Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3136 (01/22/2019)

8 new signatures:

MEDIUMHTTP:STC:IMG:JPEG:CODEC-LIB-IDHTTP: Microsoft Windows Codecs Library Information Disclosure
HIGHHTTP:STC:DL:MS-WIN-GDI-IDHTTP: Microsoft Windows Graphics Component CVE-2018-8239 Information Disclosure
MEDIUMIKE:DOS:CVE-2018-10811-DOSIKE: StrongSwan OpenSSL Plugin FIPS Mode Denial-of-Service
HIGHHTTP:GITLAB-WIKI-API-RCEHTTP: GitLab Wiki API CVE-2018-18649 Remote Code Execution
HIGHHTTP:STC:GNU-LIBEXTRACTOR-OOBHTTP: GNU Libextractor ZIP File Comment Out-of-Bounds Read
HIGHHTTP:LIBMSPACK-OFF-BY-ONEHTTP: Libmspack Project cabd_sys_read_block Off By One
HIGHDNS:POWERDNS-DOS-MADNS: PowerDNS Recursive Out of Bounds Read Denial of Service
HIGHHTTP:STC:IMG:LIBTIFF-JBIG-BOFHTTP: LibTIFF JBIGDecode Heap Buffer Overflow

3 updated signatures:

HIGHHTTP:STC:IMG:JPEGDECODERAW-FUNCHTTP: LibTIFF JPEGDecodeRaw Function Remote Code Execution
HIGHHTTP:QUEST-NETVAULT-BACKUP-BOHTTP: Quest NetVault Backup Multipart Request Part Header Stack Buffer Overflow
MEDIUMLDAP:AD-AUTH-BYPASSLDAP: Microsoft Windows Active Directory LDAP Authentication Bypass


Details of the signatures included within this bulletin:

LDAP:AD-AUTH-BYPASS - LDAP: Microsoft Windows Active Directory LDAP Authentication Bypass

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known flaw in Microsoft Windows Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). A successful attack can lead to unauthorized information disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

  • cve: CVE-2011-2014

Affected Products:

  • Microsoft windows_server_2008 (sp2)
  • Microsoft windows_vista (sp2:x64)
  • Microsoft windows_server_2008 (sp2:x32)
  • Microsoft windows_7 - (sp1:x64)
  • Microsoft windows_vista (sp2)
  • Microsoft windows_server_2008 (sp2:x64)
  • Microsoft windows_server_2003 (sp2:itanium)
  • Microsoft windows_server_2008 r2
  • Microsoft windows_7 - (-:x32)
  • Microsoft windows_xp - (sp2)
  • Microsoft windows_server_2008 r2 (sp1)
  • Microsoft windows_server_2008 r2 (:x64)
  • Microsoft windows_xp - (sp2:x64)
  • Microsoft windows_7 - (-)
  • Microsoft windows_7 - (sp1)
  • Microsoft windows_xp (sp3)
  • Microsoft windows_server_2003 (sp2)
  • Microsoft windows_server_2003 (sp2:x64)
  • Microsoft windows_7 - (-:x64)
  • Microsoft windows_7 - (sp1:x32)
  • Microsoft windows_server_2008 r2 (sp1:x64)

HTTP:STC:GNU-LIBEXTRACTOR-OOB - HTTP: GNU Libextractor ZIP File Comment Out-of-Bounds Read

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Libextractor. The vulnerability is due to improper handling of long File Comment fields within ZIP files. A remote, unauthenticated attacker could exploit this vulnerability by enticing a user to open a maliciously crafted file using Libextractor. Successful exploitation of this vulnerability could lead to denial-of-service conditions or, in the worst case, disclosure of sensitive information.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-16430

Affected Products:

  • Debian debian_linux 8.0
  • Debian debian_linux 9.0
  • Gnu libextractor 1.7

HTTP:STC:IMG:JPEGDECODERAW-FUNC - HTTP: LibTIFF JPEGDecodeRaw Function Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against LibTIFF. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2010-3087
  • bugtraq: 43366

Affected Products:

