supportportal.juniper.net
Open in
urlscan Pro
85.222.140.11
Public Scan
Submitted URL: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
Effective URL: https://supportportal.juniper.net/s/article/2015-04-Security-Bulletin-IDP-Multiple-vulnerabilities-addressed-by-third-party-softwa...
Submission: On November 27 via api from HU — Scanned from DE
Effective URL: https://supportportal.juniper.net/s/article/2015-04-Security-Bulletin-IDP-Multiple-vulnerabilities-addressed-by-third-party-softwa...
Submission: On November 27 via api from HU — Scanned from DE
Form analysis 3 forms found in the DOM
<form novalidate="">
<slot>
<slot>
<div c-kcs_headerlwc_kcs_headerlwc="" class="titleSection">
<p class="slds-p-bottom_small" c-kcs_headerlwc_kcs_headerlwc="">2015-04 Security Bulletin: IDP: Multiple vulnerabilities addressed by third party software updates.</p>
<div c-kcs_headerlwc_kcs_headerlwc="" class="slds-grid slds-wrap slds-m-top_xxx-small">
<div c-kcs_headerlwc_kcs_headerlwc="" class="headerSection">
<div class="slds-m-top_small" c-kcs_headerlwc_kcs_headerlwc=""><label class="headerLabel slds-m-right_small" c-kcs_headerlwc_kcs_headerlwc="">Article ID</label><span class="slds-m-right_large"
c-kcs_headerlwc_kcs_headerlwc="">JSA10673</span></div>
<div class="slds-m-top_small" c-kcs_headerlwc_kcs_headerlwc=""><label class="headerLabel slds-m-right_small" c-kcs_headerlwc_kcs_headerlwc="">Created</label><span class="slds-m-right_large"
c-kcs_headerlwc_kcs_headerlwc="">2015-04-03</span></div>
<div class="slds-m-top_small" c-kcs_headerlwc_kcs_headerlwc=""><label class="headerLabel slds-m-right_small" c-kcs_headerlwc_kcs_headerlwc="">Last Updated</label><span class="slds-m-right_large"
c-kcs_headerlwc_kcs_headerlwc="">2015-04-08</span></div>
</div>
<div c-kcs_headerlwc_kcs_headerlwc="" class="slds-text-align_right slds-no-print btnContainer"><button c-kcs_headerlwc_kcs_headerlwc="" class="slds-button headerbtn mobileHidden slds-m-right_x-small slds-m-top_small"><lightning-icon
c-kcs_headerlwc_kcs_headerlwc="" class="slds-m-right_x-small slds-icon-utility-print slds-icon_container" icon-name="utility:print" lwc-4897l11qtae-host=""><span lwc-4897l11qtae=""
style="--sds-c-icon-color-background: var(--slds-c-icon-color-background, transparent)" part="boundary"><lightning-primitive-icon lwc-4897l11qtae="" exportparts="icon" size="x-small" variant="" lwc-1lvsf31r115-host=""><svg
focusable="false" aria-hidden="true" viewBox="0 0 520 520" part="icon" lwc-1lvsf31r115="" data-key="print" class="slds-icon slds-icon-text-default slds-icon_x-small">
<g lwc-1lvsf31r115="">
<path
d="M465 174H55a40 40 0 00-40 40v140a40 40 0 0040 40h59v58a40 40 0 0040 40h213a40 40 0 0040-40v-58h59a40 40 0 0040-40V214c-1-22-19-40-41-40zM83 277a30 30 0 01-30-30c0-17 13-30 30-30s30 13 30 30a30 30 0 01-30 30zm276 154c0 8-7 15-15 15H174c-8 0-15-7-15-15v-98c0-8 7-15 15-15h170c8 0 15 7 15 15v98zm46-320c0 8-7 15-15 15H128c-8 0-15-7-15-15V43c0-8 7-15 15-15h262c8 0 15 7 15 15v68z"
lwc-1lvsf31r115=""></path>
</g>
</svg></lightning-primitive-icon></span></lightning-icon>Print</button><button c-kcs_headerlwc_kcs_headerlwc="" class="slds-button headerbtn slds-m-top_small"><lightning-icon c-kcs_headerlwc_kcs_headerlwc=""
class="slds-m-right_x-small slds-icon-utility-user slds-icon_container" icon-name="utility:user" lwc-4897l11qtae-host=""><span lwc-4897l11qtae="" style="--sds-c-icon-color-background: var(--slds-c-icon-color-background, transparent)"
part="boundary"><lightning-primitive-icon lwc-4897l11qtae="" exportparts="icon" size="x-small" variant="" lwc-s8kop0gr7s-host=""><svg focusable="false" aria-hidden="true" viewBox="0 0 520 520" part="icon" lwc-s8kop0gr7s=""
data-key="user" class="slds-icon slds-icon-text-default slds-icon_x-small">
<g lwc-s8kop0gr7s="">
<path
d="M500 430v22c0 26-22 48-48 48H68a49 49 0 01-48-48v-22c0-58 68-94 132-122l6-3c5-2 10-2 15 1a155 155 0 00172 0c5-3 10-3 15-1l6 3c66 28 134 63 134 122zM260 20c66 0 119 59 119 132s-53 132-119 132-119-59-119-132S194 20 260 20z"
lwc-s8kop0gr7s=""></path>
</g>
</svg></lightning-primitive-icon></span></lightning-icon>Report a Security Vulnerability</button></div>
</div>
</div>
</slot>
</slot>
</form><form novalidate="">
<slot>
<slot>
<div c-kcs_articleinfolwc_kcs_articleinfolwc="" class="detailSection">
<div c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-around_large section2">
<div c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-grid slds-wrap slds-m-top_medium">
<div c-kcs_articleinfolwc_kcs_articleinfolwc="" class="jsaDiv slds-p-right_medium"><label class="slds-p-bottom_small" c-kcs_articleinfolwc_kcs_articleinfolwc="">Product Affected</label><lightning-formatted-rich-text
c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-bottom_large slds-rich-text-editor__output" lwc-4nfn2rc40ch-host=""><span lwc-4nfn2rc40ch="" part="formatted-rich-text">NetScreen IDP stand alone platforms running IDP OS 5.1
prior to 5.1r4.</span></lightning-formatted-rich-text></div>
<div c-kcs_articleinfolwc_kcs_articleinfolwc="" class="jsaDiv slds-m-bottom_small">
<div c-kcs_articleinfolwc_kcs_articleinfolwc="" class="severityJsa jsaBorder slds-m-right_medium"><label class="slds-p-bottom_x-small slds-p-top_x-small spanBlock slds-p-left_x-small slds-p-right_x-small"
c-kcs_articleinfolwc_kcs_articleinfolwc="">Severity</label><span c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-bottom_x-small slds-p-top_xx-small slds-p-left_x-small slds-p-right_x-small"><lightning-formatted-rich-text
c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-rich-text-editor__output" lwc-4nfn2rc40ch-host=""><span lwc-4nfn2rc40ch="" part="formatted-rich-text">High</span></lightning-formatted-rich-text></span></div>
<div c-kcs_articleinfolwc_kcs_articleinfolwc="" class="cvvscore jsaBorder"><label class="slds-p-bottom_x-small slds-p-top_x-small spanBlock slds-p-left_x-small slds-p-right_x-small" c-kcs_articleinfolwc_kcs_articleinfolwc="">Severity
Assessment (CVSS) Score</label><span c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-bottom_x-small slds-p-top_xx-small slds-p-left_x-small slds-p-right_x-small"><lightning-formatted-rich-text
c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-rich-text-editor__output" lwc-4nfn2rc40ch-host=""><span lwc-4nfn2rc40ch="" part="formatted-rich-text">7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)</span></lightning-formatted-rich-text></span></div>
</div>
</div><label class="slds-p-bottom_small" c-kcs_articleinfolwc_kcs_articleinfolwc="">Problem</label><lightning-formatted-rich-text c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-bottom_large slds-rich-text-editor__output"
lwc-4nfn2rc40ch-host=""><span lwc-4nfn2rc40ch="" part="formatted-rich-text">
<p lwc-4nfn2rc40ch=""> IDP release 5.1r4 addresses vulnerabilities in prior releases with updated third party software. The following is a summary of vulnerabilities ordered by risk score: </p>
<table class="striped" lwc-4nfn2rc40ch="">
<tbody lwc-4nfn2rc40ch="">
<tr class="rowHead" lwc-4nfn2rc40ch="">
<th rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> CVE </th>
<th rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> CVSS v2 base score </th>
<th rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> Summary </th>
</tr>
<tr lwc-4nfn2rc40ch="">
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> CVE-2014-6271 </td>
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) </td>
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> Remote command injection vulnerability in Bash also known as Shellshock. See JSA10648. </td>
</tr>
<tr lwc-4nfn2rc40ch="">
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> CVE-2010-4478 </td>
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) </td>
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> OpenSSH authentication bypass vulnerability related to J-PAKE. </td>
</tr>
<tr lwc-4nfn2rc40ch="">
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> CVE-2012-2131 </td>
