Lucene search

K
openvasThis script is Copyright (C) 2014 Greenbone Networks GmbHOPENVAS:1361412562310105928
HistoryNov 20, 2014 - 12:00 a.m.

Junos RADIUS Uninteded Authentication Vulnerability

2014-11-2000:00:00
This script is Copyright (C) 2014 Greenbone Networks GmbH
plugins.openvas.org
7

0.007 Low

EPSS

Percentile

78.8%

JunOS is prone to a security bypass vulnerability

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_junos_cve-2014-6379.nasl 12095 2018-10-25 12:00:24Z cfischer $
#
# Junos RADIUS Uninteded Authentication Vulnerability
#
# Authors:
# Christian Kuersteiner <[email protected]>
#
# Copyright:
# Copyright (c) 2014 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = 'cpe:/o:juniper:junos';

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.105928");
  script_cve_id("CVE-2014-6379");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_version("$Revision: 12095 $");

  script_tag(name:"qod_type", value:"package");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Junos RADIUS Uninteded Authentication Vulnerability");

  script_xref(name:"URL", value:"http://kb.juniper.net/JSA10654");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/70365");

  script_tag(name:"summary", value:"JunOS is prone to a security bypass vulnerability");

  script_tag(name:"impact", value:"The vulnerability can cause authentication requests
to be sent to the RADIUS authentication server which may allow for unintended successful
authentication.");

  script_tag(name:"insight", value:"When a RADIUS authentication server is configured under
[system radius-server], an entry is created in /var/etc/pam_radius.conf. An issue was discovered
where RADIUS accounting servers configured under [system accounting destination radius] are also
propagated to pam_radius.conf.
If the same RADIUS server is used for both authentication and accounting - a common configuration -
the issue is less severe since RADIUS authentication is sent to the intended server despite the
duplicate entries. However, if the RADIUS authentication server is later removed from the configuration,
the duplicate entry created by configuration of the RADIUS accounting server will remain in pam_radius.conf,
also leading to possible unintended authentication success.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable OS build is present on the target host.");
  script_tag(name:"solution", value:"New builds of Junos OS software are available from Juniper.");
  script_tag(name:"affected", value:"Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2 and 13.3");

  script_tag(name:"last_modification", value:"$Date: 2018-10-25 14:00:24 +0200 (Thu, 25 Oct 2018) $");
  script_tag(name:"creation_date", value:"2014-11-20 11:16:44 +0700 (Thu, 20 Nov 2014)");
  script_category(ACT_GATHER_INFO);
  script_family("JunOS Local Security Checks");
  script_copyright("This script is Copyright (C) 2014 Greenbone Networks GmbH");
  script_dependencies("gb_ssh_junos_get_version.nasl", "gb_junos_snmp_version.nasl");
  script_mandatory_keys("Junos/Version");

  exit(0);
}

include("host_details.inc");
include("revisions-lib.inc");

if (!version = get_app_version(cpe: CPE, nofork: TRUE))
  exit(0);

if (revcomp(a:version, b:"11.4R12") < 0) {
  security_message(port:0, data:version);
  exit(0);
}

if (version =~ "^12") {
  if (revcomp(a:version, b:"12.1R10") < 0) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"12.1X44-D35") < 0) &&
           (revcomp(a:version, b:"12.1X44") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"12.1X45-D25") < 0) &&
           (revcomp(a:version, b:"12.1X45") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"12.1X46-D20") < 0) &&
           (revcomp(a:version, b:"12.1X46") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"12.1X47-D10") < 0) &&
           (revcomp(a:version, b:"12.1X47") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"12.2R8") < 0) &&
           (revcomp(a:version, b:"12.2") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"12.2X50-D70") < 0) &&
           (revcomp(a:version, b:"12.2X50") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"12.3R6") < 0) &&
           (revcomp(a:version, b:"12.3") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
}

if (version =~ "^13") {
  if (revcomp(a:version, b:"13.1R4-S3") < 0) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"13.1X49-D55") < 0) &&
           (revcomp(a:version, b:"13.1X49") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"13.1X50-D30") < 0) &&
           (revcomp(a:version, b:"13.1X50") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"13.2R4") < 0) &&
           (revcomp(a:version, b:"13.2") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"13.2X50-D20") < 0) &&
           (revcomp(a:version, b:"13.2X50") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"13.2X51-D26") < 0) &&
           (revcomp(a:version, b:"13.2X51") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"13.2X52-D15") < 0) &&
           (revcomp(a:version, b:"13.2X52") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"13.3R2") < 0) &&
           (revcomp(a:version, b:"13.3") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
}

exit(99);

0.007 Low

EPSS

Percentile

78.8%

Related for OPENVAS:1361412562310105928