Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1271 Security updates for Junos OS & Junos OS Evolved 9 April 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Junos OS Junos OS Evolved Publisher: Juniper Networks Operating System: Network Appliance Impact/Access: Root Compromise -- Remote/Unauthenticated Increased Privileges -- Existing Account Denial of Service -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-1634 CVE-2020-1632 CVE-2020-1630 CVE-2020-1625 CVE-2020-1624 CVE-2020-1623 CVE-2020-1622 CVE-2020-1621 CVE-2020-1620 CVE-2020-1619 CVE-2020-1618 CVE-2020-1617 CVE-2020-1615 CVE-2020-1613 CVE-2018-6918 CVE-2018-6916 CVE-2016-1286 CVE-2016-1285 Reference: ASB-2017.0219 ASB-2017.0208 ESB-2020.1110 ESB-2019.1981 ESB-2018.1023 ESB-2018.0678 Original Bulletin: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11001 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11002 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11003 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11004 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10994 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10996 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10998 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11000 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11010 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11013 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11014 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11016 Comment: This bulletin contains twelve (12) Juniper Networks security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- 2020-04 Security Bulletin: Junos OS: EX and QFX Series: Console port authentication bypass vulnerability (CVE-2020-1618) Article ID: JSA11001 SECURITY_ADVISORIES Last Updated: 08 Apr 2020Version: 1.0 Product Affected: This issue affects Junos OS 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3. Affected platforms: EX and QFX Series. Problem: On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: o At the first reboot after performing device factory reset using the command "request system zeroize"; or o A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and QFX Series: 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S4; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S4; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R1-S7, 18.3R2. This issue does not affect Juniper Networks Junos OS 12.3. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was found during internal product security testing or research. This issue has been assigned CVE-2020-1618. Solution: The following software releases have been updated to resolve this specific issue: 14.1X53-D53, 15.1X53-D593, 15.1R7-S4, 16.1R7-S4, 17.1R2-S11, 17.1R3-S1, 17.2R3-S3, 17.3R2-S5, 17.3R3-S6, 17.4R2-S9, 17.4R3, 18.1R3-S8, 18.2R2, 18.3R1-S7, 18.3R2, 18.4R1, and all subsequent releases. This issue is being tracked as 1378429 and 1368940. Workaround: Limit physical access to the console port only to trusted administrators. Implementation: Software Releases, patches and updates are available at https://www.juniper.net /support/downloads/. Modification History: 2020-04-08: Initial publication CVSS Score: 6.3 (CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) Severity Level: Medium Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Related Links o KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process o KB16765: In which releases are vulnerabilities fixed? o KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories o Report a Security Vulnerability - How to Contact the Juniper Networks Security Incident Response Team o CVE-2019-0071 at cve.mitre.org - -------------------------------------------------------------------------------- 2020-04 Security Bulletin: Junos OS: QFX10K Series, EX9200 Series, MX Series, PTX Series: Privilege escalation vulnerability in NG-RE. (CVE-2020-1619) Article ID: JSA11002 SECURITY_ADVISORIES Last Updated: 08 Apr 2020Version: 2.0 Product Affected: This issue affects Junos OS 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4. Affected platforms: EX9200 Series, MX Series, PTX Series, QFX10K Series. Problem: A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. This issue only affects QFX10K Series with NG-RE, EX9200 Series with NG-RE, MX Series with NG-RE and PTX Series with NG-RE; which uses vmhost. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S4; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. To identify whether the device has NG-RE with vmhost, customer can run the following command: > show vmhost status Compute cluster: rainier-re-cc Compute Node: rainier-re-cn, Online If the "show vmhost status" is not supported, then the device does not have NG-RE with vmhost. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was found during internal product security testing or research. This issue has been assigned CVE-2020-1619. Solution: The following software releases have been updated to resolve this specific issue: 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.2R1-S9, 17.2R3-S3, 17.3R2-S5, 17.3R3-S7, 17.4R2-S7, 17.4R3, 18.1R3-S4, 18.2R3, 18.2X75-D50, 18.3R2, 18.4R2, 19.1R1 and all subsequent releases. This issue is being tracked as 1398331. Workaround: There are no available workarounds for this issue. Implementation: Software Releases, patches and updates are available at https://www.juniper.net /support/downloads/. Modification History: 2020-04-08: Initial publication CVSS Score: 6.0 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N) Severity Level: Medium Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Related Links o KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process o KB16765: In which releases are vulnerabilities fixed? o KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories o Report a Security Vulnerability - How to Contact the Juniper Networks Security Incident Response Team o CVE-2020-1619 at cve.mitre.org - -------------------------------------------------------------------------------- 2020-04 Security Bulletin: Junos OS Evolved: Local log files accessible from the shell may leak sensitive information Article ID: JSA11003 SECURITY_ADVISORIES Last Updated: 08 Apr 2020Version: 1.0 Product Affected: This issue affects Junos OS Evolved. Problem: Multiple information disclosure vulnerabilities in Juniper Networks Junos OS Evolved allow a local, authenticated user with shell access the ability to view sensitive configuration information, such as the hashed values of login passwords and shared secrets. The information provided is similar to the output from 'show config system login', which is typically restricted to the super-user class. The log files are readable by any authenticated user with shell access. One or more of these issues affect all versions of Junos OS Evolved prior to 19.3R1. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was found during internal product security testing or research. The issues addressed in this advisory include: CVE CVSS Summary 5.5 (CVSS:3.1/AV:L/ A local, authenticated user with shell can CVE-2020-1620 AC:L/PR:L/UI:N/S:U/ obtain the hashed values of login passwords C:H/I:N/A:N) via configd streamer log. 5.5 (CVSS:3.1/AV:L/ A local, authenticated user with shell can CVE-2020-1621 AC:L/PR:L/UI:N/S:U/ obtain the hashed values of login passwords C:H/I:N/A:N) via configd traces. 5.5 (CVSS:3.1/AV:L/ A local, authenticated user with shell can CVE-2020-1622 AC:L/PR:L/UI:N/S:U/ obtain the hashed values of login passwords C:H/I:N/A:N) and shared secrets via the EvoSharedObjStore. 5.5 (CVSS:3.1/AV:L/ A local, authenticated user with shell can CVE-2020-1623 AC:L/PR:L/UI:N/S:U/ view sensitive configuration information via C:H/I:N/A:N) the ev.ops configuration file. A local, authenticated user with shell can 5.5 (CVSS:3.1/AV:L/ obtain the hashed values of login passwords CVE-2020-1624 AC:L/PR:L/UI:N/S:U/ and shared secrets via raw objmon C:H/I:N/A:N) configuration files. Solution: The following software releases have been updated to resolve these specific issues: 19.3R1-EVO and all subsequent releases. This issue is being tracked as 1406193, 1406189, 1406195, 1406191 and 1406239. Workaround: o Disallow unprivileged authenticated users access to Junos shell. o Limit access to the Junos OS shell to only trusted system administrators. Implementation: How to obtain fixed software: Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. Modification History: 2020-04-08: Initial publication CVSS Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) Severity Level: Medium Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Related Links o KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process o KB16765: In which releases are vulnerabilities fixed? o KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories o Report a Vulnerability - How to Contact the Juniper Networks Security Incident Response Team - -------------------------------------------------------------------------------- 2020-04 Security Bulletin: Junos OS: Kernel memory leak in virtual-memory due to interface flaps (CVE-2020-1625) Article ID: JSA11004 SECURITY_ADVISORIES Last Updated: 08 Apr 2020Version: 2.0 Product Affected: This issue affects Junos OS 16.1, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1, 19.2. Problem: The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memory leak can affect running daemons (processes), leading to an extended Denial of Service (DoS) condition. Usage of "temp" virtual memory, shown here by a constantly increasing value of outstanding Requests, can be monitored by executing the 'show system virtual-memory' command as shown below: user@junos> show system virtual-memory |match "fpc|type|temp" fpc0: - -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 10551 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: - -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6460 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos> show system virtual-memory |match "fpc|type|temp" fpc0: - -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 16101 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: - -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6665 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos> show system virtual-memory |match "fpc|type|temp" fpc0: - -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 21867 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: - -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6858 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 This issue affects Juniper Networks Junos OS: o 16.1 versions prior to 16.1R7-S6; o 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; o 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; o 17.2X75 versions prior to 17.2X75-D44; o 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; o 17.4 versions prior to 17.4R2-S5, 17.4R3; o 18.1 versions prior to 18.1R3-S7; o 18.2 versions prior to 18.2R2-S5, 18.2R3; o 18.2X75 versions prior to 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60; o 18.3 versions prior to 18.3R1-S5, 18.3R2-S3, 18.3R3; o 18.4 versions prior to 18.4R2-S2, 18.4R3; o 19.1 versions prior to 19.1R1-S3, 19.1R2; o 19.2 versions prior to 19.2R1-S3, 19.2R2. This issue does not affect Juniper Networks Junos OS 12.3 nor 15.1. Minimum configuration required: set interfaces irb Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was seen during production usage. This issue has been assigned CVE-2020-1625. Solution: The following software releases have been updated to resolve this specific issue: 16.1R7-S6, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.2X75-D44, 17.3R2-S5, 17.3R3-S6, 17.4R2-S5, 17.4R3, 18.1R3-S7, 18.2R2-S5, 18.2R3, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60, 18.3R1-S5, 18.3R2-S3, 18.3R3, 18.4R2-S2, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2, 19.3R1, and all subsequent releases. This issue is being tracked as 1407000. Workaround: There are no viable workarounds for this issue. Implementation: How to obtain fixed software: Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. Modification History: 2020-04-08: Initial publication CVSS Score: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Severity Level: Medium Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Related Links o KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process o KB16765: In which releases are vulnerabilities fixed? o KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories o Report a Vulnerability - How to Contact the Juniper Networks Security Incident Response Team o CVE-2020-1625: Junos OS: Kernel memory leak in virtual-memory due to interface flaps - -------------------------------------------------------------------------------- 2020-04 Security Bulletin: Junos OS: SRX Branch Series and vSRX Series: Multiple vulnerabilities in ISC BIND named. Article ID : JSA10994 Last Updated: 08 Apr 2020 Version : 4.0 Product Affected: These issues affect Junos OS 12.1X46, 12.3X48, 15.1X49, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1. Affected platforms: SRX Branch Series, vSRX Series. Problem: These issues are only applicable to SRX Branch Series and vSRX Series with DNS Proxy server enabled. These issues affect: Juniper Networks Junos OS 12.1X46 versions prior to 12.1X46-D86 on SRX Branch Series, vSRX Series; 12.3X48 versions prior to 12.3X48-D80 on SRX