Q
Problem solve Get help with specific problems with your technologies, process and projects.

GD library: How did it open the Junos OS to attacks?

The GD library used in the Junos operating system has opened Junos up to attacks. Nick Lewis explains how it happened and what it means for companies using open source software.

Juniper Networks Inc. and US-CERT issued security advisories regarding a serious vulnerability in the GD graphics...

library used in the Junos operating system. The GD library, or LibGD, has also caused problems for other vendors. How did a simple image library open Junos up to attacks? Should companies stay away from open source image libraries like GD library?

It's amusing to hear that a router or piece of network equipment has a vulnerability that you would typically only expect to see on a more traditional server. This occurrence supports the need to have a comprehensive vulnerability management program.

Likewise, it seems reasonable to expect that only the absolute necessary functionality will be included in a device in order to reduce its attack surface and complexity. For example, if a web server isn't installed on a system, then the web server doesn't need to be secured or have updates installed.

Since routers and network devices have many of the same functions as a standard server, they can have similar vulnerabilities. While routers and network devices aren't typically thought of as web servers, they often have a web interface for managing devices alongside traditional command-line options.

Juniper Networks issued a security advisory regarding a serious vulnerability in their GD library -- an open source code library for the creation of dynamic images -- that affected Juniper's Junos OS, which is used in the vendor's routers and network devices.

The workarounds mentioned by Juniper Networks are to discontinue use of onboard PHP scripting and to limit access to web management, as limiting access to the router or network device is a standard best practice. Juniper Networks could have avoided the vulnerability by developing their own software for generating images or by licensing a commercial library.

However, given the complexity of software development and that their core competency is in networking, it's very reasonable for them to use a well-tested and widely used open source library, such as GD library. Regardless of the library type, Jupiter Networks still needs to update and monitor it for security vulnerabilities as part of their software development lifecycle.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in February 2018

Dig Deeper on Alternative operating system security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Have you or your organization experienced problems with the Junos operating system?
Cancel
This is a paradigms of security concert, because any software have bugs. Now, for the type of notice, and the respect I have to this site, do you need to put more accurate information about the situation here. Because Junos is a Network Operation System, and don't need the GUI for do the work that was build. And in the best practices do you have to disable it. I appreciate if you put the CVE mentioned in the news.
Regards, Juan. 
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close