Juniper Networks Junos OS Bind Denial of Service Vulnerability

2015-05-2800:00:00

plugins.openvas.org

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.7 High

AI Score

Confidence

High

0.877 High

EPSS

Percentile

98.7%

JSON

Denial of Service vulnerability in Junos ISC Bind version.

# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/o:juniper:junos";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.105996");
  script_cve_id("CVE-2014-8500");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_version("2023-07-25T05:05:58+0000");

  script_tag(name:"qod_type", value:"package");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Juniper Networks Junos OS Bind Denial of Service Vulnerability");

  script_xref(name:"URL", value:"http://kb.juniper.net/JSA10676");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71590");

  script_tag(name:"summary", value:"Denial of Service vulnerability in Junos ISC Bind version.");

  script_tag(name:"impact", value:"An network based attacker can cause a denial of service condition
on SRX devices.");

  script_tag(name:"insight", value:"ISC BIND software included with Junos for SRX series devices
is affected by CVE-2014-8500. This issue only affects SRX devices where 'set system services dns dns-proxy'
has been configured. This is not enabled by default on SRX devices. This issue does not affect other
Junos OS based devices as they do not have BIND DNS server feature.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable OS build is present on the target host.");
  script_tag(name:"solution", value:"New builds of Junos OS software are available from Juniper.");
  script_tag(name:"affected", value:"Junos OS 12.1X44, 12.1X46 and 12.1X47 on SRX devices");

  script_tag(name:"last_modification", value:"2023-07-25 05:05:58 +0000 (Tue, 25 Jul 2023)");
  script_tag(name:"creation_date", value:"2015-05-28 10:52:59 +0700 (Thu, 28 May 2015)");
  script_category(ACT_GATHER_INFO);
  script_family("JunOS Local Security Checks");
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_dependencies("gb_juniper_junos_consolidation.nasl");
  script_mandatory_keys("juniper/junos/detected", "juniper/junos/model");

  exit(0);
}

include("host_details.inc");
include("revisions-lib.inc");

model = get_kb_item("juniper/junos/model");
if (!model || (model !~ '^SRX[0-9]+'))
  exit(99);

if (!version = get_app_version(cpe: CPE, nofork: TRUE))
  exit(0);

if (version =~ "^12") {
  if ((revcomp(a:version, b:"12.1X44-D50") < 0) &&
      (revcomp(a:version, b:"12.1X44") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"12.1X46-D35") < 0) &&
           (revcomp(a:version, b:"12.1X46") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
  else if ((revcomp(a:version, b:"12.1X47-D25") < 0) &&
           (revcomp(a:version, b:"12.1X47") >= 0)) {
    security_message(port:0, data:version);
    exit(0);
  }
}

exit(99);