Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0763.2 Multiple critical vulnerabilities have been identified in Junos Space 6 November 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Juniper Junos Space Publisher: Juniper Networks Operating System: Juniper Impact/Access: Root Compromise -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-3413 CVE-2013-3839 CVE-2013-3812 CVE-2013-3809 CVE-2013-3808 CVE-2013-3805 CVE-2013-3804 CVE-2013-3802 CVE-2013-3801 CVE-2013-3794 CVE-2013-3793 CVE-2013-3783 CVE-2013-2422 CVE-2013-2392 CVE-2013-2391 CVE-2013-2389 CVE-2013-2376 CVE-2013-2375 CVE-2013-1896 CVE-2013-1862 CVE-2013-1557 CVE-2013-1544 CVE-2013-1537 CVE-2013-1532 CVE-2013-1511 CVE-2013-1502 CVE-2012-3143 CVE-2012-0818 CVE-2011-5245 CVE-2010-1429 CVE-2010-1428 CVE-2010-0738 Reference: ASB-2014.0005 ASB-2013.0113 ASB-2012.0144 ASB-2011.0093 ESB-2012.0998 ESB-2012.0144 ESB-2011.1076.2 ESB-2010.0403 Original Bulletin: https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10626 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10627 Comment: This update is for advisory JSA10627. This bulletin contains two (2) Juniper Networks security advisories. Revision History: November 6 2014: Included RESTEasy vulnerabilities CVE-2011-5245 and CVE-2012-0818 May 20 2014: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- 2014-05 Security Bulletin: Junos Space: Arbitrary command execution vulnerability (CVE-2014-3412) Categories: Junos Space SIRT Advisory Security Advisories ID: JSA10626 Last Updated: 14 May 2014 Version: 1.0 Product Affected: Junos Space and JA1500, JA2500 (Junos Space Appliance) with Junos Space 13.1 and earlier releases. Problem: A vulnerability in Junos Space releases before 13.3R1.8 when firewall is disabled, may allow a remote unauthenticated attacker to execute arbitrary commands with root privileges leading to complete compromise of the system and devices managed by Junos Space. A firewall is enabled by default on Junos Space. This vulnerability cannot be exploited remotely when the firewall is enabled. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue has been assigned CVE-2014-3412. Solution: This issue is fixed in Junos Space 13.3R1.8 and all subsequent releases. Workaround: Enable firewall on Junos Space and limit access only from trusted hosts. Implementation: Junos Space releases can be obtained from: http://www.juniper.net/support/downloads/?p=space#sw Related Links: KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin Publication Process KB16765: In which releases are vulnerabilities fixed? KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories Report a Security Vulnerability - How to Contact the Juniper Networks Security Incident Response Team CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Risk Level: Critical Risk Assessment: We consider this to be a critical issue. A remote network based attacker can get complete access to Junos Space or other devices managed by Junos Space. Acknowledgements: - ---------------------------------------------------------------------------- 2014-05 Junos Space: Multiple vulnerabilities resolved by third party software upgrades Categories: Junos Space SIRT Advisory Security Advisories ID: JSA10627 Last Updated: 05 Nov 2014 Version: 2.0 PRODUCT AFFECTED: Junos Space and JA1500, JA2500 (Junos Space Appliance) with Junos Space 13.1 and earlier releases. PROBLEM: Junos Space release 13.3R1.8 addresses multiple vulnerabilities in prior releases with updated third party software components. The following is a list of software upgraded and vulnerabilities resolved: Apache HTTP Server upgraded to 2.2.25 which resolves: CVE CVSS base score Type of issue CVE-2013-1862 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Arbitrary command execution CVE-2013-1896 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Denial of service Oracle MySQL server upgraded to 5.5.34 which resolves: CVE CVSS base score Type of issue CVE-2013-1502 1.5 (AV:L/AC:M/Au:S/C:N/I:N/A:P) Denial of service CVE-2013-1511 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) Denial of service CVE-2013-1532 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service CVE-2013-1544 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service CVE-2013-2375 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) Partial system compromise CVE-2013-2376 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service CVE-2013-2389 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service CVE-2013-2391 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N) Unauthorized disclosure or modification CVE-2013-2392 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service CVE-2013-3783 