Branch Series, vSRX Series; 15.1X49 versions prior to 15.1X49-D180 on SRX Branch Series, vSRX Series; 17.3 versions prior to 17.3R3-S7 on SRX Branch Series, vSRX Series; 17.4 versions prior to 17.4R3 on SRX Branch Series, vSRX Series; 18.1 versions prior to 18.1R3-S9 on SRX Branch Series, vSRX Series; 18.2 versions prior to 18.2R3 on SRX Branch Series, vSRX Series; 18.3 versions prior to 18.3R2 on SRX Branch Series, vSRX Series; 18.4 versions prior to 18.4R1-S6, 18.4R2 on SRX Branch Series, vSRX Series; 19.1 versions prior to 19.1R1 on SRX Branch Series, vSRX Series. The following minimal configuration is required: [system services dns dns-proxy] Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities. These issues were discovered during an external security research. ISC BIND software included with Junos OS on SRX Branch Series and vSRX devices has been upgraded to resolve the following vulnerabilities: CVE CVSS Summary named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x 6.8 ( CVSS:3.0 before 9.10.3-P4 does not properly handle DNAME /AV:N/AC:H/ records when parsing fetch reply messages, which CVE-2016-1285 PR:N/UI:N/S:C/ allows remote attackers to cause a denial of C:N/I:N/A:H ) service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. 8.6 ( CVSS:3.0 named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x /AV:N/AC:L/ before 9.10.3-P4 allows remote attackers to cause CVE-2016-1286 PR:N/UI:N/S:C/ a denial of service (assertion failure and daemon C:N/I:N/A:H ) exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. Solution: The following software releases have been updated to resolve these specific issues: 12.1X46-D86, 12.3X48-D80, 15.1X49-D180, 17.3R3-S7, 17.4R3, 18.1R3-S9, 18.2R3, 18.2X75-D12, 18.2X75-D51, 18.2X75-D60, 18.3R2, 18.4R1-S6, 18.4R2, 19.1R1, and all subsequent releases. These issues are being tracked as 1168322 . Workaround: There are no viable workarounds for these issues. To reduce the impact of exploitation, we suggest customers split primary and secondary DNS looksups and assignments between the local Proxy DNS service and centralized/remote DNS servers. Modification History: 2020-04-08: Initial publication CVSS Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Severity Level: Medium Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - -------------------------------------------------------------------------------- 2020-04 Security Bulletin: Junos OS: BGP session termination upon receipt of specific BGP FlowSpec advertisement. (CVE-2020-1613) Article ID : JSA10996 Last Updated: 08 Apr 2020 Version : 1.0 Product Affected: This issue affects Junos OS 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49, 15.1X53, 16.1, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2X75. Problem: A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. The BGP NOTIFICATION message that terminates an established BGP session is sent toward the peer device that originally sent the specific BGP FlowSpec advertisement. This specific BGP FlowSpec advertisement received from a BGP peer might get propagated from a Junos OS device running the fixed release to another device that is vulnerable causing BGP session termination downstream. This issue affects IPv4 and IPv6 BGP FlowSpec deployment. This issue affects Juniper Networks Junos OS: 12.3; 12.3X48 on SRX Series; 14.1X53 on EX and QFX Series; 15.1 versions prior to 15.1R7-S5; 15.1F versions prior to 15.1F6-S13; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D497 on NFX Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3; 17.2 versions prior to 17.2R2-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R1-S8, 17.4R2; 18.1 versions prior to 18.1R2-S4, 18.1R3; 18.2X75 versions prior to 18.2X75-D20. This issue affects Junos OS devices with the BGP FlowSpec configured: [procotol bgp ... family inet flow] Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was seen during production usage. This issue has been assigned CVE-2020-1613 . Solution: The following software releases have been updated to resolve this specific issue: 15.1R7-S5, 15.1F6-S13, 15.1X49-D180, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 16.1R7-S7, 17.1R3,17.2R2-S7, 17.2R3,17.2X75-D102, 17.2X75-D110, 17.3R3-S5, 17.4R1-S8, 17.4R2, 18.1R2-S4, 18.1R3, 18.2X75-D20, 18.2R1, and all subsequent releases. This issue is being tracked as 1323474 . Workaround: There are no known workarounds for this issue. Implementation: Software Releases, patches and updates are