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) </td>
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> OpenSSL Multiple buffer overflow vulnerabilities. </td>
</tr>
<tr lwc-4nfn2rc40ch="">
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> CVE-2012-5195 </td>
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) </td>
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> Perl denial of service vulnerability. </td>
</tr>
<tr lwc-4nfn2rc40ch="">
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> CVE-2009-3563 </td>
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) </td>
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> NTP Denial of service vulnerability. </td>
</tr>
<tr lwc-4nfn2rc40ch="">
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> CVE-2011-0539 </td>
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) </td>
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> OpenSSH ssh-keygen insecure certificate generation vulnerability. </td>
</tr>
<tr lwc-4nfn2rc40ch="">
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> CVE-2012-0814 </td>
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N) </td>
<td rowspan="1" colspan="1" lwc-4nfn2rc40ch=""> OpenSSH information leak vulnerability. </td>
</tr>
</tbody>
</table>
</span></lightning-formatted-rich-text><label class="slds-p-bottom_small" c-kcs_articleinfolwc_kcs_articleinfolwc="">Solution</label><lightning-formatted-rich-text c-kcs_articleinfolwc_kcs_articleinfolwc=""
class="slds-p-bottom_large slds-rich-text-editor__output" lwc-4nfn2rc40ch-host=""><span lwc-4nfn2rc40ch="" part="formatted-rich-text">
<p lwc-4nfn2rc40ch=""> All these issues are resolved in IDP 5.1r4 (released 25 Feb 2015) or later releases. <br lwc-4nfn2rc40ch=""> </p>
<p lwc-4nfn2rc40ch=""> IDP Software Releases and Patches are available at <a target="_blank" href="https://www.juniper.net/support/downloads/" lwc-4nfn2rc40ch=""> https://www.juniper.net/support/downloads/ </a> from the "Download
Software" links. </p>
</span></lightning-formatted-rich-text><label class="slds-p-bottom_small" c-kcs_articleinfolwc_kcs_articleinfolwc="">Workaround</label><lightning-formatted-rich-text c-kcs_articleinfolwc_kcs_articleinfolwc=""
class="slds-p-bottom_large slds-rich-text-editor__output" lwc-4nfn2rc40ch-host=""><span lwc-4nfn2rc40ch="" part="formatted-rich-text">
<p lwc-4nfn2rc40ch=""> Limiting access to the device from only trusted hosts would help mitigate or reduce the risks of exposure to these issues. <br lwc-4nfn2rc40ch=""> </p>
</span></lightning-formatted-rich-text><label class="slds-p-bottom_small" c-kcs_articleinfolwc_kcs_articleinfolwc="">Severity Assessment</label><lightning-formatted-rich-text c-kcs_articleinfolwc_kcs_articleinfolwc=""
class="slds-p-bottom_large slds-rich-text-editor__output" lwc-4nfn2rc40ch-host=""><span lwc-4nfn2rc40ch="" part="formatted-rich-text">Since ShellShock vulnerabilities were alerted in JSA10648, CVE-2014-4478 with CVSS score of 5.8 is used
to determine the risk level associated with this advisory.</span></lightning-formatted-rich-text><label class="slds-p-bottom_small" c-kcs_articleinfolwc_kcs_articleinfolwc="">Modification History</label><lightning-formatted-rich-text
c-kcs_articleinfolwc_kcs_articleinfolwc="" class="slds-p-bottom_large slds-rich-text-editor__output" lwc-4nfn2rc40ch-host=""><span lwc-4nfn2rc40ch="" part="formatted-rich-text"><strong lwc-4nfn2rc40ch=""> <span
style="text-transform: uppercase;font-size: 135%;" lwc-4nfn2rc40ch=""> Modification History: </span> </strong>
<p lwc-4nfn2rc40ch=""> 2015-04-08: Initial release. </p>
</span></lightning-formatted-rich-text><label class="slds-p-bottom_small" c-kcs_articleinfolwc_kcs_articleinfolwc="">Related Information</label><lightning-formatted-rich-text c-kcs_articleinfolwc_kcs_articleinfolwc=""
class="slds-p-bottom_large slds-rich-text-editor__output" lwc-4nfn2rc40ch-host=""><span lwc-4nfn2rc40ch="" part="formatted-rich-text">
<ul lwc-4nfn2rc40ch="">
