Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Update Details

Security Intelligence Center
Print

Update #3364 (03/11/2021)

4 new signatures:

HIGHHTTP:STC:DELTAIND-AUT-SEDIT-BOFHTTP: Delta Industrial Automation CNCSoft ScreenEditor Element Name Stack Buffer Overflow
HIGHDNS:OVERFLOW:DNSMASQ-MUL-OOBDNS: DNSmasq multiple Out-of-Bounds Write
HIGHHTTP:SQL:INJ:PHP-MYADMIN-SQLIHTTP: phpMyAdmin SearchController SQL Injection
MEDIUMHTTP:STC:DL:SFMK-OFF-SST-BOFHTTP: SoftMaker Office PlanMaker Excel SST Record Buffer Overflow

4 updated signatures:

HIGHCHAT:JABBER:UNAME-OFCHAT: Jabber 2.x Username Buffer Overflow
LOWCHAT:AIM:FILE-EXEAIM: Client File Receive Executable
HIGHHTTP:WORD-PRESS-CONTENT-RCEHTTP: WordPress Comment Content Filter Remote Code Execution
HIGHAPP:CVS:DIR-OVERFLOWAPP: CVS Directory Heap Overflow


Details of the signatures included within this bulletin:

APP:CVS:DIR-OVERFLOW - APP: CVS Directory Heap Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against the double free () function in Concurrent Versions System protocol. Attackers sending an over long directory name can cause a heap double free on some CVS systems.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, isg-3.5.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • bugtraq: 6650
  • url: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
  • url: http://www.debian.org/security/2003/dsa-233
  • url: http://www.cert.org/advisories/CA-2003-02.html
  • cve: CVE-2003-0015

Affected Products:

  • Sun linux 5.0.3
  • Sun cobalt_cacheraq_3
  • Sun cobalt_cacheraq_4
  • Sun cobalt_raq_xtr
  • Sun cobalt_raq_2
  • Sun cobalt_raq_3
  • Sun cobalt_raq_4
  • Sun cobalt_qube_2
  • Sun cobalt_qube_3
  • Sun cobalt_raq_550
  • Freebsd freebsd 4.7.0
  • Freebsd freebsd 4.4.0
  • Cvs cvs 1.11.0
  • Cvs cvs 1.11.1 P1
  • Cvs cvs 1.11.2
  • Cvs cvs 1.11.3
  • Cvs cvs 1.11.4
  • Cvs cvs 1.10.8
  • Cvs cvs 1.11.1
  • Freebsd freebsd 4.6.0
  • Freebsd freebsd 5.0.0
  • Freebsd freebsd 4.5.0

DNS:OVERFLOW:DNSMASQ-MUL-OOB - DNS: DNSmasq multiple Out-of-Bounds Write

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against DNSmasq. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the DNSmasq service.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-25682
  • cve: CVE-2020-25687
  • url: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html
  • url: https://www.jsof-tech.com/disclosures/dnspooq/
  • cve: CVE-2020-25681
  • cve: CVE-2020-25683

Affected Products:

  • Debian debian_linux 9.0
  • Fedoraproject fedora 32
  • Debian debian_linux 10.0
  • Thekelleys dnsmasq
  • Fedoraproject fedora 33

HTTP:WORD-PRESS-CONTENT-RCE - HTTP: WordPress Comment Content Filter Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against WordPress Comment Content Filter. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
  • url: https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
  • bugtraq: 107411
  • cve: CVE-2019-9787

Affected Products:

  • Wordpress wordpress

CHAT:AIM:FILE-EXE - AIM: Client File Receive Executable

Severity: LOW

Description:

This signature detects the transfer of executable files between AOL Instant Messenger (AIM) clients.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: http://www.iss.net/security_center/static/10441.php
  • url: http://www.kingant.net/oscar/
  • bugtraq: 6027
  • cve: CVE-2002-1813

Affected Products:

  • Aol instant_messenger 4.8.2790

CHAT:JABBER:UNAME-OF - CHAT: Jabber 2.x Username Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to overflow the username field in cleartext XMPP communications. Jabberd 2.x incorrectly verifies the username field length, enabling a malicious user to overflow a buffer. When Jabberd is running as root, an attacker can also execute arbitrary code.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • url: http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-11/1193.html
  • url: http://www.jabber.org
  • bugtraq: 11741
  • cve: CVE-2004-0953

Affected Products:

  • Jabber_software_foundation jabber_server 2.0.0

HTTP:STC:DELTAIND-AUT-SEDIT-BOF - HTTP: Delta Industrial Automation CNCSoft ScreenEditor Element Name Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Delta Industrial Automation CNCSoft ScreenEditor. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

  • url: http://www.zerodayinitiative.com/advisories/ZDI-20-939/
  • url: http://www.zerodayinitiative.com/advisories/ZDI-20-940/
  • url: http://www.zerodayinitiative.com/advisories/ZDI-20-941/
  • url: http://www.zerodayinitiative.com/advisories/ZDI-20-942/
  • url: http://www.zerodayinitiative.com/advisories/ZDI-20-943/
  • url: http://www.zerodayinitiative.com/advisories/ZDI-20-944/
  • url: http://www.zerodayinitiative.com/advisories/ZDI-20-945/
  • url: http://www.zerodayinitiative.com/advisories/ZDI-20-946/
  • url: http://www.zerodayinitiative.com/advisories/ZDI-20-947/
  • url: http://www.zerodayinitiative.com/advisories/ZDI-20-948/
  • cve: CVE-2020-16199

Affected Products:

  • Deltaww cncsoft_screeneditor 1.01.23

HTTP:SQL:INJ:PHP-MYADMIN-SQLI - HTTP: phpMyAdmin SearchController SQL Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against phpMyAdmin. A successful attack can lead to command injection and arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

  • cve: CVE-2020-26935
  • url: https://www.phpmyadmin.net/security/PMASA-2020-6/

Affected Products:

  • Debian debian_linux 9.0
  • Fedoraproject fedora 33
  • Phpmyadmin phpmyadmin 4.9.0
  • Fedoraproject fedora 31
  • Phpmyadmin phpmyadmin 5.0.0
  • Opensuse leap 15.2
  • Fedoraproject fedora 32
  • Opensuse leap 15.1
  • Opensuse backports_sle 15.0

HTTP:STC:DL:SFMK-OFF-SST-BOF - HTTP: SoftMaker Office PlanMaker Excel SST Record Buffer Overflow

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against SoftMaker Office. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the SoftMaker Office.

Supported On:

idp-5.1.110161014, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, j-series-9.5, mx-11.4, srx-12.1, srx-branch-12.1, vsrx-12.1, vsrx-15.1

References:

  • url: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1197
  • cve: CVE-2020-13586

Affected Products:

  • Softmaker planmaker_2021 1014
Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out