Rewterz Threat Advisory – CVE-2019-0008 – Juniper QFX5000 / EX4300 / EX4600 Junos OS FXPC Buffer Overflow Vulnerability
April 11, 2019Rewterz Threat Alert – Indicators of Compromise by Rat Malware
April 12, 2019Rewterz Threat Advisory – CVE-2019-0008 – Juniper QFX5000 / EX4300 / EX4600 Junos OS FXPC Buffer Overflow Vulnerability
April 11, 2019Rewterz Threat Alert – Indicators of Compromise by Rat Malware
April 12, 2019Severity
Low
Analysis Summary
On Junos OS, rpcbind should only be listening to port 111 on the internal routing instance (IRI). External packets destined to port 111 should be dropped. Due to an information leak vulnerability, responses were being generated from the source address of the management interface (e.g. fxp0) thus disclosing internal addressing and existence of the management interface itself. A high rate of crafted packets destined to port 111 may also lead to a partial Denial of Service (DoS).
Impact
Denial of service
Affected Vendors
Juniper
Affected Products
Juniper Junos OS 15.1
Remediation
Update to version 15.1F6-S12, 15.1R7-S4, or 15.1X53-D236.