  • Mandriva linux_mandrake 2010.0 X86 64
  • Mandriva linux_mandrake 2010.0
  • Ubuntu ubuntu_linux 10.04 Amd64
  • Ubuntu ubuntu_linux 10.04 I386
  • Ubuntu ubuntu_linux 10.04 Powerpc
  • Ubuntu ubuntu_linux 10.04 Sparc
  • Ubuntu ubuntu_linux 9.10 ARM
  • Ubuntu ubuntu_linux 10.04 ARM
  • Ubuntu ubuntu_linux 10.10 ARM
  • Ubuntu ubuntu_linux 6.06 LTS Powerpc
  • Ubuntu ubuntu_linux 6.06 LTS I386
  • Ubuntu ubuntu_linux 6.06 LTS Amd64
  • Research_in_motion blackberry_enterprise_server_express_for_exchange 5.0.3
  • Research_in_motion blackberry_enterprise_server_express_for_domino 5.0.3
  • Mandriva linux_mandrake 2010.1 X86 64
  • Research_in_motion blackberry_enterprise_server_for_exchange 5.0.1
  • Research_in_motion blackberry_enterprise_server_express_for_exchange 5.0.1
  • Research_in_motion blackberry_enterprise_server_express_for_domino 5.0.2
  • Research_in_motion blackberry_enterprise_server_express_for_exchange 5.0.2
  • Research_in_motion blackberry_enterprise_server_for_exchange 5.0.2
  • Mandriva linux_mandrake 2010.1
  • Ubuntu ubuntu_linux 8.04 LTS Amd64
  • Ubuntu ubuntu_linux 8.04 LTS I386
  • Ubuntu ubuntu_linux 8.04 LTS Lpia
  • Ubuntu ubuntu_linux 8.04 LTS Powerpc
  • Ubuntu ubuntu_linux 8.04 LTS Sparc
  • Research_in_motion blackberry_enterprise_server_express_for_domino 5.0.2 MR1
  • Research_in_motion blackberry_enterprise_server_for_exchange 5.0.2 MR1
  • Research_in_motion blackberry_enterprise_server_for_domino 5.0.1
  • Ubuntu ubuntu_linux 10.10 amd64
  • Ubuntu ubuntu_linux 10.10 powerpc
  • Research_in_motion blackberry_enterprise_server_for_domino 5.0.2
  • Research_in_motion blackberry_enterprise_server_for_novell_groupwise 5.0.1
  • Ubuntu ubuntu_linux 6.06 LTS Sparc
  • Research_in_motion blackberry_enterprise_server_for_exchange 5.0.3
  • Research_in_motion blackberry_enterprise_server_for_domino 5.0.3
  • Research_in_motion blackberry_enterprise_server_for_novell_groupwise 4.1.7
  • Suse opensuse 11.3
  • Ubuntu ubuntu_linux 10.10 i386
  • Research_in_motion blackberry_enterprise_server_for_exchange 5.0.3 MR2
  • Research_in_motion blackberry_enterprise_server_for_novell_groupwise 5.0.1 MR3
  • Research_in_motion blackberry_enterprise_server_for_domino 5.0.3 MR3
  • Ubuntu ubuntu_linux 9.10 Amd64
  • Ubuntu ubuntu_linux 9.10 I386
  • Ubuntu ubuntu_linux 9.10 Lpia
  • Ubuntu ubuntu_linux 9.10 Powerpc
  • Ubuntu ubuntu_linux 9.10 Sparc
  • Research_in_motion blackberry_enterprise_server_express_for_exchange 5.0.2 MR1
  • Research_in_motion blackberry_enterprise_server_for_domino 5.0.2 MR1

HTTP:STC:DL:MS-WIN-GDI-ID - HTTP: Microsoft Windows Graphics Component CVE-2018-8239 Information Disclosure

Severity: HIGH

Description:

An information disclosure vulnerability has been reported in the GDI component of Microsoft Windows. Successful exploitation would allow the attacker to gain sensitive information that may help in further attacks.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-8239

Affected Products:

  • Microsoft windows_server_2016 -
  • Microsoft windows_10 1703
  • Microsoft windows_server_1709 -
  • Microsoft windows_10 1607
  • Microsoft windows_server_1803 -
  • Microsoft windows_10 1709
  • Microsoft windows_10 1803