available at https://www.juniper.net /support/downloads/ . Modification History: 2020-04-08: Initial publication CVSS Score: 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) Severity Level: High Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - -------------------------------------------------------------------------------- 2020-04 Security Bulletin: Junos OS: vMX: Default credentials supplied in vMX configuration (CVE-2020-1615) Article ID : JSA10998 Last Updated: 08 Apr 2020 Version : 3.0 Product Affected: This issue affects Junos OS 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1, 19.2, 19.3. Affected platforms: vMX. Problem: The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. This issue affects Juniper Networks Junos OS: o 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on vMX; o 17.2 versions prior to 17.2R3-S3 on vMX; o 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on vMX; o 17.4 versions prior to 17.4R2-S9, 17.4R3 on vMX; o 18.1 versions prior to 18.1R3-S9 on vMX; o 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on vMX; o 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D60 on vMX; o 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on vMX; o 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on vMX; o 19.1 versions prior to 19.1R1-S4, 19.1R2, 19.1R3 on vMX; o 19.2 versions prior to 19.2R1-S3, 19.2R2 on vMX; o 19.3 versions prior to 19.3R1-S1, 19.3R2 on vMX. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was found during internal product security testing or research. This issue has been assigned CVE-2020-1615 . Solution: The following software releases have been updated to resolve this specific issue: 17.1R2-S11, 17.1R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R3-S7, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R2-S7, 18.2R3-S3, 18.2X75-D420, 18.2X75-D60, 18.3R1-S7, 18.3R2-S3, 18.3R3-S1, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1-S3, 19.2R2, 19.3R1-S1, 19.3R2, 19.4R1, and all subsequent releases. This issue is being tracked as 1344858 . Workaround: Security best practices recommend that the root password be configured on any newly installed vMX instance prior to deployment. Implementation: How to obtain fixed software: Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC , customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request. Modification History: 2020-04-08: Initial publication CVSS Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Severity Level: Critical Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - -------------------------------------------------------------------------------- 2020-04 Security Bulletin: Junos OS: non-AFT architectures: A specific genuine packet inspected by sFlow will cause a reboot. A second packet received and inspected by sFlow will cause a core and reboot. (CVE-2020-1617) Article ID : JSA11000 Last Updated: 08 Apr 2020 Version : 3.0 Product Affected: This issue affects Junos OS 17.4, 18.1, 18.2, 18.2X75, 18.3. Affected platforms: PTX1000 and PTX10000 Series, QFX10000 Series. Problem: This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT). Devices using AFI and AFT are not exploitable to this issue. An improper initialization of memory in the packet forwarding architecture in Juniper Networks Junos OS non-AFI/AFT platforms may lead to a Denial of Service (DoS) vulnerability being exploited when a genuine packet is received and inspected by non-AFT/AFI sFlow and when the device is also configured with firewall policers. This first genuine packet received and inspected by sampled flow (sFlow) through a specific firewall policer will cause the device to reboot. After the reboot has completed, if the device receives and sFlow inspects another genuine packet seen through a specific firewall policer, the device will generate a core file and reboot. Continued inspection of these genuine packets will create an extended Denial of Service (DoS) condition. Depending on the method for service restoration, e.g. hard boot or soft reboot, a core file may or may not be generated the next time the packet is received and inspected by sFlow. