Impact
The vulnerability can cause authentication requests to be sent to the RADIUS authentication server which may allow for unintended successful authentication.
Solution
New builds of Junos OS software are available from Juniper.
Insight
When a RADIUS authentication server is configured under [system radius-server], an entry is created in /var/etc/pam_radius.conf. An issue was discovered where RADIUS accounting servers configured under [system accounting destination radius] are also propagated to pam_radius.conf.
If the same RADIUS server is used for both authentication and accounting - a common configuration - the issue is less severe since RADIUS authentication is sent to the intended server despite the duplicate entries. However, if the RADIUS authentication server is later removed from the configuration, the duplicate entry created by configuration of the RADIUS accounting server will remain in pam_radius.conf, also leading to possible unintended authentication success.
Affected
Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2 and 13.3
Detection
Check the OS build.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-6379 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities