CVE-2017-2344 – Junos: Buffer overflow in sockets library
https://notcve.org/view.php?id=CVE-2017-2344
A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of service (kernel panic) or be leveraged as a privilege escalation through local code execution. The routines are only accessible via programs running on the device itself, and veriexec restricts arbitrary programs from running on Junos OS. There are no known exploit vectors utilizing signed binaries shipped with Junos OS itself. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. • http://www.securityfocus.com/bid/99556 http://www.securitytracker.com/id/1038896 https://kb.juniper.net/JSA10792 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-2303
https://notcve.org/view.php?id=CVE-2017-2303
On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R5, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D30 or 15.1X49-D40, 15.1X53 prior to 15.1X53-D35, and where RIP is enabled, certain RIP advertisements received by the router may cause the RPD daemon to crash resulting in a denial of service condition. En productos o plataformas Juniper Networks que ejecutan Junos OS 12.1X46 anteriores a 12.1X46-D50, 12.1X47 anteriores a 12.1X47-D40, 12.3 anteriores a 12.3R13, 12.3X48 anteriores a 12.3X48-D30, 13.2X51 anteriores a 13.2X51-D40, 13.3 anteriores a 13.3R10, 14.1 anteriores a 14.1R8, 14.1X53 anteriores a 14.1X53-D35, 14.1X55 anteriores a 14.1X55-D35, 14.2 anteriores a 14.2R5, 15.1 anteriores a 15.1F6 o 15.1R3, 15.1X49 anteriores a 15.1X49-D30 o 15.1X49-D40, 15.1X53 anteriores a 15.1X53-D35, y donde RIP está habilitado, ciertos anuncios RIP recibidos por el router pueden causar que el demonio de RPD se bloquee resultando en una condición de denegación de servicio. • http://www.securityfocus.com/bid/95408 http://www.securitytracker.com/id/1037594 https://kb.juniper.net/JSA10772 •
CVE-2017-2300
https://notcve.org/view.php?id=CVE-2017-2300
On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets. En los clústeres de tipo chassis de dispositivos Juniper Networks SRX Series Services Gateways que ejecutan el sistema operativo versiones: Junos 12.1X46 anterior a 12.1X46-D65, 12.3X48 anterior a 12.3X48-D40 y12.3X48 anterior a 12.3X48-D60, el demonio flowd en el nodo principal del clúster, puede bloquearse y reiniciarse al intentar sincronizar una sesión multicast creada mediante paquetes multicast especialmente diseñados. • http://www.securityfocus.com/bid/95400 http://www.securitytracker.com/id/1037597 https://kb.juniper.net/JSA10768 •
CVE-2017-2302
https://notcve.org/view.php?id=CVE-2017-2302
On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. En productos o plataformas Juniper Networks que ejecutan Junos OS 12.1X46 anteriores a 12.1X46-D55, 12.1X47 anteriores a 12.1X47-D45, 12.3R13 anteriores a 12.3R13, 12.3X48 anteriores a 12.3X48-D35, 13.3 anteriores a 13.3R10, 14.1 anteriores a 14.1R8, 14.1X53 anteriores a 14.1X53-D40, 14.1X55 anteriores a 14.1X55-D35, 14.2 anteriores a 14.2R6, 15.1 anteriores a 15.1F2 oO 15.1R1, 15.1X49 anteriores a 15.1X49-D20, donde la funcionalidad BGP add-path está habilitada con la opción 'send' o con las opciones 'enviar' y 'recibir', un atacante en la red puede causar que el demonio rpd de Junos OS se bloquee y se reinicie. Los repetidos bloqueos del demonio rpd pueden resultar en una condición extendida de denegación de servicio. • http://www.securityfocus.com/bid/95394 http://www.securitytracker.com/id/1037595 https://kb.juniper.net/JSA10771 •
CVE-2017-2301
https://notcve.org/view.php?id=CVE-2017-2301
On Juniper Networks products or platforms running Junos OS 11.4 prior to 11.4R13-S3, 12.1X46 prior to 12.1X46-D60, 12.3 prior to 12.3R12-S2 or 12.3R13, 12.3X48 prior to 12.3X48-D40, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D12 or 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R7, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D60, 15.1X53 prior to 15.1X53-D30 and DHCPv6 enabled, when a crafted DHCPv6 packet is received from a subscriber, jdhcpd daemon crashes and restarts. Repeated crashes of the jdhcpd process may constitute an extended denial of service condition for subscribers attempting to obtain IPv6 addresses. En los productos o plataformas Juniper Networks que ejecutan Junos OS versiones 11.4 anteriores a 11.4R13-S3, 12.1X46 anteriores a 12.1X46-D60, 12.3 anteriores a 12.3R12-S2 o 12.3R13, 12.3X48 anteriores a 12.3X48-D40, 13.2X51 anteriores a 13.2X51-D40, 13.3 anteriores a 13.3R10, 14.1 anteriores a 14.1R8, 14.1X53 anteriores a 14.1X53-D12 o 14.1X53-D35, 14.1X55 anteriores a 14.1X55-D35, 14.2 anteriores a 14.2R7, 15.1 anteriores a 15.1F6 o 15.1R3, 15.1X49 anteriores a 15.1X49-D60, 15.1X53 anteriores a 15.1X53-D30 y además tiene habilitado DHCPv6, cuando un paquete DHCPv6 especialmente diseñado es recibido desde un suscriptor, el demonio jdhcpd se bloquea y se reinicia. Los bloqueos repetidos del proceso jdhcpd pueden constituir una condición extendida de denegación de servicio para los suscriptores que intentan obtener direcciones IPv6. • http://www.securityfocus.com/bid/95396 http://www.securitytracker.com/id/1037596 https://kb.juniper.net/JSA10769 •