ISC BIND software included
with Junos for SRX series devices is affected by CVE-2014-8500. This may
allow a network based attacker to cause a denial of service condition
on SRX devices.
This issue only affects SRX devices where "set
system services dns dns-proxy" has been configured. This is not enabled
by default on SRX devices.
This issue does not affect other Junos OS based devices as they do not have BIND DNS server feature.
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
This issue has been assigned CVE-2014-8500.
Solution:
The following software
releases have been updated to resolve this specific issue: Junos OS
12.1X44-D50 (pending release) 12.1X46-D35 (pending release) 12.1X47-D25
(pending release) 12.3X48-D10 and all subsequent releases.
This issue is being tracked as PR 1048628 and is visible on the Customer Support website.
KB16765
- "In which releases are vulnerabilities fixed?" describes which
release vulnerabilities are fixed as per our End of Engineering and End
of Life support policies.
Workaround:
There are no known workarounds.
Implementation:
How to obtain fixed
software: Security vulnerabilities in Junos are fixed in the next
available Maintenance Release of each supported Junos version. In some
cases, a Maintenance Release is not planned to be available in an
appropriate time-frame. For these cases, Service Releases are made
available in order to be more timely. Security Advisory and Security
Notices will indicate which Maintenance and Service Releases contain
fixes for the issues described. Upon request to JTAC, customers will be
provided download instructions for a Service Release. Although Juniper
does not provide formal Release Note documentation for a Service
Release, a list of "PRs fixed" can be provided on request.
No comments:
Post a Comment