Data Centre


Juniper scores dubious honour of owning CVE-2018-0001

Ten bug-berries fall from the bush, including the return of 2003's Etherleak

By Richard Chirgwin


Juniper Networks, come on down: you have won the dubious honour of being responsible for CVE-2018-0001.

Apparently Juniper infosec bods didn't take much time off over the Christmas-New Year period, instead running up fixes for ten 2018-dated CVE (common vulnerability and exposure) notices.

CVE-2018-0001 is a bug affecting Junos OS versions in the 12.1X48, 12.3, 12.3X48, 14.1, 14.1X53, 14.2, 15.1, 15.1X49 and 15.1X53 branches.

An older version of PHP in the vulnerable varieties had a use-after-free bug that opens a remote code execution vector. It was reported to Juniper by Cure53, and most versions have patches available. If your system is on the “pending” list, Juniper said to disable J-Web or limit access to trusted hosts.

Further down the numbering, we find CVE-2018-0009, which exposed SRX firewalls to a bypass condition if firewall rules were configured using UUIDs (universally unique identifiers) with leading zeroes.

CVE-2018-0007 is a combination of privilege escalation and denial of service conditions associated with the Junos OS Link Layer Discovery Protocol (LLDP) implementation, while in CVE-2018-0008, a slip-up in the Junos commit script could leave a system vulnerable to unauthenticated login after a reboot.

CVE-2018-0002 affects MX routers and SRX firewalls are affected by a bug in the Flowd netflow collector, which can be sent into a denial-of-service (DoS) condition by a crafted TCP/IP packet.

Only systems running IPv4 on vulnerable Junos OS versions need to be patched.

CVE-2018-0003 is a DoS bug in various Junos OS versions' MPLS implementation, and CVE-2018-0004 is a kernel-level DoS triggered by transit traffic overloading the CPU.

ES and QFX are vulnerable to a DoS in CVE-2018-0005. If they're “configured to drop traffic when the MAC move limit is exceeded [they] will forward traffic instead.”

The Juniper subscriber management daemon, bbe-smgd, is the subject of CVE-2018-0006: it can be hosed by too many VLAN authentication attempts.

Finally – greybeards, get ready to wipe away a nostalgic tear – CVE-2018-0014 provides a fix for an Etherleak vulnerability in ScreenOS devices.

Etherleak is a mistake in Ethernet frame padding that can lead to information disclosure.

The Juniper advisory said: “Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets”.

As it happens, Etherleak was CVE-2003-0001, giving us a nice co-incidence on which to end this story. ®

Sign up to our NewsletterGet IT in your inbox daily

1 Comment

More from The Register

Apple blew my mind – literally, says woman: MagSafe plug sparked face-torching blaze, lawsuit claims

Defective kit caused oxygen mask conflagration, court told

Cook fights for life after Google summit blaze

Google I/O Don't worry, no programmers were harmed, says web ads giant

X-IO lights a fresh blaze in its iglu, puts it on ISE

Fifty per cent speed booster adds IOPS

Voting machine maker claims vote machine hack-fests a 'green light' for foreign hackers

NSA code smacker says no, hackers perform a service

Expert gives Congress solution to vote machine cyber-security fears: Keep a paper backup

Video Hot take from crypto-guru Prof Matt Blaze

SAP's Business Client can own entire apps, DDOS them into dust

And that's the worst of ten patches awaiting lucky, lucky SAP admins

What a shower: METEORS will BLAZE a FIERY TRAIL across our skies

One for The Bumper Book of Astronomical FLOPS, then

Go big (with our bandwidth) or go home, Verizon: Texas mulls outlawing 911 throttling after Cali wildfire fiasco

Public safety versus profit

Stanford boffins snuff out li-ion batt blaze risk

Plastic covering corrects cockups

Wells Fargo? Well fscked at the moment: Data center up in smoke, bank website, app down

Something something dark, billowing cloud computing: Massive multi-hour outage across US, and it's still down