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service CVE-2013-3793 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service CVE-2013-3794 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service CVE-2013-3801 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service CVE-2013-3802 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service CVE-2013-3804 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service CVE-2013-3805 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service CVE-2013-3808 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service CVE-2013-3809 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) Unauthorized modification CVE-2013-3812 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) Denial of service CVE-2013-3839 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) Denial of service Oracle Java SE JDK upgraded to 7u45 which resolves a number of vulnerabilities that affect server deployments of Java including but not limited to: CVE CVSS base score Type of issue CVE-2012-3143 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in JMX CVE-2013-1537 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in Java RMI CVE-2013-1557 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in Java RMI CVE-2013-2422 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Critical vulnerability in Java Libraries RedHat JBoss application server upgraded to 7.1 resolves: CVE CVSS base score Type of issue CVE-2010-0738 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Arbitrary code execution as root CVE-2010-1428 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Arbitrary code execution as root CVE-2010-1429 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Information disclosure CVE-2012-0818 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) XML External Entities Resolution (XXE) vulnerability in Redhat RESTEasy CVE-2011-5245 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) XML External Entities Resolution (XXE) vulnerability in Redhat RESTEasy The MySQL server used in Junos Space prior to 13.3R1.8 has a user account with a hardcoded password. If the firewall that is enabled by default in Junos Space is disabled for any reason, then information stored by Junos Space on MySQL database could be accessed over the network, leading to an information disclosure vulnerability. Information in the MySQL database can be misused to get complete control of the system or devices managed by Junos Space. MySQL server configuration in 13.3R1.8 has been hardened and restricted to resolve this vulnerability. This issue is assigned CVE-2014-3413. CVSS v2 base score for this vulnerability is 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C). SOLUTION: This issue is fixed in Junos Space 13.3R1.8 and all subsequent releases. WORKAROUND: These vulnerabilities can be mitigated by enabling the firewall on Junos Space and limiting access only from trusted hosts. IMPLEMENTATION: Junos Space releases can be obtained from: http://www.juniper.net/support/downloads/?p=space#sw MODIFICATION HISTORY: 14 May 2014: Initial release. 5 Nov 2014: Included RESTEasy vulnerabilities CVE-2011-5245 and CVE-2012-0818. RELATED LINKS: KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin Publication Process KB16765: In which releases are vulnerabilities fixed? KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories Report a Security Vulnerability - How to Contact the Juniper Networks Security Incident Response Team CVSS SCORE: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) RISK LEVEL: Critical RISK ASSESSMENT: We consider this to be a critical issue. A remote network based attacker can get complete access to Junos Space or other devices managed by Junos Space. ACKNOWLEDGEMENTS: Juniper SIRT would like to acknowledge and thank Tenable Network Security for responsibly reporting CVE-2014-3413 vulnerability. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVFrlBhLndAQH1ShLAQKJxg/+KjGgC1NbNLidvTP1lPhC98gKgF0cPOv8 RvdrBg/eJPEiA8xrlGmmbgTbR0UlRTVLgM0c4o9+YXFBFaviXDvF4wCepxa4HPKY XB+tbK1IvhVqD3YGSE5LksfQIKHMtZqF3ynkQ0Fqp6DVr8kgmwdb05jndrHbbu9F R2StLr2WrOCoFeS3/9SVTOQmyUIgvdGCHlu7YtsVra83l6k4RFK0VnVF8i6gStGq /+h/oE3Cwps7cf9n4xYK/sHDQvi0R9ixUeD79GrzfR2+OhR1kHyJgXE/TBJ/Hrv1 vkny3UZ29uSWKwOm7kVbs8XX3SHwPMgbHLThc9REoVArmQKaxz4VVurfZZEKescZ J2N0ul+LzWD9u/RGOHWgDkC6VRaOhllj0WuL6pkPbhHXs6LghfDvjKUvmKZ124HS WzfOVcSQxmzEK6/bBvnIfVTL/0ZyIZ6jQrsJxtkhV2lTokrTbwv1y9bymWu6RROp GmNfKNWKi/mlqzKw05XVg964uGCEva/xuPA4yr+kmI9vLv46X3ad8RdluhEwHNqF owZ1qX3dX0jranI5+n3+LCkgYd/Kkcq0sjVW5FnXSJzxfrTbTRQYKYCiADK3FK3i 9xyAIbP50KX2cxfbKxvQP+uUD0Tiv8HxeaQjUFQ0ARTgYvsyOVA5czF47En1IQD5 Qub2H2/Pqok= =vCFP -----END PGP SIGNATURE-----