Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.
Attack Vector Local
Attack Complexity Low
Privileges Required Low
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
Attack Vector Local
Attack Complexity Low
Privileges Required Low
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
AV:L/AC:L/Au:N/C:P/I:P/A:P
Vendors | Products |
---|---|
Debian |
|
Juniper |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
Configuration 9 [-]
|
Configuration 10 [-]
|
Configuration 11 [-]
|
Configuration 12 [-]
|
Configuration 13 [-]
|
Configuration 14 [-]
|
Configuration 15 [-]
|
Configuration 16 [-]
|
Configuration 17 [-]
|
Configuration 18 [-]
|
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/153746/FreeBSD-Security-Advisory-FreeBSD-SA-19-12.telnet.html | Third Party Advisory VDB Entry |
https://kb.juniper.net/JSA10947 | Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/11/msg00033.html | Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html | |
https://seclists.org/bugtraq/2019/Jul/45 | Mailing List Third Party Advisory |
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:12.telnet.asc | Third Party Advisory |
https://www.exploit-db.com/exploits/45982 | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: juniper
Published: 2019-07-11T00:00:00
Updated: 2024-01-02T00:17:56.689381
Reserved: 2018-10-11T00:00:00
Link: CVE-2019-0053
JSON object: View
NVD Information
Status : Modified
Published: 2019-07-11T20:15:11.960
Modified: 2023-10-08T14:15:11.083
Link: CVE-2019-0053
JSON object: View
Redhat Information
No data.