<li lwc-4nfn2rc40ch="">
<a target="_blank" href="/s/article/Overview-of-the-Juniper-Networks-SIRT-Quarterly-Security-Bulletin-Publication-Process" lwc-4nfn2rc40ch=""> KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process </a>
</li>
<li lwc-4nfn2rc40ch=""> <a target="_blank" href="/s/article/In-which-releases-are-vulnerabilities-fixed" lwc-4nfn2rc40ch=""> KB16765: In which releases are vulnerabilities fixed? </a> </li>
<li lwc-4nfn2rc40ch="">
<a target="_blank" href="/s/article/Common-Vulnerability-Scoring-System-CVSS-and-Juniper-s-Security-Advisories" lwc-4nfn2rc40ch=""> KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories </a> </li>
<li lwc-4nfn2rc40ch=""> <a target="_blank" href="http://www.juniper.net/security/report-vulnerability/" lwc-4nfn2rc40ch=""> Report a Security Vulnerability - How to Contact the Juniper Networks Security Incident Response Team </a>
</li>
</ul>
</span></lightning-formatted-rich-text><label class="slds-p-bottom_small" c-kcs_articleinfolwc_kcs_articleinfolwc="">Acknowledgements</label><lightning-formatted-rich-text c-kcs_articleinfolwc_kcs_articleinfolwc=""
class="slds-p-bottom_large slds-rich-text-editor__output" lwc-4nfn2rc40ch-host=""><span lwc-4nfn2rc40ch="" part="formatted-rich-text"><br lwc-4nfn2rc40ch=""></span></lightning-formatted-rich-text>
</div><lightning-accordion c-kcs_articleinfolwc_kcs_articleinfolwc="" role="list" class="slds-accordion" lwc-4fpb0t2acsh-host="">
<div lwc-4fpb0t2acsh="" part="accordion">
<slot lwc-4fpb0t2acsh=""><lightning-accordion-section c-kcs_articleinfolwc_kcs_articleinfolwc="" role="listitem" class="slds-accordion__list-item" lwc-3tfn8c53l4v-host="">
<div lwc-3tfn8c53l4v="" class="slds-accordion__list-item">
<section lwc-3tfn8c53l4v="" class="slds-accordion__section" part="accordion-section">
<div lwc-3tfn8c53l4v="" class="slds-accordion__summary">
<h2 lwc-3tfn8c53l4v="" class="slds-accordion__summary-heading"><button lwc-3tfn8c53l4v="" class="section-control slds-button slds-button_reset slds-accordion__summary-action" type="button" aria-expanded="false"
aria-controls="lgt-accordion-section-32" part="button"><lightning-primitive-icon lwc-3tfn8c53l4v="" size="x-small" lwc-50j7sev6rtt-host=""><svg focusable="false" aria-hidden="true" viewBox="0 0 520 520" part="icon"
lwc-50j7sev6rtt="" data-key="chevronright" class="slds-button__icon slds-button__icon_left slds-icon slds-icon-text-default slds-icon_x-small">
<g lwc-50j7sev6rtt="">
<path d="M179 44l207 205c6 6 6 16 0 22L179 476c-6 6-16 6-22 0l-22-22c-6-6-6-16 0-22l163-161c6-6 6-16 0-22L136 88c-6-6-6-16 0-22l22-22c6-5 15-5 21 0z" lwc-50j7sev6rtt=""></path>
</g>
</svg></lightning-primitive-icon><span class="slds-accordion__summary-content" lwc-3tfn8c53l4v="" title="AFFECTED PRODUCT SERIES / FEATURES">AFFECTED PRODUCT SERIES / FEATURES</span></button></h2>
<slot lwc-3tfn8c53l4v="" name="actions"></slot>
</div>
<div lwc-3tfn8c53l4v="" class="slds-accordion__content" id="lgt-accordion-section-32" hidden="" aria-hidden="true">
<slot lwc-3tfn8c53l4v=""><c-kcs_affectedproduct-l-w-c c-kcs_articleinfolwc_kcs_articleinfolwc="" c-kcs_affectedproductlwc_kcs_affectedproductlwc-host="">
<div class="afftedProd slds-m-top_small" c-kcs_affectedproductlwc_kcs_affectedproductlwc="">
<a c-kcs_affectedproductlwc_kcs_affectedproductlwc="" href="https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=relevancy&f:level1=[EOS]">EOS</a></div>
</c-kcs_affectedproduct-l-w-c></slot>
</div>
</section>
</div>
</lightning-accordion-section></slot>
</div>
</lightning-accordion>
</div>
</slot>
</slot>
</form>POST
<form id="fileUploadForm" enctype="multipart/form-data" method="post" target="fileUploadIframe"><input type="file" id="fileSelector" name="file" style="display: none;"><input name="filename" type="hidden"></form>Text Content
Loading
×Sorry to interrupt
This page has an error. You might just need to refresh it. [LWC component's
@wire target property or method threw an error during value provisioning.