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S9, 17.4R3 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.1 versions prior to 18.1R3-S9 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D30 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.2 versions prior to 18.2R3 on PTX1000 and PTX10000 Series, QFX10000 Series; 18.3 versions prior to 18.3R3 on PTX1000 and PTX10000 Series, QFX10000 Series. This issue is not applicable to Junos OS versions before 17.4R1. This issue is not applicable to Junos OS Evolved or Junos OS with Advanced Forwarding Toolkit (AFT) forwarding implementations which use a different implementation of sFlow. The following example information is unrelated to this issue and is provided solely to assist you with determining if you have AFT or not. Example: A Junos OS device which supports the use of EVPN signaled VPWS with Flexible Cross Connect uses the AFT implementation. Since this configuration requires support and use of the AFT implementation to support this configuration, the device is not vulnerable to this issue as the sFlow implementation is different using the AFT architecture. For further details about AFT visit the AFI / AFT are in the links below. If you are uncertain if you use the AFI/AFT implementation or not, there are configuration examples in the links below which you may use to determine if you are vulnerable to this issue or not. If the commands work, you are. If not, you are not. You may also use the Feature Explorer to determine if AFI/AFT is supported or not. If you are still uncertain, please contact your support resources. The corrupted memory initialization is restricted to the sFlow process. The firewall policer provides the method for the exploitation to take place. Disabling either resolves the exploitation of this issue, but does not fix the underlying vulnerability. The following minimal configuration is required for the issue to be seen: firewall policer and sflow Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was seen during production usage. This issue has been assigned CVE-2020-1617 . Solution: The following software releases have been updated to resolve this specific issue: 17.4R2-S9, 17.4R3;18.2X75-D12, 18.2X75-D30, 18.1R3-S9, 18.2R3, 18.3R3, 18.4R1, and all subsequent releases. This issue is being tracked as 1372944 . Workaround: Discontinue use of firewall policers. Or Discontinue use of sFlow. Or Both of the above. It is not required to discontinue both to mitigate the issue. There are no other available workarounds. Implementation: Software release Service Packages are available at http://support.juniper.net from the "Download Software" links. Modification History: 2020-04-08: Initial publication CVSS Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Severity Level: High Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - -------------------------------------------------------------------------------- 2020-04 Security Bulletin: Junos OS: Privilege escalation vulnerability in dual REs, VC or HA cluster may allow unauthorized configuration change. (CVE-2020-1630) Article ID : JSA11010 Last Updated: 08 Apr 2020 Version : 2.0 Product Affected: This issue affects Junos OS 12.3, 12.3X48, 14.1X53, 15.1, 15.1X49, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2. Problem: A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This issue does not affect Junos OS device with single RE or stand-alone configuration. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S14; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190; 15.1X49 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R4-S13, 16.1R7-S6; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3-S1; 18.2 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D420, 18.2X75-D60, 18.2X75-D411; 18.3 versions prior to 18.3R1-S5, 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R1-S4, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S2, 19.1R2; 19.2 versions prior to 19.2R1-S1, 19.2R2. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was found during internal product security testing or research. This issue has been assigned CVE-2020-1630 . Solution: The following software releases have been updated to resolve this specific issue: 12.3R12-S14, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1R7-S6, 15.1X49-D181, 15.1X49-D190, 15.1X53-D592, 16.1R4-S13, 16.1R7-S6, 16.2R2-S10, 17.1R2-S11, 17.1R3-S1, 17.2R1-S9, 17.2R3-S3, 17.2X75-D110, 17.2X75-D44, 17.3R3-S6, 17.4R2-S6, 17.4R3, 18.1R3-S7, 18.2R2-S5, 18.2R3-S1, 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60, 18.3R1-S5, 18.3R1-S6, 18.3R2-S1, 18.3R2-S3, 18.3R3, 18.4R1-S4, 18.4R1-S5, 18.4R2-S1, 18.4R3, 19.1R1-S2, 19.1R2, 19.2R1-S1, 19.2R2, 19.3R1, and all subsequent releases. This issue is being tracked as 1441795 . Workaround: