CVE-2015-7751

Name of the Vulnerable Software and Affected Versions Junos versions prior to 12.1X44-D50 Junos versions prior to 12.1X46-D35 Junos versions prior to 12.1X47-D25 Junos versions prior to 12.3R9 Junos versions prior to 12.3X48-D15 Junos versions prior to 13.2R7 Junos versions prior to 13.2X51-D35 Junos versions prior to 13.3R6 Junos versions prior to 14.1R5 Junos versions prior to 14.1X50-D105 Junos versions prior to 14.1X51-D70 Junos versions prior to 14.1X53-D25 Junos versions prior to 14.1X55-D20 Junos versions prior to 14.2R1 Junos versions prior to 15.1F2 or 15.1R1 Junos versions prior to 15.1X49-D10

Description The issue is related to the absence of a password request for the root user in case of a corrupted pam.conf file. This allows a local attacker to gain root privileges by modifying the pam.conf file.

Recommendations For versions prior to 12.1X44-D50, update to 12.1X44-D50 or later. For versions prior to 12.1X46-D35, update to 12.1X46-D35 or later. For versions prior to 12.1X47-D25, update to 12.1X47-D25 or later. For versions prior to 12.3R9, update to 12.3R9 or later. For versions prior to 12.3X48-D15, update to 12.3X48-D15 or later. For versions prior to 13.2R7, update to 13.2R7 or later. For versions prior to 13.2X51-D35, update to 13.2X51-D35 or later. For versions prior to 13.3R6, update to 13.3R6 or later. For versions prior to 14.1R5, update to 14.1R5 or later. For versions prior to 14.1X50-D105, update to 14.1X50-D105 or later. For versions prior to 14.1X51-D70, update to 14.1X51-D70 or later. For versions prior to 14.1X53-D25, update to 14.1X53-D25 or later. For versions prior to 14.1X55-D20, update to 14.1X55-D20 or later. For versions prior to 14.2R1, update to 14.2R1 or later. For versions prior to 15.1F2 or 15.1R1, update to 15.1F2, 15.1R1, or later. For versions prior to 15.1X49-D10, update to 15.1X49-D10 or later.