Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.1806 2015-07 Security Bulletin: CTPView: Multiple vulnerabilities in CTPView 9 July 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Juniper CTPView Publisher: Juniper Networks Operating System: Juniper Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Console/Physical Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-3400 CVE-2011-3378 CVE-2010-0624 CVE-2010-0407 CVE-2009-3563 CVE-2009-1185 CVE-2009-0115 CVE-2007-4476 Reference: ESB-2015.0938 ESB-2012.1059 ESB-2011.1113 ESB-2010.0857 ESB-2010.0484 ESB-2009.1039 ESB-2007.1053 ESB-2012.0109.3 ESB-2010.0789.5 ESB-2010.0224.3 Original Bulletin: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 - --------------------------BEGIN INCLUDED TEXT-------------------- 2015-07 Security Bulletin: CTPView: Multiple vulnerabilities in CTPView [JSA10691] PRODUCT AFFECTED: These issues affect all releases of CTPView prior to the versions listed below. PROBLEM: CTPView release 7.1R1 addresses multiple vulnerabilities in prior releases with updated third party software components. The resolved issues include: CVE CVSS v2 base score Summary CVE-2011-3378 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) Denial of service (memory corruption) and possible arbitrary code execution vulnerability via an rpm package with crafted headers and offsets. CVE-2012-3400 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) Heap-based buffer overflow in the Linux kernel via a crafted UDF filesystem . CVE-2007-4476 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Buffer overflow in GNU tar resulting in a "crashing stack." CVE-2009-0115 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) Vulnerability in the Device Mapper multipathing driver allows local users to send arbitrary commands to the multipath daemon. CVE-2009-1185 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) udev vulnerability allows local users to gain privileges by sending a NETLINK message from user space. CVE-2010-0407 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C) Multiple buffer overflows in the PC/SC Smart Card daemon (aka PCSCD) may allow local users to gain privileges via crafted message data. CVE-2010-0624 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Heap-based buffer overflow in GNU tar may cause a denial of service (memory corruption) or possibly allow execution of arbitrary code. CVE-2009-3563 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) ntpd allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. Juniper SIRT is not aware of any malicious exploitation of this vulnerability against CTPView. SOLUTION: These vulnerabilities are resolved in CTPView 7.1R1 and all subsequent releases. These issues are being tracked as PR 1056715 which is visible on the Customer Support website. KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies. WORKAROUND: Use access lists or firewall filters to limit access to CTPView only from trusted hosts. IMPLEMENTATION: How to obtain fixed software: CTPView Maintenance Releases and Patches are available at http://support.juniper.net from the "Download Software" links. MODIFICATION HISTORY: 2015-07-08: Initial publication RELATED LINKS: KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process KB16765: In which releases are vulnerabilities fixed? KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories Report a Vulnerability - How to Contact the Juniper Networks Security Incident Response Team CVSS SCORE: CVSSv2 (max): 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) RISK LEVEL: Critical RISK ASSESSMENT: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." ACKNOWLEDGEMENTS: - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVZ3gg36ZAP0PgtI9AQLEqg/6ArfDpLu1kwPkPnIo36gbbnVTSyvb+pzX IswS9AB2komF/57wMv6cg7zuu1433YwmQH4dXU7QlUwouFv+wrqU2234C+dBhiKB dt4dQ5Ib0VsYWSstYO3XmVIOWwDOF/a2EUYfS3Er5Q7GhQ684mImzB/frF8kUWPi pQ7KFgVQUjj01L9ky11caKDD7bT6rKcYpjoUXjIazQyl2mOcVmEKLQgMuLFtLTjr YCM8Jj7E0id8y1vcpYZKEZePLYwj4ByaonuWsik5u5wVJ3HEVQCN2RJ5Sk1IJ7U3 C2dZFsbm1EETka2t5rVLECIeUezatKZ+LpK4mkLbsE41I4f/moYXjwfNRKrA1jo1 NsfAOPah282/aZ+JDhQ7nheZlyDf1hAAPIaikNy4mtvpMJfP3Pnvj74Q/JVtfmY1 Yy78A8tsoYeMFucotRxEKgZMc0G6XmguU4gbO0kRqxa6G/cZRM7U8zoLSs1H/ZZM 62gTX7HKCtoV1RkGDNkM6QSZlubMLfYveqLb8aL5RU6YqFtEFTAi68D+xBlOGYt9 yxKaxMrkHLBKNs1Czu7YvqlEyu7R0AKbrpJ7uqnrmjxkEya6GVxMklsxgzMz4dpW JZaIMq8Wd1M64QDFRb4bjUoZetxWyUrPGfU5ptWXTI0lSoklz4OvQyi1Va6wMjNr hi0NwsEbAQA= =VdMK -----END PGP SIGNATURE-----