Product Affected:These issues affect all releases of CTPView prior to the versions listed below.

Problem:CTPView release 7.1R1 addresses multiple vulnerabilities in prior releases with updated third party software components. The resolved issues include:CVE CVSS v2 base score Summary CVE-2011-3378 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) Denial of service (memory corruption) and possible arbitrary code execution vulnerability via an rpm package with crafted headers and offsets. CVE-2012-3400 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) Heap-based buffer overflow in the Linux kernel via a crafted UDF filesystem . CVE-2007-4476 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Buffer overflow in GNU tar resulting in a “crashing stack.” CVE-2009-0115 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) Vulnerability in the Device Mapper multipathing driver allows local users to send arbitrary commands to the multipath daemon. CVE-2009-1185 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) udev vulnerability allows local users to gain privileges by sending a NETLINK message from user space. CVE-2010-0407 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C) Multiple buffer overflows in the PC/SC Smart Card daemon (aka PCSCD) may allow local users to gain privileges via crafted message data. CVE-2010-0624 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Heap-based buffer overflow in GNU tar may cause a denial of service (memory corruption) or possibly allow execution of arbitrary code. CVE-2009-3563 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) ntpd allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. Juniper SIRT is not aware of any malicious exploitation of this vulnerability against CTPView.

Solution:These vulnerabilities are resolved in CTPView 7.1R1 and all subsequent releases. These issues are being tracked as PR 1056715 which is visible on the Customer Support website. KB16765 – “In which releases are vulnerabilities fixed?” describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.

Workaround:Use access lists or firewall filters to limit access to CTPView only from trusted hosts.

Implementation:How to obtain fixed software: CTPView Maintenance Releases and Patches are available at http://support.juniper.net from the “Download Software” links. Modification History: 2015-07-08: Initial publication

Related Links: CVSS Score:CVSSv2 (max): 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Risk Level:Critical

Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 “Common Vulnerability Scoring System (CVSS) and Juniper’s Security Advisories.”

Acknowledgements: 

Leave a Reply