Juniper scores dubious honour of owning CVE-2018-0001

Ten bug-berries fall from the bush, including the return of 2003's Etherleak

By Richard Chirgwin

Posted in Networks, 11th January 2018 01:58 GMT

Juniper Networks, come on down: you have won the dubious honour of being responsible for CVE-2018-0001.

Apparently Juniper infosec bods didn't take much time off over the Christmas-New Year period, instead running up fixes for ten 2018-dated CVE (common vulnerability and exposure) notices.

CVE-2018-0001 is a bug affecting Junos OS versions in the 12.1X48, 12.3, 12.3X48, 14.1, 14.1X53, 14.2, 15.1, 15.1X49 and 15.1X53 branches.

An older version of PHP in the vulnerable varieties had a use-after-free bug that opens a remote code execution vector. It was reported to Juniper by Cure53, and most versions have patches available. If your system is on the “pending” list, Juniper said to disable J-Web or limit access to trusted hosts.

Further down the numbering, we find CVE-2018-0009, which exposed SRX firewalls to a bypass condition if firewall rules were configured using UUIDs (universally unique identifiers) with leading zeroes.

CVE-2018-0007 is a combination of privilege escalation and denial of service conditions associated with the Junos OS Link Layer Discovery Protocol (LLDP) implementation, while in CVE-2018-0008, a slip-up in the Junos commit script could leave a system vulnerable to unauthenticated login after a reboot.

CVE-2018-0002 affects MX routers and SRX firewalls are affected by a bug in the Flowd netflow collector, which can be sent into a denial-of-service (DoS) condition by a crafted TCP/IP packet.

Only systems running IPv4 on vulnerable Junos OS versions need to be patched.

CVE-2018-0003 is a DoS bug in various Junos OS versions' MPLS implementation, and CVE-2018-0004 is a kernel-level DoS triggered by transit traffic overloading the CPU.

ES and QFX are vulnerable to a DoS in CVE-2018-0005. If they're “configured to drop traffic when the MAC move limit is exceeded [they] will forward traffic instead.”

The Juniper subscriber management daemon, bbe-smgd, is the subject of CVE-2018-0006: it can be hosed by too many VLAN authentication attempts.

Finally – greybeards, get ready to wipe away a nostalgic tear – CVE-2018-0014 provides a fix for an Etherleak vulnerability in ScreenOS devices.

Etherleak is a mistake in Ethernet frame padding that can lead to information disclosure.

The Juniper advisory said: “Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets”.

As it happens, Etherleak was CVE-2003-0001, giving us a nice co-incidence on which to end this story. ®

Sign up to our NewsletterGet IT in your inbox daily

1 Comment

More from The Register

Juniper Contrail Cloud spotted heading for junior telco networks

Gin palace lead architect explains plan to make NFV reign

Red Hat slams into reverse on CPU fix for Spectre design blunder

Microcode mitigations trigger system wobbles, penguinistas warn

Microsoft, Red Hat in cross-platform container and .Net cuddle

Redmond Hat will run each other's containers in each other's clouds

Red Hat banishes Btrfs from RHEL

ZFS On Linux adds the proper crypto Google wants before considering Btfrs for Android

Red Hat tries CoreOS on for size – and buys

Open-source firms hook up for $250m

Red Hat acquires Permabit to put the squeeze on RHEL

Stallman says ZFS-on-Linux is impossible ... now Red Hat has dedupe without GNU legals

Red Hat pledges patent protection for 99 per cent of FOSS-ware

Company has trove of 2,000 patents and won't enforce any of them if you licence right

Nokia 'not currently' talking about nor arranging Juniper buy

Note the 'currently' because something just made the Gin Palace's shares pop 20 per cent

Juniper squeezes vulns that allow total p0wnage

NorthStar WAN SDN Controller has 28 nasties, half a dozen critical

Red Hat dons hyperconverged headware

When is a server a hyper-server? When it bundles V12N, RHEL, Gluster and Ansible