Original error: [Cannot read properties of undefined (reading
'ContentDocumentId')]] Failing descriptor: {markup://c:kCS_fileCompLWC}
Refresh
Skip to Main Content
Juniper Support Portal
* Home
* Knowledge
* Quick Links
* More
Expand search
SearchLoading
Close search
Log in
Knowledge BaseBack
2015-04 Security Bulletin: IDP: Multiple vulnerabilities addressed by third
party software updates.
Article IDJSA10673
Created2015-04-03
Last Updated2015-04-08
PrintReport a Security Vulnerability
Product AffectedNetScreen IDP stand alone platforms running IDP OS 5.1 prior to
5.1r4.
SeverityHigh
Severity Assessment (CVSS) Score7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Problem
IDP release 5.1r4 addresses vulnerabilities in prior releases with updated third
party software. The following is a summary of vulnerabilities ordered by risk
score:
CVE CVSS v2 base score Summary CVE-2014-6271 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Remote command injection vulnerability in Bash also known as Shellshock. See
JSA10648. CVE-2010-4478 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) OpenSSH authentication
bypass vulnerability related to J-PAKE. CVE-2012-2131 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P) OpenSSL Multiple buffer overflow vulnerabilities.
CVE-2012-5195 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Perl denial of service
vulnerability. CVE-2009-3563 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) NTP Denial of
service vulnerability. CVE-2011-0539 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) OpenSSH
ssh-keygen insecure certificate generation vulnerability. CVE-2012-0814 3.5
(AV:N/AC:M/Au:S/C:P/I:N/A:N) OpenSSH information leak vulnerability.
Solution
All these issues are resolved in IDP 5.1r4 (released 25 Feb 2015) or later
releases.
IDP Software Releases and Patches are available at
https://www.juniper.net/support/downloads/ from the "Download Software" links.
Workaround
Limiting access to the device from only trusted hosts would help mitigate or
reduce the risks of exposure to these issues.
Severity AssessmentSince ShellShock vulnerabilities were alerted in JSA10648,
CVE-2014-4478 with CVSS score of 5.8 is used to determine the risk level
associated with this advisory.Modification History Modification History:
2015-04-08: Initial release.
Related Information
* KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin
Publication Process
* KB16765: In which releases are vulnerabilities fixed?
* KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security
Advisories
* Report a Security Vulnerability - How to Contact the Juniper Networks
Security Incident Response Team
Acknowledgements
AFFECTED PRODUCT SERIES / FEATURES
EOS
PEOPLE ALSO VIEWED
JSA88100 : 2024-10 Security Bulletin: Junos OS and Junos OS Evolved: With
certain BGP options enabled, receipt of specifically malformed BGP update causes
RPD crash (CVE-2024-39516)
JSA88119 : 2024-10 Security Bulletin: Junos OS: MX Series: Trio-based FPCs:
Continuous physical interface flaps causes local FPC to crash (CVE-2024-47493)
Results 1-2 of 2
Live chat:
© 1999 - 2024 Juniper Networks, Inc.
All rights reserved
* Contacts
* Feedback
* Site Map
* Privacy Policy
* Legal Notices
* DMCA Policy
Loading