ID de Prueba:	1.3.6.1.4.1.25623.1.0.105948
Categoría:	JunOS Local Security Checks
Título:	Juniper Networks Junos OS SSL Session Injection Vulnerability
Resumen:	Junos OS is prone to a OpenSSL session injection and denial;of service vulnerability.
Descripción:	Summary: Junos OS is prone to a OpenSSL session injection and denial of service vulnerability. Vulnerability Insight: A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common. Vulnerability Impact: A remote attacker might inject data across sessions or cause a denial of service. Affected Software/OS: Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2 and 13.3 Solution: New builds of Junos OS software are available from Juniper. CVSS Score: 4.0 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-5298 BugTraq ID: 66801 http://www.securityfocus.com/bid/66801 Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded Cisco Security Advisory: 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://seclists.org/fulldisclosure/2014/Dec/23 http://security.gentoo.org/glsa/glsa-201407-05.xml HPdes Security Advisory: HPSBGN03068 http://marc.info/?l=bugtraq&m=140544599631400&w=2 HPdes Security Advisory: HPSBHF03052 http://marc.info/?l=bugtraq&m=141658880509699&w=2 HPdes Security Advisory: HPSBMU03051 http://marc.info/?l=bugtraq&m=140448122410568&w=2 HPdes Security Advisory: HPSBMU03055 http://marc.info/?l=bugtraq&m=140431828824371&w=2 HPdes Security Advisory: HPSBMU03056 http://marc.info/?l=bugtraq&m=140389355508263&w=2 HPdes Security Advisory: HPSBMU03057 http://marc.info/?l=bugtraq&m=140389274407904&w=2 HPdes Security Advisory: HPSBMU03062 http://marc.info/?l=bugtraq&m=140752315422991&w=2 HPdes Security Advisory: HPSBMU03074 http://marc.info/?l=bugtraq&m=140621259019789&w=2 HPdes Security Advisory: HPSBMU03076 http://marc.info/?l=bugtraq&m=140904544427729&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2014:090 http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest http://openwall.com/lists/oss-security/2014/04/13/1 OpenBSD Security Advisory: [5.5] 004: SECURITY FIX: April 12, 2014 http://www.openbsd.org/errata55.html#004_openssl http://secunia.com/advisories/58337 http://secunia.com/advisories/58713 http://secunia.com/advisories/58939 http://secunia.com/advisories/58977 http://secunia.com/advisories/59162 http://secunia.com/advisories/59287 http://secunia.com/advisories/59300 http://secunia.com/advisories/59301 http://secunia.com/advisories/59342 http://secunia.com/advisories/59413 http://secunia.com/advisories/59437 http://secunia.com/advisories/59438 http://secunia.com/advisories/59440 http://secunia.com/advisories/59450 http://secunia.com/advisories/59490 http://secunia.com/advisories/59655 http://secunia.com/advisories/59666 http://secunia.com/advisories/59669 http://secunia.com/advisories/59721 SuSE Security Announcement: SUSE-SU-2015:0743 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.