Information Technology News.


Juniper unloads a whole slew of security patches on its products

Share on Twitter.

Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.

April 13, 2017

Juniper's new security patches cover six fixes to Junos, one for the company’s EX Series switches, BIND fixes for SRX, vSRX and J-Series units, and multiple fixes for its NorthStar controller.

Specifically, Junos OS on SRX, vSRX and its J-Series has been upgraded to implement the patches on five security vulnerabilities.

All four CVEs (CVE-2016-2776, CVE-2016-8864, CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444) offer hackers a play at hosing down the vulnerable boxes if they’re running the DNS proxy service.

Any Juniper M or MX router running Junos OS with DCHPv6 can have its packet forwarding engine crashed.

“Incorrect signedness comparison in the ioctl handler allows a malicious local user to overwrite a portion of the kernel memory,” Juniper's advisory asserts.

That would end in privilege escalation, and affect any product or platform running Junos OS.

Controllers running versions older than 2.1.0 Service Pack 1 need to upgrade to protect against no less than 9 third-party security flaws.

Those include various fixes to BIND, Qemu’s floppy disc controller and PCNET controller, Node.js’s HTTP server, Linux and Xen’s KVM subsystems, and the 2015-era “Bar Mitzvah” bug in the RC4 algorithm, which reasonable people probably assumed was dead and gone.

There’s also a long list of Juniper-specific sucurity flaws that were fixed in the NorthStar Controller application.

Additionally, Junos OS running IPv6 inherited a another security bug from the protocol’s specification, allowing fragmentation attacks leading to a denial of service.

And a crafted BGP update can crash Junos OS 15.1 or later on any platform, if that wasn't enough.

Anything running unpatched Junos OS with LDP enabled can be attacked by a crafted packet as well, so system admins need to pay attention to that as well.

Junos has also been hardened against a long list of 2016-era Network Time Protocol bugs as well.

Finally, EX Series switches running IPv6 are vulnerable to a crafted Neighbour Discovery Packet. A memory leak means that attackers can packet-flood the units, leading to “resource exhaustion and a denial of service.”

Source: Juniper Networks.


Sponsered ad: Get a Linux Enterprise server with 92 Gigs of RAM, 16 CPUs and 8 TB of storage at our liquidation sale. Only one left in stock.

Sponsered ad: Order the best SMTP service for your business. Guaranteed or your money back.

Share on Twitter.

IT News Archives | Site Search | Advertise on IT Direction | Contact | Home

All logos, trade marks or service marks on this site are the property of their respective owners.

Sponsored by Sure Mail™, Avantex and
by Montreal Server Colocation.

       © IT Direction. All rights reserved.