Disallow unprivileged authenticated users access to Junos shell. Limit shell access to only trusted administrators. Implementation: Software Releases, patches and updates are available at https://www.juniper.net /support/downloads/ . Modification History: 2020-04-08: Initial publication CVSS Score: 5.0 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N) Severity Level: Medium Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - -------------------------------------------------------------------------------- 2020-04 Security Bulletin: Junos OS and Junos OS Evolved: Invalid BGP UPDATE sent to peer device may cause BGP session to terminate. (CVE-2020-1632) Article ID : JSA11013 Last Updated: 08 Apr 2020 Version : 3.0 Product Affected: This issue affects Junos OS 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1, 19.2. This issue affects Junos OS Evolved. Problem: In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. For example, Router A sends a specific BGP UPDATE to Router B, causing Router B to send an invalid BGP UPDATE message to Router C, resulting in termination of the BGP session between Router B and Router C. This issue might occur when there is at least a single BGP session established on the device that does not support 4 Byte AS extension (RFC 4893). Repeated receipt of the same BGP UPDATE can result in an extended DoS condition. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R3; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect Juniper Networks Junos OS prior to 16.1R1. This issue affects Juniper Networks Junos OS Evolved prior to 19.2R2-EVO. The following command can be used to check if the peer device does not support 4-Byte AS extension: user@device> show bgp neighbor ... Peer does not support 4 byte AS extension ... Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was seen during production usage. This issue has been assigned CVE-2020-1632 . Solution: Junos OS: 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S7, 17.4R2-S8, 17.4R3, 18.1R3-S8, 18.2R2-S6, 18.2R3-S2, 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60, 18.3R1-S6, 18.3R2-S3, 18.3R3, 18.4R1-S5, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R1, and all subsequent releases. Junos OS Evolved: 19.2R2-EVO, 19.3R1-EVO and all subsequent releases. This issue is being tracked as 1454677 . Workaround: There are no viable workarounds for this issue. Implementation: Software Releases, patches and updates are available at https://www.juniper.net /support/downloads/ . Modification History: 2020-04-08: Initial publication 2020-04-08: Removing description section related to 2 possible conditions (previously the statement "However, if all the "show bgp neighbor" outputs contain the line "Peer does not support 4 byte AS extension", this issue is not exposed." is not correct. CVSS Score: 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) Severity Level: High Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - -------------------------------------------------------------------------------- 2020-04 Security Bulletin: Junos OS: High-End SRX Series: Multicast traffic might cause all FPCs to reset. (CVE-2020-1634) Article ID : JSA11014 Last Updated: 08 Apr 2020 Version : 2.0 Product Affected: This issue affects Junos OS 12.3X48. Affected platforms: High-End SRX Series. Problem: On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue affects: Juniper Networks Junos OS 12.3X48 version 12.3X48-D80 and later versions prior to 12.3X48-D95 on High-End SRX Series. This issue does not affect Branch SRX Series devices. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was seen during production usage. This issue has been assigned CVE-2020-1634 . Solution: The following software releases have been updated to resolve this specific issue: 12.3X48-D95, and all subsequent releases. This issue is being tracked as 1465944 . Workaround: There are no viable workarounds for this issue. Implementation: Software release Service Packages are available at http://support.juniper.net from the "Download Software" links. Modification History: 2020-04-08: Initial publication CVSS Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Severity Level: High Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - -------------------------------------------------------------------------------- 2020-04 Security Bulletin: Junos OS: Multiple IPsec AH vulnerabilities resolved. Article ID : JSA11016 Last Updated: 08 Apr 2020 Version : 