Juniper Networks Junos OS UDP Kernel Crash Vulnerability

# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/o:juniper:junos";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.106138");
  script_version("2023-07-20T05:05:17+0000");
  script_tag(name:"last_modification", value:"2023-07-20 05:05:17 +0000 (Thu, 20 Jul 2023)");
  script_tag(name:"creation_date", value:"2016-07-14 10:16:23 +0700 (Thu, 14 Jul 2016)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2017-09-01 01:29:00 +0000 (Fri, 01 Sep 2017)");

  script_tag(name:"qod_type", value:"package");

  script_tag(name:"solution_type", value:"VendorFix");

  script_cve_id("CVE-2016-1263");

  script_name("Juniper Networks Junos OS UDP Kernel Crash Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_family("JunOS Local Security Checks");
  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_dependencies("gb_juniper_junos_consolidation.nasl");
  script_mandatory_keys("juniper/junos/detected");

  script_tag(name:"summary", value:"Junos OS is prone to a kernel crash vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable OS build is present on the target host.");

  script_tag(name:"insight", value:"Receipt of a specifically crafted UDP packet destined to an interface
IP address of a Junos OS device with a 64-bit architecture may result in a kernel crash. This issue only
affects systems with a 64-bit architecture.  32-bit systems are unaffected by this vulnerability.

Only packets able to reach the RE through existing edge and control plane firewall filters, destined to the
device itself, can trigger this issue. Junos OS is not vulnerable to transit UDP traffic.");

  script_tag(name:"impact", value:"An attacker may cause a kernel crash which leads to a denial of service
condition.");

  script_tag(name:"affected", value:"Junos OS 12.1, 12.3, 13.3, 14.1, 14.2 and 15.1");

  script_tag(name:"solution", value:"New builds of Junos OS software are available from Juniper.");

  script_xref(name:"URL", value:"http://kb.juniper.net/JSA10758");

  exit(0);
}

include("host_details.inc");
include("revisions-lib.inc");
include("version_func.inc");

if (!version = get_app_version(cpe: CPE, nofork: TRUE))
  exit(0);

if (revcomp(a: version, b: "12.1X46-D45") < 0) {
  report = report_fixed_ver(installed_version: version, fixed_version: "12.1X46-D45");
  security_message(port: 0, data: report);
  exit(0);
}

if (version =~ "^12") {
  if ((revcomp(a: version, b: "12.1X46-D51") < 0) &&
      (revcomp(a: version, b: "12.1X46") >= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "12.1X46-D51");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "12.1X47-D35") < 0) &&
           (revcomp(a: version, b: "12.1X47") >= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "12.1X47-D35");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "12.3X48-D30") < 0) &&
           (revcomp(a: version, b: "12.3X48") >= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "12.3X48-D30");
    security_message(port: 0, data: report);
    exit(0);
  }
}

if (version =~ "^13") {
  if (revcomp(a: version, b: "13.3R9") < 0) {
    report = report_fixed_ver(installed_version: version, fixed_version: "13.3R9");
    security_message(port: 0, data: report);
    exit(0);
  }
}

if (version =~ "^14") {
  if (revcomp(a: version, b: "14.1R7") < 0) {
    report = report_fixed_ver(installed_version: version, fixed_version: "14.1R7");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "14.2R6") < 0) &&
           (revcomp(a: version, b: "14.2") >= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "14.2R6");
    security_message(port: 0, data: report);
    exit(0);
  }
}

if (version =~ "^15") {
  if (revcomp(a: version, b: "15.1F2") < 0) {
    report = report_fixed_ver(installed_version: version, fixed_version: "15.1F2");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "15.1R2") < 0) &&
           (revcomp(a: version, b: "15.1R0") >= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "15.1R2");
    security_message(port: 0, data: report);
    exit(0);
  }
  else if ((revcomp(a: version, b: "15.1X49-D40") < 0) &&
           (revcomp(a: version, b: "15.1X49") >= 0)) {
    report = report_fixed_ver(installed_version: version, fixed_version: "15.1X49-D40");
    security_message(port: 0, data: report);
    exit(0);
  }
}

exit(99);