CVE-2014-9425 Juniper JUNOS J-Web: Multiple Vulnerabilities (JSA10804)

Juniper JUNOS is the network operating system used in Juniper Networks hardware systems.

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.(CVE-2013-6420)
Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.(CVE-2014-9425)
ext/xml/xml.c in PHP does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.(CVE-2013-4113)
The SQLite functionality in PHP allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.(CVE-2012-3365)

Affected Version
Junos OS 12.1X46 prior to 12.1X46-D65, 12.1X47 prior to 12.1X47-D40, 12.1X47-D45; 12.3 prior to 12.3R12-S5; 12.3X48 prior to 12.3X48-D35; 14.2 prior to 14.2R8; 15.1 prior to 15.1R4; 15.1X49 prior to 15.1X49-D50.

On successful exploitation it allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.(CVE-2013-6420)

The following software releases have been updated to resolve this specific issue: 12.1X46-D65, 12.1X47-D40, 12.1X47-D45, 12.3R12-S5, 12.3X48-D35, 14.2R8, 15.1R4, 15.1X49-D50, 16.1R1, 16.1R1, 16.1R2, and all subsequent releases.

Workaround:
Methods which may reduce, but not eliminate, the risk for exploitation of this problem, and which does not mitigate or resolve the underlying problem include:

a. Using access lists or firewall filters to limit access to the device only from trusted hosts.
b. Disabling J-Web
c. Limit access to J-Web from only trusted networks

Patch:
Following are links for downloading patches to fix the vulnerabilities:

JSA10804: junos