Juniper Junos Space < 15.1R1 Multiple Vulnerabilities (JSA10698)

critical Nessus Plugin ID 91778

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R1. It is, therefore, affected by multiple vulnerabilities :

- An error exists within the Apache 'mod_session_dbd' module, related to save operations for a session, due to a failure to consider the dirty flag and to require a new session ID. An unauthenticated, remote attacker can exploit this to have an unspecified impact.
(CVE-2013-2249)

- An unspecified flaw exists in the MySQL Server component related to error handling that allows a remote attacker to cause a denial of service condition. (CVE-2013-5908)

- A flaw exists within the Apache 'mod_dav' module that is caused when tracking the length of CDATA that has leading white space. An unauthenticated, remote attacker can exploit this, via a specially crafted DAV WRITE request, to cause the service to stop responding.
(CVE-2013-6438)

- A flaw exists within the Apache 'mod_log_config' module that is caused when logging a cookie that has an unassigned value. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause the service to crash. (CVE-2014-0098)

- A flaw exists, related to pixel manipulation, in the 2D component in the Oracle Java runtime that allows an unauthenticated, remote attacker to impact availability, confidentiality, and integrity. (CVE-2014-0429)

- A flaw exists, related to PKCS#1 unpadding, in the Security component in the Oracle Java runtime that allows an unauthenticated, remote attacker to gain knowledge of timing information, which is intended to be protected by encryption. (CVE-2014-0453)

- A race condition exists, related to array copying, in the Hotspot component in the Oracle Java runtime that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2014-0456)

- A flaw exists in the JNDI component in the Oracle Java runtime due to missing randomization of query IDs. An unauthenticated, remote attacker can exploit this to conduct spoofing attacks. (CVE-2014-0460)

- A flaw exists in the Mozilla Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates.
(CVE-2014-1568)

- An unspecified flaw exists in the MySQL Server component related to the CLIENT:SSL:yaSSL subcomponent that allows a remote attacker to impact integrity. (CVE-2014-6478)

- Multiple unspecified flaws exist in the MySQL Server component related to the SERVER:SSL:yaSSL subcomponent that allow a remote attacker to impact confidentiality, integrity, and availability. (CVE-2014-6491, CVE-2014-6500)

- Multiple unspecified flaws exist in the MySQL Server component related to the CLIENT:SSL:yaSSL subcomponent that allow a remote attacker to cause a denial of service condition. (CVE-2014-6494, CVE-2014-6495, CVE-2014-6496)

- An unspecified flaw exists in the MySQL Server component related to the C API SSL Certificate Handling subcomponent that allows a remote attacker to disclose potentially sensitive information. (CVE-2014-6559)

- An unspecified flaw exists in the MySQL Server component related to the Server:Compiling subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-0501)

- An XML external entity (XXE) injection vulnerability exists in OpenNMS due to the Castor component accepting XML external entities from exception messages. An unauthenticated, remote attacker can exploit this, via specially crafted XML data in a RTC post, to access local files. (CVE-2015-0975)

- An unspecified flaw exists in the MySQL Server component related to the Server:Security:Privileges subcomponent that allows a remote attacker to disclose potentially sensitive information. (CVE-2015-2620)

- A heap buffer overflow condition exists in QEMU in the pcnet_transmit() function within file hw/net/pcnet.c due to improper validation of user-supplied input when handling multi-TMD packets with a length above 4096 bytes. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to gain elevated privileges from guest to host. (CVE-2015-3209)

- Multiple cross-site scripting (XSS), SQL injection, and command injection vulnerabilities exist in Junos Space that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2015-7753)

Solution

Upgrade to Junos Space version 15.1R1 or later.

See Also

http://www.nessus.org/u?22595a74

Plugin Details

Severity: Critical

ID: 91778

File Name: juniper_space_jsa10698.nasl

Version: 1.4

Type: local

Published: 6/23/2016

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:juniper:junos_space

Required KB Items: Host/Junos_Space/version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/14/2015

Vulnerability Publication Date: 7/19/2013

Reference Information

CVE: CVE-2013-2249, CVE-2013-5908, CVE-2013-6438, CVE-2014-0098, CVE-2014-0429, CVE-2014-0453, CVE-2014-0456, CVE-2014-0460, CVE-2014-1568, CVE-2014-6478, CVE-2014-6491, CVE-2014-6494, CVE-2014-6495, CVE-2014-6496, CVE-2014-6500, CVE-2014-6559, CVE-2015-0501, CVE-2015-0975, CVE-2015-2620, CVE-2015-3209, CVE-2015-7753

BID: 75837, 61379, 64896, 66303, 66856, 66877, 66914, 66916, 70116, 70444, 70469, 70478, 70487, 70489, 70496, 70497, 74070, 75123

JSA: JSA10698