CVE-2020-1660
published 2020-10-16CVE-2020-1660: When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets…
critical9.9CVSS 3.1
AVNACLPRNUINSCCLILAH
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS Filtering service are no longer protected and at risk of exploitation. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos_os | — | — |
| juniper | mx_series | — | — |
| juniper_networks | junos_os | >= 17.3 < 17.3R3-S8 | 17.3R3-S8 |
| juniper_networks | junos_os | >= 18.3 < 18.3R3-S1 | 18.3R3-S1 |
| juniper_networks | junos_os | >= 18.4 < 18.4R3 | 18.4R3 |
| juniper_networks | junos_os | >= 19.1 < 19.1R3 | 19.1R3 |
| juniper_networks | junos_os | >= 19.2 < 19.2R2 | 19.2R2 |
| juniper_networks | junos_os | >= 19.3 < 19.3R3 | 19.3R3 |
Juniper
CVE-2020-1660: When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of pack
vendor_juniper·2020-10-16·CVSS 8.3
CVE-2020-1660 [HIGH] CWE-362 CVE-2020-1660: When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of pack
CVE-2020-1660: When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once prote
GHSA
GHSA-xcrv-h2x7-7qcc: When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of pack
ghsa_unreviewed·2022-05-24
CVE-2020-1660 [CRITICAL] GHSA-xcrv-h2x7-7qcc: When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of pack
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS
No detection rules found.
No public exploits indexed.
Krebs
Microsoft Patch Tuesday, January 2021 Edition
blogs_krebs·2021-01-13·CVSS 8.3
[HIGH] Microsoft Patch Tuesday, January 2021 Edition
Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users.
Most concerning of this month’s batch is probably a critical bug ( CVE-2021-1647 ) in Microsoft’s default anti-malware suite — Windows Defender — that is seeing active exploitation. Microsoft recently stopped providing a great deal of detail in their vulnerability advisories, so it’s not entirely clear how this is being exploited.
But Kevin Breen , director of
Krebs
Microsoft Patch Tuesday, January 2021 Edition
blogs_krebs·2021-01-12·CVSS 8.3
[HIGH] Microsoft Patch Tuesday, January 2021 Edition
Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users.
Most concerning of this month’s batch is probably a critical bug (CVE-2021-1647) in Microsoft’s default anti-malware suite — Windows Defender — that is seeing active exploitation. Microsoft recently stopped providing a great deal of detail in their vulnerability advisories, so it’s not entirely clear how this is being exploited.
But Kevin Breen, director of re
Bugzilla
CVE-2020-2102 jenkins: Non-constant time HMAC comparison
bugzilla·2020-01-31·CVSS 5.3
CVE-2020-2102 [MEDIUM] CVE-2020-2102 jenkins: Non-constant time HMAC comparison
CVE-2020-2102 jenkins: Non-constant time HMAC comparison
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC.
References:
https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1660
http://www.openwall.com/lists/oss-security/2020/01/29/1
Discussion:
Created jenkins tracking bugs for this issue:
Affects: fedora-all [bug 1797077]
---
"Any security advisory related updates to Jenkins core or the plugins we include in the OpenShift Jenkins master image will only occur in the v3.11 and v4.x branches of this repository."
https://github.com/openshift/jenkins/blob/master/README.md#jenkins-security-advisories-the-master-image-from-this-repository-and-the-oc-binary
---
This bug has been fixed by https://errata.devel.re
2020-10-16
Published