Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1121 SRX Series Firewalls Security Bulletins 12 April 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: SRX Series Firewalls Publisher: Juniper Networks Operating System: Juniper Impact/Access: Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-0018 CVE-2018-0017 Original Bulletin: https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10845 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10846 Comment: This bulletin contains two (2) Juniper Networks security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- 2018-04 Security Bulletin: SRX Series: Denial of service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017) CVSS Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Risk Level: High Risk Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Product Affected: This issue affects Junos OS 12.1X46, 12.3X48 and 15.1X49 on SRX Series. Problem: A vulnerability in the Network Address Translation - Protocol Translation (NAT-PT) feature of Junos OS on SRX series devices may allow a certain valid IPv6 packet to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition for the SRX device. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D72; 12.3X48 versions prior to 12.3X48-D55; 15.1X49 versions prior to 15.1X49-D90. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was seen in a production network. This issue has been assigned CVE-2018-0017. Solution: The following software releases have been updated to resolve this specific issue: 12.1X46-D76 (pending release), 12.3X48-D55, 15.1X49-D90, 17.3R1, and all subsequent releases. This issue is being tracked as 1261863 which is visible on the Customer Support website. Note: Juniper SIRT's policy is not to evaluate releases which are beyond End of Engineering (EOE) or End of Life (EOL). Workaround: There are no viable workarounds for this issue. Implementation: Software Releases, patches and updates are available at https://www.juniper.net/support/downloads/. Modification History: 2018-04-11: Initial Publication. - ------------------------------------------------------------------------------- 2018-04 Security Bulletin: SRX Series: A crafted packet may lead to information disclosure and firewall rule bypass during compilation of IDP policies. (CVE-2018-0018) CVSS Score: 7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N) Risk Level: High Risk Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Product Affected: This issue affects Junos OS 12.1X46, 12.3X48 and 15.1X49 on SRX series. Problem: On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by the SRX Series device. This issue only applies to devices where IDP policies are applied to one or more rules. Customers not using IDP policies are not affected. Depending on if the IDP updates are automatic or not, as well as the interval between available updates, an attacker may have more or less success in performing reconnaissance or bypass attacks on the victim SRX Series device or protected devices. ScreenOS with IDP is not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX; 12.3X48 versions prior to 12.3X48-D35 on SRX; 15.1X49 versions prior to 15.1X49-D60 on SRX. This issue only affects SRX Series devices with IDP configured. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was found during internal product security testing or research. This issue has been assigned CVE-2018-0018. Solution: The following software releases have been updated to resolve this specific issue: 12.1X46-D60, 12.3X48-D35, 15.1X49-D60, 17.3R1, and all subsequent releases. Additionally, customers should download and apply the latest sigpack for IDP signatures. This issue is being tracked as 1151743 which is visible on the Customer Support website. Note: Juniper SIRT's policy is not to evaluate releases which are beyond End of Engineering (EOE) or End of Life (EOL). Workaround: Customers using cluster configurations may break the cluster configuration, disable traffic on one node, update the IDP policy, reintroduce this updated node as a standalone device, directing all traffic to it, instead of the current standalone, and then do the same with the secondary node, and then reintroduce cluster configuration to both devices. For this workaround to be most effective, customers should disable automatic updates and manually download IDP signature updates. Alternately, cluster customers using load balancers may break cluster, run individual side-by-side configurations, off load all traffic from one node via load balancers to another node, then update the IDP policy manually on the idle node, lastly, flip flop this operation, and then return to side-by-side or cluster mode operation. Customers unable to utilize similar design scenarios as workarounds such as the above should instead take fixes where available. Implementation: Software Releases, patches and updates are available at https://www.juniper.net/support/downloads/. Modification History: 2018-04-11: Initial Publication. Acknowledgements: The Juniper SIRT would like to would like to acknowledge and thank Craig Dods, formerly of IBM Security. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWs64BYx+lLeg9Ub1AQjf1A/+MKG+o7Mx//iNRxs0/XKdRfTun3w2L0RM unzc8Ap0z1Dbpz4udMwRVn/Whl4+XFE7rrfj+TH92XLgn+W2zndsloMXcs6emU+t XHRnAuEnRuSnd9Bidn6dt8t3iKpbW8A0AqMqPL7xWky5MbEC1sB7urriyIfoVDmW cqvJRrWydVGiq4eoyYp4Gj5Uzk2Gw9N0d79qk6tD9Tkw7TnyxiXDgl5HzRtgU+vL m/LcSQlKxgwhKH7/03mSa1HqLfv3EcSa32RkPU+9oBwYa8nMXJ7CbwFT2v7qUMr4 S6sE51/Lj291Urdz6rs/97v7F67cUaljgGBfuOcW7RfGKehosRC2erpcjLaQQXxO hw1gz69cZyHFx6FsQ3p+azP1JX9evpRaaAtTWwXmC3gHXG5gi8nQRgvTdoPuGKe1 JXBqrb6oz1o4SXdRPpEWhsdevCIDN3coZhFr4qfGSUiOcgIuUzXaMzX1aaoem6UC qIXZEw6Pxfa8ygHzWaxmI55pTYp11cZqoZZdFwLIqi34KXBkAq7KR+mKNPVOzYt+ B4o77kcTpCs0x7+9PE2QHa0lYRy0qbEas74r0bBCNAgWh9HkptQmgyWWRHPyCcbM v7kwKwDuPHUdTCZ0YcuXeCVzZt0TxwBU/QMLG2i2cTaVXHzxWaY0TwPmp4Twf1nO OniVYOxFrXQ= =V6+4 -----END PGP SIGNATURE-----