Data Centre


Juniper scores dubious honour of owning CVE-2018-0001

Ten bug-berries fall from the bush, including the return of 2003's Etherleak

By Richard Chirgwin


Juniper Networks, come on down: you have won the dubious honour of being responsible for CVE-2018-0001.

Apparently Juniper infosec bods didn't take much time off over the Christmas-New Year period, instead running up fixes for ten 2018-dated CVE (common vulnerability and exposure) notices.

CVE-2018-0001 is a bug affecting Junos OS versions in the 12.1X48, 12.3, 12.3X48, 14.1, 14.1X53, 14.2, 15.1, 15.1X49 and 15.1X53 branches.

An older version of PHP in the vulnerable varieties had a use-after-free bug that opens a remote code execution vector. It was reported to Juniper by Cure53, and most versions have patches available. If your system is on the “pending” list, Juniper said to disable J-Web or limit access to trusted hosts.

Further down the numbering, we find CVE-2018-0009, which exposed SRX firewalls to a bypass condition if firewall rules were configured using UUIDs (universally unique identifiers) with leading zeroes.

CVE-2018-0007 is a combination of privilege escalation and denial of service conditions associated with the Junos OS Link Layer Discovery Protocol (LLDP) implementation, while in CVE-2018-0008, a slip-up in the Junos commit script could leave a system vulnerable to unauthenticated login after a reboot.

CVE-2018-0002 affects MX routers and SRX firewalls are affected by a bug in the Flowd netflow collector, which can be sent into a denial-of-service (DoS) condition by a crafted TCP/IP packet.

Only systems running IPv4 on vulnerable Junos OS versions need to be patched.

CVE-2018-0003 is a DoS bug in various Junos OS versions' MPLS implementation, and CVE-2018-0004 is a kernel-level DoS triggered by transit traffic overloading the CPU.

ES and QFX are vulnerable to a DoS in CVE-2018-0005. If they're “configured to drop traffic when the MAC move limit is exceeded [they] will forward traffic instead.”

The Juniper subscriber management daemon, bbe-smgd, is the subject of CVE-2018-0006: it can be hosed by too many VLAN authentication attempts.

Finally – greybeards, get ready to wipe away a nostalgic tear – CVE-2018-0014 provides a fix for an Etherleak vulnerability in ScreenOS devices.

Etherleak is a mistake in Ethernet frame padding that can lead to information disclosure.

The Juniper advisory said: “Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets”.

As it happens, Etherleak was CVE-2003-0001, giving us a nice co-incidence on which to end this story. ®

Sign up to our NewsletterGet IT in your inbox daily

1 Comment

More from The Register

Juniper pours a shot of its data centre juice into campus networks

Big switch-style fabric comes to pizza boxes

Juniper Contrail Cloud spotted heading for junior telco networks

Gin palace lead architect explains plan to make NFV reign

Juniper sharpens knife for the carrier network and boxes white boxes

MWC Suddenly, everyone's using automation to beat back open networks

400GbE party. Loud knock at the door. Music stops. In jumps Juniper

And it's clutching a roadmap that charts first shipments before end of 2018

Juniper admins: Pour that hipster gin and settle in for a session

April patch bunch offers lucky thirteen fixes, mostly for Junos OS

Nokia 'not currently' talking about nor arranging Juniper buy

Note the 'currently' because something just made the Gin Palace's shares pop 20 per cent

Gin and bear it: Another tight quarter for Juniper, hopes berry high for growth by Q4

$1.2bn revs beat guidance, routers lumpy, software, security strong

Juniper squeezes vulns that allow total p0wnage

NorthStar WAN SDN Controller has 28 nasties, half a dozen critical

Juniper makes a meal of Spectre/Meltdown

Roundup Plus BIND bugs, billion-Euro Nokia deal, and push-to-talk gets LTE-rrific

Juniper warns of bitter 3rd quarter due to cloud sales crash

The cloud market's going nuts and Juniper rode it in Q1 and Q2. So what's wrong now?