Rapid7 Vulnerability & Exploit Database

Juniper Junos OS: Minor security vulnerability in JUNOS Internet software kernel (JSA10296)

Back to Search

Juniper Junos OS: Minor security vulnerability in JUNOS Internet software kernel (JSA10296)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
02/09/2002
Created
07/25/2018
Added
05/07/2014
Modified
05/07/2014

Description

A security-related vulnerability was recently discovered in the JUNOS software. This vulnerability is described in detail in the FreeBSD Security Advisory FreeBSD-SA-02:09.fstatfs and in PR/21769. A user logged in to a Juniper Networks router could panic the JUNOS kernel by calling the fstatfs() system call using an invalid file descriptor. (The descriptor becomes invalid because the file is deleted.) Only file descriptors that refer to files in a procfs file system are known to exploit this race condition.

Solution(s)

  • juniper-junos-os-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;