases before 13.3R1.8 when firewall is
disabled, may allow a remote unauthenticated attacker to execute arbitrary
commands with root privileges leading to complete compromise of the system
and devices managed by Junos Space. A firewall is enabled by default on Junos
Space. This vulnerability cannot be exploited remotely when the firewall is
enabled.
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
This issue has been assigned CVE-2014-3412.
Solution:
This issue is fixed in Junos Space 13.3R1.8 and all subsequent releases.
Workaround:
Enable firewall on Junos Space and limit access only from trusted hosts.
Implementation:
Junos Space releases can be obtained from:
http://www.juniper.net/support/downloads/?p=space#sw
Related Links:
KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin
Publication Process
KB16765: In which releases are vulnerabilities fixed?
KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security
Advisories
Report a Security Vulnerability - How to Contact the Juniper Networks
Security Incident Response Team
CVSS Score:
10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Risk Level:
Critical
Risk Assessment:
We consider this to be a critical issue. A remote network based attacker can
get complete access to Junos Space or other devices managed by Junos Space.
Acknowledgements:
- ----------------------------------------------------------------------------
2014-05 Junos Space: Multiple vulnerabilities resolved by third party software
upgrades
Categories:
Junos Space
SIRT Advisory
Security Advisories ID: JSA10627
Last Updated: 05 Nov 2014
Version: 2.0
PRODUCT AFFECTED:
Junos Space and JA1500, JA2500 (Junos Space Appliance) with Junos Space 13.1
and earlier releases.
PROBLEM:
Junos Space release 13.3R1.8 addresses multiple vulnerabilities in prior
releases with updated third party software components. The following is a list
of software upgraded and vulnerabilities resolved:
Apache HTTP Server upgraded to 2.2.25 which resolves:
CVE CVSS base score Type of issue
CVE-2013-1862 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Arbitrary command execution
CVE-2013-1896 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Denial of service
Oracle MySQL server upgraded to 5.5.34 which resolves:
CVE CVSS base score Type of issue
CVE-2013-1502 1.5 (AV:L/AC:M/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-1511 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-1532 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-1544 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-2375 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) Partial system compromise
CVE-2013-2376 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-2389 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-2391 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N) Unauthorized disclosure or
modification
CVE-2013-2392 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3783 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3793 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3794 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3801 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service
CVE-2013-3802 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3804 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3805 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3808 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3809 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) Unauthorized modification
CVE-2013-3812 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) Denial of service
CVE-2013-3839 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service
Oracle Java SE JDK upgraded to 7u45 which resolves a number of vulnerabilities
that affect server deployments of Java including but not limited to:
CVE CVSS base score Type of issue
CVE-2012-3143 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in JMX
CVE-2013-1537 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in Java RMI
CVE-2013-1557 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in Java RMI
CVE-2013-2422 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in Java Libraries
RedHat JBoss application server upgraded to 7.1 resolves:
CVE CVSS base score Type of issue
CVE-2010-0738 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Arbitrary code execution as root
CVE-2010-1428 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Arbitrary code execution as root
CVE-2010-1429 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Information disclosure
CVE-2012-0818 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) XML External Entities Resolution (XXE)
vulnerability in Redhat RESTEasy
CVE-2011-5245 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) XML External Entities Resolution (XXE)
vulnerability in Redhat RESTEasy
The MySQL server used in Junos Space prior to 13.3R1.8 has a user account with
a hardcoded password. If the firewall that is enabled by default in Junos
Space is disabled for any reason, then information stored by Junos Space on
MySQL database could be accessed over the network, leading to an information
disclosure vulnerability. Information in the MySQL database can be misused to
get complete control of the system or devices managed by Junos Space. MySQL
server configuration in 13.3R1.8 has been hardened and restricted to resolve
this vulnerability. This issue is assigned CVE-2014-3413. CVSS v2 base score
for this vulnerability is 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C).
SOLUTION:
This issue is fixed in Junos Space 13.3R1.8 and all subsequent releases.
WORKAROUND:
These vulnerabilities can be mitigated by enabling the firewall on Junos Space
and limiting access only from trusted hosts.
IMPLEMENTATION:
Junos Space releases can be obtained from:
http://www.juniper.net/support/downloads/?p=space#sw
MODIFICATION HISTORY:
14 May 2014: Initial release.
5 Nov 2014: Included RESTEasy vulnerabilities CVE-2011-5245 and CVE-2012-0818.
RELATED LINKS:
KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin
Publication Process
KB16765: In which releases are vulnerabilities fixed?
KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security
Advisories
Report a Security Vulnerability - How to Contact the Juniper Networks Security
Incident Response Team
CVSS SCORE:
10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
RISK LEVEL:
Critical
RISK ASSESSMENT:
We consider this to be a critical issue. A remote network based attacker can
get complete access to Junos Space or other devices managed by Junos Space.
ACKNOWLEDGEMENTS:
Juniper SIRT would like to acknowledge and thank Tenable Network Security for
responsibly reporting CVE-2014-3413 vulnerability.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVFrlBhLndAQH1ShLAQKJxg/+KjGgC1NbNLidvTP1lPhC98gKgF0cPOv8
RvdrBg/eJPEiA8xrlGmmbgTbR0UlRTVLgM0c4o9+YXFBFaviXDvF4wCepxa4HPKY
XB+tbK1IvhVqD3YGSE5LksfQIKHMtZqF3ynkQ0Fqp6DVr8kgmwdb05jndrHbbu9F
R2StLr2WrOCoFeS3/9SVTOQmyUIgvdGCHlu7YtsVra83l6k4RFK0VnVF8i6gStGq
/+h/oE3Cwps7cf9n4xYK/sHDQvi0R9ixUeD79GrzfR2+OhR1kHyJgXE/TBJ/Hrv1
vkny3UZ29uSWKwOm7kVbs8XX3SHwPMgbHLThc9REoVArmQKaxz4VVurfZZEKescZ
J2N0ul+LzWD9u/RGOHWgDkC6VRaOhllj0WuL6pkPbhHXs6LghfDvjKUvmKZ124HS
WzfOVcSQxmzEK6/bBvnIfVTL/0ZyIZ6jQrsJxtkhV2lTokrTbwv1y9bymWu6RROp
GmNfKNWKi/mlqzKw05XVg964uGCEva/xuPA4yr+kmI9vLv46X3ad8RdluhEwHNqF
owZ1qX3dX0jranI5+n3+LCkgYd/Kkcq0sjVW5FnXSJzxfrTbTRQYKYCiADK3FK3i
9xyAIbP50KX2cxfbKxvQP+uUD0Tiv8HxeaQjUFQ0ARTgYvsyOVA5czF47En1IQD5
Qub2H2/Pqok=
=vCFP
-----END PGP SIGNATURE-----