Juniper Junos Bug in Pluggable Authentication Module (PAM) Lets Remote Users Execute Arbitrary Code on the Target System
|
|
SecurityTracker Alert ID: 1040039 |
|
SecurityTracker URL: http://securitytracker.com/id/1040039
|
|
CVE Reference:
CVE-2017-10615
(Links to External Site)
|
Date: Dec 21 2017
|
Impact:
Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 14.1, 14.1X53, 14.2
|
Description:
A vulnerability was reported in Juniper Junos. A remote user can execute arbitrary code on the target system. A remote user can cause the target service to crash.
A remote user can send specially crafted data to trigger a flaw in the pluggable authentication module (PAM) and execute arbitrary code on the target system or cause the target service to crash.
Services (e.g., telnetd, sshd) that use PAM are affected.
The vendor has assigned PR 1192119 to this vulnerability.
|
Impact:
A remote user can execute arbitrary code on the target system.
A remote user can cause the target service to crash.
|
Solution:
The vendor has issued a fix (14.1R8-S4, 14.1R9, 14.1X53-D46, 14.2R7-S8, 14.2R8) [in November 2017].
The vendor advisory is available at:
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10818
|
Vendor URL: kb.juniper.net/InfoCenter/index?page=content&id=JSA10818 (Links to External Site)
|
Cause:
Not specified
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
