漏洞类别:Hardware
漏洞等级: 
漏洞信息
Juniper JUNOS is the network operating system used in Juniper Networks hardware systems.
libgd is an open-source image library which is bundled with PHP version 4.3 and above. An integer signedness vulnerability exists in libgd 2.1.1 which may result in a heap overflow when processing compressed gd2 data.
Affected Versions
Junos OS 12.1X46, 12.3X48, 15.1X49, 14.2, 15.1, 15.1X53, 16.1, 16.2.
漏洞危害
On successful exploitation it allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
解决方案
The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D65 12.3X48-D40 14.2R8 15.1F7 15.1R5 15.1X49-D70 15.1X53-D47 16.1R4 16.2R2 17.1R1, and all subsequent releases.
Workaround:
a. Disable well known services such as J-Web, XNM-SSL, that can utilize onboard PHP scripting
b. Discontinue use of Netconf with PHP
c. Discontinue use of PyEZ with PHP
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论