HTTP:QUEST-NETVAULT-BACKUP-BO - HTTP: Quest NetVault Backup Multipart Request Part Header Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Quest NetVault Backup Server. Successful exploitation of the vulnerability could allow arbitrary code execution under the security context of SYSTEM.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-1161

Affected Products:

  • Quest netvault_backup 11.2.0.13

IKE:DOS:CVE-2018-10811-DOS - IKE: StrongSwan OpenSSL Plugin FIPS Mode Denial-of-Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against StrongSwan OpenSSL Plugin FIPS Mode. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, mx-11.4, isg-3.4.140032, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, isg-3.4.139899, srx-branch-12.1, vsrx-12.1, idp-5.0.110121210, j-series-9.5, idp-5.0.110130325, vsrx-15.1, srx-12.1

References:

  • cve: CVE-2018-10811

Affected Products:

  • Strongswan strongswan 5.3.5
  • Strongswan strongswan 5.3.4
  • Strongswan strongswan 5.3.3
  • Strongswan strongswan 5.0.1
  • Strongswan strongswan 5.3.2
  • Strongswan strongswan 5.0.2
  • Strongswan strongswan 5.3.1
  • Debian debian_linux 8.0
  • Strongswan strongswan 5.0.3
  • Strongswan strongswan 5.3.0
  • Strongswan strongswan 5.0.4
  • Strongswan strongswan 5.2.2
  • Strongswan strongswan 5.2.3
  • Strongswan strongswan 5.6.0
  • Strongswan strongswan 5.2.0
  • Strongswan strongswan 5.5.1
  • Strongswan strongswan 5.2.1
  • Strongswan strongswan 5.5.0
  • Strongswan strongswan 5.5.3
  • Strongswan strongswan 5.1.1
  • Strongswan strongswan 5.5.2
  • Debian debian_linux 9.0
  • Strongswan strongswan 5.1.0
  • Strongswan strongswan 5.4.0
  • Strongswan strongswan 5.1.3
  • Strongswan strongswan 5.1.2

HTTP:GITLAB-WIKI-API-RCE - HTTP: GitLab Wiki API CVE-2018-18649 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against GitLab Wiki API. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
  • url: https://gitlab.com/gitlab-org/gitlab-ce/issues/53072
  • cve: CVE-2018-18649

HTTP:STC:IMG:JPEG:CODEC-LIB-ID - HTTP: Microsoft Windows Codecs Library Information Disclosure

Severity: MEDIUM

Description:

An information disclosure vulnerability exists in Windows Codecs Library. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted image file. Successful exploitation could result in the disclosure of information which could be used to further compromise the target system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-8506

HTTP:LIBMSPACK-OFF-BY-ONE - HTTP: Libmspack Project cabd_sys_read_block Off By One

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Libmspack Project. This vulnerability is due to improper handling of block alignment when processing blocks using Quantum compression in the cabd_sys_read_block function. A remote attacker could exploit this vulnerability by enticing a target user to open an malicious crafted CAB file with an application that uses vulnerable library. Successful exploitation of the vulnerability may result in arbitrary code execution under the security context of the user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-18584

DNS:POWERDNS-DOS-MA - DNS: PowerDNS Recursive Out of Bounds Read Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against PowerDNS. The vulnerability is due to improper processing of crafted DNS queries, leading to out-of-bounds read. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted query to the target server. A successful attack could lead to PowerDNS abnormally terminating, leading to a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

  • cve: CVE-2018-16855

HTTP:STC:IMG:LIBTIFF-JBIG-BOF - HTTP: LibTIFF JBIGDecode Heap Buffer Overflow

Severity: HIGH

Description:

A heap buffer overflow vulnerability has been reported in LibTIFF. The vulnerability is due to insufficient length checks while processing TIFF files compressed with JBIG. A remote, unauthenticated attacker can exploit this vulnerability by enticing a target user to open a crafted TIFF file compressed with JBIG with an application that uses LibTIFF. Successful exploitation could result in the execution of arbitrary code under the security context of the program using LibTIFF.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2018-18557
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out