Junos
Highlighted
Junos

NTP 4.2.0 Autokey Stack Buffer Overflow Vulnerability

[ Edited ]
‎01-23-2017 08:31 AM

Hi all,


Scan results showed a vulnerability (cve-2009-1252) in the ntpd 4.2.0 in all juniper equipenemtns we have which is resolved in other versions like 4.2.5,. this vulnerability can cause DoS when the autokey and openssl are enabled.
after checking the kB section, I found that junos is not concerned with this vulnerability as described in kb21459, because the autokey security model is disable by default.
All equipments are in the recommended release.


how can I prove this to the audit organisation? can I get the ntp.conf file inside the junos?

 

kb : https://kb.juniper.net/InfoCenter/index?page=content&id=KB21459&smlogin=true&actp=search

cve : http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1252

juniper products : srx650 , srx 240 , ex2200 , ex3300 and ex4200

3 REPLIES 3
Highlighted
Junos

Re: NTP 4.2.0 Autokey Stack Buffer Overflow Vulnerability

‎01-25-2017 03:11 AM

For these types of audit providing a copy of the kb article you link to is typically sufficient as it demonstrates that the vulnerability has been remediated.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
Junos

Re: NTP 4.2.0 Autokey Stack Buffer Overflow Vulnerability

‎01-26-2017 03:12 AM

even if it is for PCI DSS ?

Highlighted
Junos
Solution
Accepted by topic author Wael_Hedhli
‎02-06-2017 08:47 AM

Re: NTP 4.2.0 Autokey Stack Buffer Overflow Vulnerability

‎01-28-2017 05:55 AM

Yes, this scan is basically a false positive.  The KB article describes how the remediation for the vulnerabillity has been applied and thus supports the response to the reported hit.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Feedback