Lucene search
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.JUNIPER_JSA10669.NASLHistoryJan 23, 2015 - 12:00 a.m.
Juniper Junos libxml2 Library Multiple Vulnerabilities (JSA10669)
2015-01-2300:00:00
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
www.tenable.com
26
According to its self-reported version number, the remote Junos device is affected by multiple vulnerabilities in the libxml2 library :
-
A heap-based buffer overflow vulnerability exists which can result in arbitrary code execution. (CVE-2011-1944)
-
A denial of service vulnerability exists which can result in excessive CPU consumption. (CVE-2012-0841)
-
A heap-based buffer overflow vulnerability exists in the ‘xmlParseAttValueComplex’ function which can result in arbitrary code execution. (CVE-2012-5134)
-
A denial of service vulnerability exists due to excessive CPU and memory consumption in the processing of XML files containing entity declarations with long replacement text (also known as ‘internal entity expansion with linear complexity’). (CVE-2013-0338)
-
A denial of service vulnerability exists related to the XML_PARSER_EOF state checking. (CVE-2013-2877)
These vulnerabilities can be exploited by a remote attacker via a specially crafted XML file.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(80957);
script_version("1.9");
script_cvs_date("Date: 2018/07/12 19:01:16");
script_cve_id(
"CVE-2011-1944",
"CVE-2012-0841",
"CVE-2012-5134",
"CVE-2013-0338",
"CVE-2013-2877"
);
script_bugtraq_id(48056, 52107, 56684, 58180, 61050);
script_name(english:"Juniper Junos libxml2 Library Multiple Vulnerabilities (JSA10669)");
script_summary(english:"Checks the Junos version.");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote Junos device
is affected by multiple vulnerabilities in the libxml2 library :
- A heap-based buffer overflow vulnerability exists which
can result in arbitrary code execution. (CVE-2011-1944)
- A denial of service vulnerability exists which can
result in excessive CPU consumption. (CVE-2012-0841)
- A heap-based buffer overflow vulnerability exists in
the 'xmlParseAttValueComplex' function which can result
in arbitrary code execution. (CVE-2012-5134)
- A denial of service vulnerability exists due to
excessive CPU and memory consumption in the processing
of XML files containing entity declarations with long
replacement text (also known as 'internal entity
expansion with linear complexity'). (CVE-2013-0338)
- A denial of service vulnerability exists related to the
XML_PARSER_EOF state checking. (CVE-2013-2877)
These vulnerabilities can be exploited by a remote attacker via a
specially crafted XML file.");
script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10669");
script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos upgrade referenced in Juniper advisory
JSA10669.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/23");
script_set_attribute(attribute:"patch_publication_date", value:"2015/01/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/23");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Junos Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
script_dependencies("junos_version.nasl");
script_require_keys("Host/Juniper/JUNOS/Version");
exit(0);
}
include("junos.inc");
include("misc_func.inc");
ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
fixes = make_array();
fixes['11.4'] = '11.4R13';
fixes['12.1X44'] = '12.1X44-D35';
fixes['12.1X45'] = '12.1X45-D30';
fixes['12.1X46'] = '12.1X46-D25';
fixes['12.1X47'] = '12.1X47-D10';
fixes['12.2'] = '12.2R9';
fixes['12.3'] = '12.3R7';
fixes['13.1'] = '13.1R4-S2';
fixes['13.3'] = '13.3R3';
fixes['14.1'] = '14.1R2';
fixes['14.2'] = '14.2R1';
fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);
# This isn't necessary, but is included in the advisory
if (fix == "12.1X44-D35")
fix = "12.1X44-D35 or 12.1X44-D40";
if (report_verbosity > 0)
{
report = get_report(ver:ver, fix:fix);
security_hole(port:0, extra:report);
}
else security_hole(0);
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1944
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877
kb.juniper.net/InfoCenter/index?page=content&id=JSA10669
Related
openvas
openvas
Juniper Networks Junos OS Multiple xml2 Vulnerabilities
2015-01-23 00:00:00
Oracle: Security Advisory (ELSA-2013-0581)
2015-10-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1625-1)
2021-06-09 00:00:00
oraclelinux
oraclelinux
libxml2 security update
2013-02-28 00:00:00
libxml2 security update
2012-11-29 00:00:00
libxml2 security update
2012-02-21 00:00:00
suse
suse
Security update for libxml2 (important)
2013-11-04 18:04:12
Security update for libxml2 (important)
2013-11-04 17:04:12
libxml2: fixed buffer overflow during decoding entities (important)
2012-12-17 12:08:33
nessus
nessus
SUSE SLES10 Security Update : libxml2 (SUSE-SU-2013:1627-1)
2015-05-20 00:00:00
GLSA-201311-06 : libxml2: Multiple vulnerabilities
2013-11-11 00:00:00
Mandriva Linux Security Advisory : libxml2 (MDVSA-2013:198)
2013-07-25 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2013-11-10 00:00:00
libxml2: Denial of service
2012-03-06 00:00:00
cve
cve
prion
prion
Design/Logic Flaw
2015-01-21 18:59:00
Design/Logic Flaw
2013-04-25 23:55:00
Integer overflow
2011-09-02 16:55:00
ubuntucve
ubuntucve
ubuntu
ubuntu
libxml2 vulnerability
2013-03-28 00:00:00
libxml2 vulnerability
2011-06-16 00:00:00
Libxml2 vulnerability
2012-12-06 00:00:00
amazon
amazon
Medium: libxml2
2013-05-13 10:28:00
Important: libxml2
2012-12-06 21:22:00
Low: libxml2
2014-05-21 10:29:00
centos
centos
libxml2 security update
2013-03-01 00:45:13
libxml2 security update
2012-11-29 20:24:03
libxml2 security update
2012-02-22 14:26:48
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:01:56
Denial Of Service (DoS)
2019-01-15 08:58:46
Remote Code Execution (RCE)
2019-01-15 08:50:59
debian
debian
[SECURITY] [DSA 2779-1] libxml2 security update
2013-10-13 21:02:25
[SECURITY] [DSA 2580-1] libxml security update
2012-12-02 20:54:41
[SECURITY] [DSA 2417-1] libxml2 security update
2012-02-22 23:05:51
securityvulns
securityvulns
[ MDVSA-2013:017 ] libxml2
2013-03-11 00:00:00
libxml2 buffer overflow
2012-12-06 00:00:00
libxml2 DoS
2013-07-15 00:00:00
vmware
vmware
VMware ESXi and ESX security update for third party library
2013-03-28 00:00:00
VMware ESXi and ESX security update for third party library
2013-03-28 00:00:00
debiancve
debiancve
mageia
mageia
Updated libxml2 packages fix CVE-2013-2877
2013-07-21 12:41:56
redhat
redhat
(RHSA-2012:1512) Important: libxml2 security update
2012-11-29 00:00:00
(RHSA-2012:0324) Moderate: libxml2 security update
2012-02-21 00:00:00
(RHSA-2013:0581) Moderate: libxml2 security update
2013-02-28 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: libxml-1.8.17-27.fc15
2011-07-02 19:29:06
[SECURITY] Fedora 14 Update: libxml-1.8.17-27.fc14
2011-07-02 19:27:30
freebsd
freebsd
libxml2 -- lack of end-of-document check DoS
2013-04-11 00:00:00
libxml -- Integer overflow
2011-09-02 00:00:00
osv
osv
libxml2 - buffer overflow
2012-12-02 00:00:00
slackware
slackware
[slackware-security] libxml2
2012-12-07 03:51:19
Related for JUNIPER_JSA10669.NASL