Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.JUNIPER_SPACE_JSA10917_184R1.NASL
HistoryJan 10, 2019 - 12:00 a.m.

Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)

2019-01-1000:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
84
JSON

According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities :

  • An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126)

  • A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897)

  • An integer overflow flaw was found in the Linux kernel’s create_elf_tables() function. An unprivileged local user with access to SUID binary could use this flaw to escalate their privileges on the system.
    (CVE-2018-14634)

Additionally, Junos Space is affected by several other vulnerabilities exist as noted in the vendor advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(121068);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/24");

  script_cve_id(
    "CVE-2017-0861",
    "CVE-2017-2619",
    "CVE-2017-3136",
    "CVE-2017-3137",
    "CVE-2017-3142",
    "CVE-2017-3143",
    "CVE-2017-3145",
    "CVE-2017-15265",
    "CVE-2017-1000364",
    "CVE-2017-1000366",
    "CVE-2017-1000379",
    "CVE-2018-1050",
    "CVE-2018-1064",
    "CVE-2018-1124",
    "CVE-2018-1126",
    "CVE-2018-3620",
    "CVE-2018-3693",
    "CVE-2018-5390",
    "CVE-2018-5391",
    "CVE-2018-5740",
    "CVE-2018-5748",
    "CVE-2018-7566",
    "CVE-2018-10301",
    "CVE-2018-10897",
    "CVE-2018-10901",
    "CVE-2018-10911",
    "CVE-2018-12020",
    "CVE-2018-12384",
    "CVE-2018-14634",
    "CVE-2018-1000004"
  );

  script_name(english:"Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote Junos Space
version is 18.4.x prior to 18.4R1. It is, therefore, affected by
multiple vulnerabilities : 

  - An integer overflow issue exists in procps-ng. This is
    related to CVE-2018-1124. (CVE-2018-1126)

  - A directory traversal issue exits in reposync, a part
    of yum-utils.tory configuration files. If an attacker
    controls a repository, they may be able to copy files
    outside of the destination directory on the targeted
    system via path traversal. (CVE-2018-10897)

  - An integer overflow flaw was found in the Linux 
    kernel's create_elf_tables() function. An unprivileged
    local user with access to SUID binary could use this
    flaw to escalate their privileges on the system.
    (CVE-2018-14634)

Additionally, Junos Space is affected by several other
vulnerabilities exist as noted in the vendor advisory.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10917");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Junos Space 18.4R1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10897");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-1126");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Solaris RSH Stack Clash Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/01/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:juniper:junos_space");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/Junos_Space/version");

  exit(0);
}

include("junos.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit('Host/Junos_Space/version');

# since 18.3R1 was released in the same advisory, we are just
# checking 18.4.x here
check_junos_space(ver:ver, min:'18.4', fix:'18.4R1', severity:SECURITY_HOLE);
VendorProductVersionCPE
juniperjunos_spacecpe:/a:juniper:junos_space

