Juniper Networks Junos OS SRX Series: DoS Vulnerability in flowd

# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/o:juniper:junos";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.106505");
  script_version("2023-07-14T16:09:27+0000");
  script_tag(name:"last_modification", value:"2023-07-14 16:09:27 +0000 (Fri, 14 Jul 2023)");
  script_tag(name:"creation_date", value:"2017-01-12 09:12:17 +0700 (Thu, 12 Jan 2017)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-10-03 00:03:00 +0000 (Thu, 03 Oct 2019)");

  script_tag(name:"qod_type", value:"package");

  script_tag(name:"solution_type", value:"VendorFix");

  script_cve_id("CVE-2017-2300");

  script_name("Juniper Networks Junos OS SRX Series: DoS Vulnerability in flowd");

  script_category(ACT_GATHER_INFO);

  script_family("JunOS Local Security Checks");
  script_copyright("Copyright (C) 2017 Greenbone AG");
  script_dependencies("gb_juniper_junos_consolidation.nasl");
  script_mandatory_keys("juniper/junos/detected", "juniper/junos/model");

  script_tag(name:"summary", value:"Junos OS on SRX series is prone to a denial of service vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable OS build is present on the target host.");

  script_tag(name:"insight", value:"The flowd daemon on the primary node of an SRX Series chassis cluster may
crash and restart when attempting to synchronize a multicast session created via crafted multicast packets. Upon
the flowd crash, data plane redundancy groups will fail over to the secondary node in the chassis cluster while
flowd on the primary node restarts.

This issue only occurs in chassis cluster configurations, and only if PIM is enabled on the services gateway.");

  script_tag(name:"impact", value:"An attacker may cause a denial of service condition.");

  script_tag(name:"affected", value:"Junos OS 12.1X46, 12.3X48 and 15.1X49 on SRX Series.");

  script_tag(name:"solution", value:"New builds of Junos OS software are available from Juniper. As a workaround
disable transit multicast traffic by disabling PIM and isolate or disable the secondary node of the chassis
cluster until the fix is implemented.");

  script_xref(name:"URL", value:"http://kb.juniper.net/JSA10768");

  exit(0);
}

include("host_details.inc");
include("revisions-lib.inc");
include("version_func.inc");

model = get_kb_item("juniper/junos/model");
if (!model || (model !~ '^SRX'))
  exit(99);

if (!version = get_app_version(cpe: CPE, nofork: TRUE))
  exit(0);

if ((revcomp(a: version, b: "12.1X46-D65") < 0) &&
    (revcomp(a: version, b: "12.1X46") >= 0)) {
  report = report_fixed_ver(installed_version: version, fixed_version: "12.1X46-D65");
  security_message(port: 0, data: report);
  exit(0);
}

if ((revcomp(a: version, b: "12.3X48-D40") < 0) &&
    (revcomp(a: version, b: "12.3X48") >= 0)) {
  report = report_fixed_ver(installed_version: version, fixed_version: "12.3X48-D40");
  security_message(port: 0, data: report);
  exit(0);
}

exit(99);