Juniper scores dubious honour of owning CVE-2018-0001
Ten bug-berries fall from the bush, including the return of 2003's Etherleak
Juniper Networks, come on down: you have won the dubious honour of being responsible for CVE-2018-0001.
Apparently Juniper infosec bods didn't take much time off over the Christmas-New Year period, instead running up fixes for ten 2018-dated CVE (common vulnerability and exposure) notices.
CVE-2018-0001 is a bug affecting Junos OS versions in the 12.1X48, 12.3, 12.3X48, 14.1, 14.1X53, 14.2, 15.1, 15.1X49 and 15.1X53 branches.
An older version of PHP in the vulnerable varieties had a use-after-free bug that opens a remote code execution vector. It was reported to Juniper by Cure53, and most versions have patches available. If your system is on the “pending” list, Juniper said to disable J-Web or limit access to trusted hosts.
Further down the numbering, we find CVE-2018-0009, which exposed SRX firewalls to a bypass condition if firewall rules were configured using UUIDs (universally unique identifiers) with leading zeroes.
CVE-2018-0007 is a combination of privilege escalation and denial of service conditions associated with the Junos OS Link Layer Discovery Protocol (LLDP) implementation, while in CVE-2018-0008, a slip-up in the Junos commit script could leave a system vulnerable to unauthenticated login after a reboot.
CVE-2018-0002 affects MX routers and SRX firewalls are affected by a bug in the Flowd netflow collector, which can be sent into a denial-of-service (DoS) condition by a crafted TCP/IP packet.
Only systems running IPv4 on vulnerable Junos OS versions need to be patched.
ES and QFX are vulnerable to a DoS in CVE-2018-0005. If they're “configured to drop traffic when the MAC move limit is exceeded [they] will forward traffic instead.”
The Juniper subscriber management daemon, bbe-smgd, is the subject of CVE-2018-0006: it can be hosed by too many VLAN authentication attempts.
Finally – greybeards, get ready to wipe away a nostalgic tear – CVE-2018-0014 provides a fix for an Etherleak vulnerability in ScreenOS devices.
Etherleak is a mistake in Ethernet frame padding that can lead to information disclosure.
The Juniper advisory said: “Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets”.
As it happens, Etherleak was CVE-2003-0001, giving us a nice co-incidence on which to end this story. ®