Juniper scores dubious honour of owning CVE-2018-0001

Ten bug-berries fall from the bush, including the return of 2003's Etherleak

By Richard Chirgwin

Posted in Networks, 11th January 2018 01:58 GMT

Juniper Networks, come on down: you have won the dubious honour of being responsible for CVE-2018-0001.

Apparently Juniper infosec bods didn't take much time off over the Christmas-New Year period, instead running up fixes for ten 2018-dated CVE (common vulnerability and exposure) notices.

CVE-2018-0001 is a bug affecting Junos OS versions in the 12.1X48, 12.3, 12.3X48, 14.1, 14.1X53, 14.2, 15.1, 15.1X49 and 15.1X53 branches.

An older version of PHP in the vulnerable varieties had a use-after-free bug that opens a remote code execution vector. It was reported to Juniper by Cure53, and most versions have patches available. If your system is on the “pending” list, Juniper said to disable J-Web or limit access to trusted hosts.

Further down the numbering, we find CVE-2018-0009, which exposed SRX firewalls to a bypass condition if firewall rules were configured using UUIDs (universally unique identifiers) with leading zeroes.

CVE-2018-0007 is a combination of privilege escalation and denial of service conditions associated with the Junos OS Link Layer Discovery Protocol (LLDP) implementation, while in CVE-2018-0008, a slip-up in the Junos commit script could leave a system vulnerable to unauthenticated login after a reboot.

CVE-2018-0002 affects MX routers and SRX firewalls are affected by a bug in the Flowd netflow collector, which can be sent into a denial-of-service (DoS) condition by a crafted TCP/IP packet.

Only systems running IPv4 on vulnerable Junos OS versions need to be patched.

CVE-2018-0003 is a DoS bug in various Junos OS versions' MPLS implementation, and CVE-2018-0004 is a kernel-level DoS triggered by transit traffic overloading the CPU.

ES and QFX are vulnerable to a DoS in CVE-2018-0005. If they're “configured to drop traffic when the MAC move limit is exceeded [they] will forward traffic instead.”

The Juniper subscriber management daemon, bbe-smgd, is the subject of CVE-2018-0006: it can be hosed by too many VLAN authentication attempts.

Finally – greybeards, get ready to wipe away a nostalgic tear – CVE-2018-0014 provides a fix for an Etherleak vulnerability in ScreenOS devices.

Etherleak is a mistake in Ethernet frame padding that can lead to information disclosure.

The Juniper advisory said: “Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets”.

As it happens, Etherleak was CVE-2003-0001, giving us a nice co-incidence on which to end this story. ®

Sign up to our NewsletterGet IT in your inbox daily

1 Comment

More from The Register

Juniper Contrail Cloud spotted heading for junior telco networks

Gin palace lead architect explains plan to make NFV reign

Juniper sharpens knife for the carrier network and boxes white boxes

MWC Suddenly, everyone's using automation to beat back open networks

Juniper admins: Pour that hipster gin and settle in for a session

April patch bunch offers lucky thirteen fixes, mostly for Junos OS

Nokia 'not currently' talking about nor arranging Juniper buy

Note the 'currently' because something just made the Gin Palace's shares pop 20 per cent

Juniper squeezes vulns that allow total p0wnage

NorthStar WAN SDN Controller has 28 nasties, half a dozen critical

Juniper warns of bitter 3rd quarter due to cloud sales crash

The cloud market's going nuts and Juniper rode it in Q1 and Q2. So what's wrong now?

Juniper's 2018 spring collection: Switches, security, and subs

Daaahlink! Cloud was so 2017. This year is about multicloud

Juniper revenue dries up, company says clouds to rain cash soon

New accounting rules, slow service provider sales blamed for thinning profit

In Red Hat, Veritas: Firm backs OpenStack convergence play

Voice through your Linux server? You might want this

Juniper Networks grabs silicon photonic developer Aurrion

Optics are the most expensive bits of a switch these days and Juniper hopes vertical integration changes that