5.0 Product Affected: These issues affect Junos OS 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1, 19.2, 19.3. Problem: Multiple vulnerabilities that affect FreeBSD's implementation of IPSec's Authentication Header (AH) protocol have been fixed in Juniper Networks Junos OS. These issues only affect systems configured for IPsec when the AH protocol is used. These issues allow an attacker from a trusted host to potentially be able to take control of the device by sending a specifically constructed IP packet that may lead to a system crash. Additionally, an attacker from any host may crash the target by sending an arbitrary packet to the device causing a Denial of Service (DoS). Sustained receipt of these specifically constructed or arbitrary packets will result in an extended Denial of Service condition. Devices not configured for IPsec AH use are not exploitable to these issues. These issues affect: Juniper Networks Junos OS 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200 on SRX Series; 15.1X53 versions prior to 15.1X53-D593 on EX2300, EX3400; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44, 17.2X75-D105, 17.2X75-D110; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S6, 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D33, 18.2X75-D60, 18.2X75-D411, 18.2X75-D420; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2, 19.1R3; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R1-S1, 19.3R2, 19.3R3. These issues do not affect Junos OS prior to 15.1R1. These issues exist where the ah protocol is configured or in use. One example of one minimal configuration is the "manual" IPSec SA configuration: security ipsec security-association <sa-name> manual direction <direction> protocol ah Other configurations apply. Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities. These issues were discovered during an external security research. CVE CVSS Summary In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, 7.5 ( CVSS:3.0 the length field of the ipsec option header does CVE-2018-6918 /AV:N/AC:L/ not count the size of the option header itself, PR:N/UI:N/S:U/ causing an infinite loop when the length is zero. C:N/I:N/A:H ) This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash. In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 9.8 ( CVSS:3.0 10.3-RELEASE-p28, the kernel does not properly CVE-2018-6916 /AV:N/AC:L/ validate IPsec packets coming from a trusted host. PR:N/UI:N/S:U/ Additionally, a use-after-free vulnerability C:H/I:H/A:H ) exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results. Solution: The following software releases have been updated to resolve these specific issues: 15.1R7-S6, 15.1X49-D200, 15.1X53-D593, 16.1R7-S7, 16.2R2-S11, 17.1R2-S11, 17.1R3-S2, 17.2R3-S3, 17.2X75-D44, 17.2X75-D105, 17.2X75-D110, 17.3R2-S5, 17.3R3-S7, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R2-S6, 18.2R3-S3, 18.2X75-D33, 18.2X75-D60, 18.2X75-D411, 18.2X75-D420, 18.3R1-S7, 18.3R2-S3, 18.3R3-S1, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1-S2, 19.2R2, 19.3R1-S1, 19.3R2, 19.3R3, 19.4R1, and all subsequent releases. These issues are being tracked as 1470693 . Workaround: There are no known workarounds for AH-only configurations. Customers may configure ESP instead of AH as it may be configured for both confidentiality and integrity. Note: You can configure encryption when AH is not in use. Implementation: Software Releases, patches and updates are available at https://www.juniper.net /support/downloads/ . Modification History: 2020-04-08: Initial publication CVSS Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Severity Level: Critical Severity Assessment: Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXo6Q4WaOgq3Tt24GAQjeOxAA3h7avjL22jmOCuGNOaNmgxVpueVsNbe0 0qyL8+tMthafzoiqeAsWY11QSl5Mv9ATw0QOOa0Fn3drAxJGvZ3Wc8L1KJWjtDPm hBzYQ9x2NFgFrTujK+lf5koct35LJig85KA5iBgJME2gyezrvMV3PgxfKKh/Hmuh irk1hUFcnccfkuslCgPdGoDFbVXeXiHiyII1NEa3mJHt0JAtOKTyYNcfHp2VfNHI ykkMxHouriuBz5tBuDQ6s9u0Y+cg+Cro6XLJ6o6+xcPc54e7IdIBDJskKPDsJ/Fp jPVBZ03nFUT1ZkzXO4W1fsL8aWMGDqnLBMGIcDC7FU4zKcvnbZ89nZQ1hqUMVDdh ivLZBWFHdmju7K6gDg0zRYStpPPkgCXDiO7tiGstmku5iFB0xrJlXtwpfW3wk9Er QfO7Hrw2OXBw25Jv2oqt2tVUes4WmntOQjWke8PqwWmQL9ioX5m1x5cQwTpJYzr6 MCaNo91RIHo3A9HHxgzbp7g3BpI8O8gBHfWsM4FV+heIUdWu+JmknoWev04vt4y3 Au3g8qzTvb6O3Obb6RaiH5qQq8KeUrFV7vGK8yqqsGIvcNI7pnIRltWWAqd8BACq MizZOG3DYmSRjpaLGEHWtnmMqkM1cwr4+Aro+UFXerMDAbF2KS62kDz4unex8Np3 nmU7I4i55fQ= =P87l -----END PGP SIGNATURE-----