9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.046 Low
EPSS
Percentile
92.6%
According to its self-reported version number, the remote Junos device is affected by multiple vulnerabilities in the libxml2 library :
A heap-based buffer overflow vulnerability exists which can result in arbitrary code execution. (CVE-2011-1944)
A denial of service vulnerability exists which can result in excessive CPU consumption. (CVE-2012-0841)
A heap-based buffer overflow vulnerability exists in the ‘xmlParseAttValueComplex’ function which can result in arbitrary code execution. (CVE-2012-5134)
A denial of service vulnerability exists due to excessive CPU and memory consumption in the processing of XML files containing entity declarations with long replacement text (also known as ‘internal entity expansion with linear complexity’). (CVE-2013-0338)
A denial of service vulnerability exists related to the XML_PARSER_EOF state checking. (CVE-2013-2877)
These vulnerabilities can be exploited by a remote attacker via a specially crafted XML file.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(80957);
script_version("1.9");
script_cvs_date("Date: 2018/07/12 19:01:16");
script_cve_id(
"CVE-2011-1944",
"CVE-2012-0841",
"CVE-2012-5134",
"CVE-2013-0338",
"CVE-2013-2877"
);
script_bugtraq_id(48056, 52107, 56684, 58180, 61050);
script_name(english:"Juniper Junos libxml2 Library Multiple Vulnerabilities (JSA10669)");
script_summary(english:"Checks the Junos version.");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote Junos device
is affected by multiple vulnerabilities in the libxml2 library :
- A heap-based buffer overflow vulnerability exists which
can result in arbitrary code execution. (CVE-2011-1944)
- A denial of service vulnerability exists which can
result in excessive CPU consumption. (CVE-2012-0841)
- A heap-based buffer overflow vulnerability exists in
the 'xmlParseAttValueComplex' function which can result
in arbitrary code execution. (CVE-2012-5134)
- A denial of service vulnerability exists due to
excessive CPU and memory consumption in the processing
of XML files containing entity declarations with long
replacement text (also known as 'internal entity
expansion with linear complexity'). (CVE-2013-0338)
- A denial of service vulnerability exists related to the
XML_PARSER_EOF state checking. (CVE-2013-2877)
These vulnerabilities can be exploited by a remote attacker via a
specially crafted XML file.");
script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10669");
script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos upgrade referenced in Juniper advisory
JSA10669.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/23");
script_set_attribute(attribute:"patch_publication_date", value:"2015/01/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/23");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Junos Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
script_dependencies("junos_version.nasl");
script_require_keys("Host/Juniper/JUNOS/Version");
exit(0);
}
include("junos.inc");
include("misc_func.inc");
ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
fixes = make_array();
fixes['11.4'] = '11.4R13';
fixes['12.1X44'] = '12.1X44-D35';
fixes['12.1X45'] = '12.1X45-D30';
fixes['12.1X46'] = '12.1X46-D25';
fixes['12.1X47'] = '12.1X47-D10';
fixes['12.2'] = '12.2R9';
fixes['12.3'] = '12.3R7';
fixes['13.1'] = '13.1R4-S2';
fixes['13.3'] = '13.3R3';
fixes['14.1'] = '14.1R2';
fixes['14.2'] = '14.2R1';
fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);
# This isn't necessary, but is included in the advisory
if (fix == "12.1X44-D35")
fix = "12.1X44-D35 or 12.1X44-D40";
if (report_verbosity > 0)
{
report = get_report(ver:ver, fix:fix);
security_hole(port:0, extra:report);
}
else security_hole(0);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1944
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877
kb.juniper.net/InfoCenter/index?page=content&id=JSA10669