Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:MISC:AEROSPIKE-DOS

Severity

 Major

Recommended

 Yes

Recommended Action

 Drop

Category

 APP

Keywords

 Aerospike Database Server RW Fabric Message Code Execution

Release Date

 2017/03/16

Update Number

 2838

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Aerospike Database Server RW Fabric Message Code Execution


This signature detects attempts to exploit a known vulnerability in Aerospike Database Server. Successful exploitation of this vulnerability could lead to a NULL pointer dereference, causing denial-ofservice.

Extended Description

An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability.

Affected Products

  • Aerospike database_server 3.10.0.3

References

  • CVE: CVE-2016-9053
  • URL: http://www.aerospike.com/download/server/notes.html#3.11.1.1
  • URL: http://www.talosintelligence.com/reports/talos-2016-0267/

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out