References

Related

oraclelinux 9
redhat 23
nessus 82
centos 10
ibm 9
virtuozzo 3
openvas 25
exploitpack 1
ubuntu 5
cloudfoundry 1
lenovo 2
redhatcve 3
osv 3
ubuntucve 2
prion 2
veracode 1
debian 2
debiancve 2
cve 1
fedora 4
checkpoint_security 1
ics 1
suse 2
avleonov 1
f5 1
amazon 2
slackware 1
oraclelinux
oraclelinux
kernel security and bug fix update
2018-08-14 00:00:00
kernel security and bug fix update
2018-10-09 00:00:00
kernel security and bug fix update
2018-09-26 00:00:00
redhat
redhat
(RHSA-2018:2390) Important: kernel security and bug fix update
2018-08-14 17:07:28
(RHSA-2017:1490) Important: kernel security update
2017-06-19 15:05:26
(RHSA-2017:1487) Important: kernel security update
2017-06-19 15:03:58
nessus
nessus
Oracle Linux 6 : kernel (ELSA-2018-2390)
2018-08-15 00:00:00
CentOS 6 : kernel (CESA-2018:2390) (Foreshadow)
2018-08-15 00:00:00
OracleVM 3.3 / 3.4 : bind (OVMSA-2018-0252)
2018-08-29 00:00:00
centos
centos
kernel, perf, python security update
2018-08-15 01:59:55
kernel, perf, python security update
2017-06-20 08:37:49
kernel, perf, python security update
2017-06-20 15:31:20
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by Red Hat kernel vulnerabilities
2019-03-06 20:05:02
Security Bulletin: Vulnerabilities in BIND affect Power Hardware Management Console
2021-09-23 01:45:02
Security Bulletin: Vulnerabilities in libvirt affect PowerKVM
2018-07-06 23:39:30
virtuozzo
virtuozzo
Important kernel security update: CVE-2018-3620 and other issues; new kernel 2.6.32-042stab133.1; Virtuozzo 6.0 Update 12 Hotfix 30 (6.0.12-3713)
2018-08-20 00:00:00
Important kernel security update: CVE-2018-3620 and other issues; new kernel 2.6.32-042stab133.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2018-08-20 00:00:00
Important kernel security update: CVE-2018-3620 and other issues; new kernel 3.10.0-862.11.6.vz7.64.7; Virtuozzo 7.0 Update 8 Hotfix 1 (7.0.8-507)
2018-08-30 00:00:00
openvas
openvas
CentOS Update for kernel CESA-2018:2390 centos6
2018-08-15 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1278)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1279)
2020-01-23 00:00:00
exploitpack
exploitpack
Linux Kernel (Debian 7.78.59.0 Ubuntu 14.04.216.04.217.04 Fedora 2225 CentOS 7.3.1611) - ldso_hwcap_64 Stack Clash Local Privilege Escalation
2017-06-28 00:00:00
ubuntu
ubuntu
Linux kernel regressions
2018-08-17 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2018-08-14 00:00:00
Linux kernel vulnerabilities
2018-08-14 00:00:00
cloudfoundry
cloudfoundry
USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-08-17 00:00:00
lenovo
lenovo
Lenovo StorSelect DX8200C glibc, Linux Kernel and Cloudian Management Console Vulnerabilities - Lenovo Support US
2017-10-26 00:00:00
Lenovo StorSelect DX8200C glibc, Linux Kernel and Cloudian Management Console Vulnerabilities - us
2017-10-26 00:00:00
redhatcve
redhatcve
CVE-2017-1000366
2017-06-19 15:18:36
CVE-2018-1064
2019-10-08 22:28:17
CVE-2018-1126
2019-10-05 13:49:59
osv
osv
libvirt - security update
2018-03-24 00:00:00
bind9 - security update
2017-07-13 00:00:00
bind9 - security update
2017-07-08 00:00:00
ubuntucve
ubuntucve
CVE-2018-1064
2018-03-28 00:00:00
CVE-2018-1126
2018-05-17 00:00:00
prion
prion
Code injection
2018-03-28 18:29:00
Integer overflow
2018-05-23 13:29:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:23:06
debian
debian
[SECURITY] [DLA 1315-1] libvirt security update
2018-03-24 16:24:47
[SECURITY] [DSA 3904-1] bind9 security update
2017-07-08 12:56:02
debiancve
debiancve
CVE-2018-1064
2018-03-28 18:29:00
CVE-2018-1126
2018-05-23 13:29:00
cve
cve
CVE-2018-1064
2018-03-28 18:29:00
fedora
fedora
[SECURITY] Fedora 27 Update: procps-ng-3.3.10-16.fc27
2018-05-24 14:27:09
[SECURITY] Fedora 24 Update: bind99-9.9.10-2.P3.fc24
2017-07-27 19:51:32
[SECURITY] Fedora 28 Update: procps-ng-3.3.12-2.fc28
2018-05-22 15:09:03
checkpoint_security
checkpoint_security
Check Point response to SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391)
2018-08-15 04:43:24
ics
ics
Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (Update B)
2020-09-08 12:00:00
suse
suse
Security update for bind (important)
2017-07-07 00:14:32
Security update for bind (important)
2017-06-30 03:10:50
avleonov
avleonov
Adding third party nasl plugins to OpenVAS
2017-06-30 16:46:24
f5
f5
K83271321 : procps-ng vulnerability CVE-2018-1126
2020-12-28 00:00:00
amazon
amazon
Important: procps-ng
2018-06-07 23:26:00
Important: bind
2017-04-27 00:07:00
slackware
slackware
[slackware-security] bind
2017-06-29 21:34:39
JSON
Related for JUNIPER_SPACE_JSA10917_184R1.NASL
oraclelinux9redhat23nessus82centos10ibm9virtuozzo3openvas25exploitpack1ubuntu5cloudfoundry1lenovo2redhatcve3osv3ubuntucve2prion2veracode1debian2debiancve2cve1fedora4checkpoint_security1ics1suse2avleonov1f51amazon2slackware1