Juniper Networks Junos OS SRX RTSP DoS Vulnerability

# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/o:juniper:junos";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.106062");
  script_version("2023-07-20T05:05:17+0000");
  script_tag(name:"last_modification", value:"2023-07-20 05:05:17 +0000 (Thu, 20 Jul 2023)");
  script_tag(name:"creation_date", value:"2016-01-18 09:17:30 +0700 (Mon, 18 Jan 2016)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2016-12-03 03:20:00 +0000 (Sat, 03 Dec 2016)");

  script_tag(name:"qod_type", value:"package");

  script_tag(name:"solution_type", value:"VendorFix");

  script_cve_id("CVE-2016-1262");

  script_name("Juniper Networks Junos OS SRX RTSP DoS Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_family("JunOS Local Security Checks");
  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_dependencies("gb_juniper_junos_consolidation.nasl");
  script_mandatory_keys("juniper/junos/detected", "juniper/junos/model");

  script_tag(name:"summary", value:"Junos OS on SRX Series is prone to a Denial of Service vulnerability
in flowd.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable OS build is present on the target host.");

  script_tag(name:"insight", value:"On all SRX-Series devices, when the RTSP ALG is enabled, a certain
crafted RTSP packet might cause the flowd process to crash, halting or interrupting traffic from flowing
through the device. RTSP ALG is enabled by default on branch SRX platforms and disabled by default on
high-end SRX platforms.");

  script_tag(name:"impact", value:"A network based attacker can cause a denial of service condition.");

  script_tag(name:"affected", value:"Junos OS 12.1, 12.3 and 15.1");

  script_tag(name:"solution", value:"New builds of Junos OS software are available from Juniper. As
a workaround disable RTSP ALG services.");

  script_xref(name:"URL", value:"http://kb.juniper.net/JSA10721");

  exit(0);
}

include("host_details.inc");
include("revisions-lib.inc");

model =  get_kb_item("juniper/junos/model");
if (!model || model !~ '^SRX')
  exit(99);

if (!version = get_app_version(cpe: CPE, nofork: TRUE))
  exit(0);

if ((revcomp(a: version, b: "12.1X46-D45") < 0) &&
    (revcomp(a: version, b: "12.1X46") >= 0)) {
    security_message(port: 0, data: version);
    exit(0);
}
else if ((revcomp(a: version, b: "12.1X47-D30") < 0) &&
         (revcomp(a: version, b: "12.1X47") >= 0)) {
  security_message(port: 0, data: version);
  exit(0);
}
else if ((revcomp(a: version, b: "12.3X48-D20") < 0) &&
         (revcomp(a: version, b: "12.3") >= 0)) {
  security_message(port: 0, data: version);
  exit(0);
}
else if ((revcomp(a: version, b: "15.1X49-D30") < 0) &&
         (revcomp(a: version, b: "15.1X49") >= 0)) {
  security_message(port: 0, data: version);
  exit(0);
}

exit(99);