Juniper Networks' bug-hunters have bagged a big haul and shown them off with this month's patch collection.
Top of the Gin Palace's priority list is a fix for the critical-rated CVE-2018-0016.
This bug affects devices running Connectionless Network Protocol (CLNP) routing on Junos OS 15.1: a crafted packet can “result in a kernel crash or lead to remote code execution”. If you can't patch, you can apply firewall rules or access lists so CLNP packets are only accepted from trusted hosts.
The company's SRX firewalls have a Network Address Translation (NAT) bug, CVE-2018-0017; a crafted IPv6 packet can hose the device.
SRX devices are vulnerable if they're running versions in the 12.3x46, 12.3x48 or 15.1x49 series of Junos OS.
CVE-2018-0018 is serious, since it creates a firewall bypass vulnerability, but the attacker would need lottery-like luck to exploit it.
Juniper sharpens knife for the carrier network and boxes white boxesREAD MORE
“During compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by the SRX Series device”, the advisory states.
In CVE-2018-0019, Juniper disclosed a bug in the SNMP MIB-II subagent daemon. An attacker can block device monitoring and management by crashing the daemon, but switching, routing and firewall functions will continue.
Routers running Junos OS 13.2R1 and later need to be patched against CVE-2018-0020, a denial-of-service bug caused by an attacker sending malformed BPG-UPDATE messages.
CVE-2018-0021 ensures Junos OS versions from 14.1 through to 17.1 are patched against the risk that short Media Access Control Security keys could yield up passwords.
There is also an mbuf leak (this is the memory buffer kernel service storing network packets and socket buffers) in various Junos OS versions from 12.1x46 through to 17.2 if the device is running VPLS (Virtual Private LAN Services); and the Python implementation of the company's snapshot administrator, JSNAPy, is patched because its config and sample files were world-writable.
Today's announcements also included patches against various historical vulnerabilities:
- CVE-2015-2080 – Juniper Steel Belted Radius Carrier devices' Web UI was vulnerable to a now-patched bug in the Eclipse Jetty package;
- The NorthStar Controller included a version of Erlang that's vulnerable to ROBOT – the Return of Bleichenbacher's Oracle Threat;
- This advisory implements the OpenSSL fixes disclosed in December 2017;
- Here, Juniper patches stunnel (TLS/SSL tunnelling) bugs from 2008 and 2014;
- Various CentOS patches dating back as far as 2010 are here;
Come to think of it, make that two gins … ®
Sponsored: Webcast: Ransomware has gone nuclear